Security Advisory Important: chromium-browser security update

Advisory: RHSA-2017:1228-1
Type: Security Advisory
Severity: Important
Issued on: 2017-05-11
Last updated on: 2017-05-11
Affected Products: Red Hat Enterprise Linux Desktop Supplementary (v. 6)
Red Hat Enterprise Linux Server Supplementary (v. 6)
Red Hat Enterprise Linux Workstation Supplementary (v. 6)
CVEs (cve.mitre.org): CVE-2017-5068

Details

An update for chromium-browser is now available for Red Hat Enterprise Linux 6
Supplementary.

Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives
a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.

Chromium is an open-source web browser, powered by WebKit (Blink).

This update upgrades Chromium to version 58.0.3029.96.

Security Fix(es):

* A flaw was found in the processing of malformed web content. A web page
containing malicious content could cause Chromium to crash, execute arbitrary
code, or disclose sensitive information when visited by the victim.
(CVE-2017-5068)


Solution

For details on how to apply this update, which includes the changes described in
this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Chromium must be restarted for the changes to take
effect.

Updated packages

Red Hat Enterprise Linux Desktop Supplementary (v. 6)

IA-32:
chromium-browser-58.0.3029.96-1.el6_9.i686.rpm
File outdated by:  RHSA-2017:1495
    MD5: b044b2eaddfba86f24b684c8a4d4d649
SHA-256: 787582a1559a7e8131216ffa1713c2ab97c1716da1e346cbc12257f4455b0778
chromium-browser-debuginfo-58.0.3029.96-1.el6_9.i686.rpm
File outdated by:  RHSA-2017:1495
    MD5: 5da66cc90d9864be531190363260baaa
SHA-256: 4c0cf4f630ba832947801d272ce5b5e32b15ded37272a3b4b44694f3293ae4e8
 
x86_64:
chromium-browser-58.0.3029.96-1.el6_9.x86_64.rpm
File outdated by:  RHSA-2017:1495
    MD5: 0b0d8b607347dfcf83078e5fc3555f6e
SHA-256: 4c2c68bc9b5943038644b645c89b6f28bbba7cf68b9e0b6bac2159204eb9315f
chromium-browser-debuginfo-58.0.3029.96-1.el6_9.x86_64.rpm
File outdated by:  RHSA-2017:1495
    MD5: 2cb6dc1a497635d5f3be310a3c619df5
SHA-256: aa40bbb872d341eb8fee7769d894366681bf411b125f6aaa8922e6826d92fc82
 
Red Hat Enterprise Linux Server Supplementary (v. 6)

IA-32:
chromium-browser-58.0.3029.96-1.el6_9.i686.rpm
File outdated by:  RHSA-2017:1495
    MD5: b044b2eaddfba86f24b684c8a4d4d649
SHA-256: 787582a1559a7e8131216ffa1713c2ab97c1716da1e346cbc12257f4455b0778
chromium-browser-debuginfo-58.0.3029.96-1.el6_9.i686.rpm
File outdated by:  RHSA-2017:1495
    MD5: 5da66cc90d9864be531190363260baaa
SHA-256: 4c0cf4f630ba832947801d272ce5b5e32b15ded37272a3b4b44694f3293ae4e8
 
x86_64:
chromium-browser-58.0.3029.96-1.el6_9.x86_64.rpm
File outdated by:  RHSA-2017:1495
    MD5: 0b0d8b607347dfcf83078e5fc3555f6e
SHA-256: 4c2c68bc9b5943038644b645c89b6f28bbba7cf68b9e0b6bac2159204eb9315f
chromium-browser-debuginfo-58.0.3029.96-1.el6_9.x86_64.rpm
File outdated by:  RHSA-2017:1495
    MD5: 2cb6dc1a497635d5f3be310a3c619df5
SHA-256: aa40bbb872d341eb8fee7769d894366681bf411b125f6aaa8922e6826d92fc82
 
Red Hat Enterprise Linux Workstation Supplementary (v. 6)

IA-32:
chromium-browser-58.0.3029.96-1.el6_9.i686.rpm
File outdated by:  RHSA-2017:1495
    MD5: b044b2eaddfba86f24b684c8a4d4d649
SHA-256: 787582a1559a7e8131216ffa1713c2ab97c1716da1e346cbc12257f4455b0778
chromium-browser-debuginfo-58.0.3029.96-1.el6_9.i686.rpm
File outdated by:  RHSA-2017:1495
    MD5: 5da66cc90d9864be531190363260baaa
SHA-256: 4c0cf4f630ba832947801d272ce5b5e32b15ded37272a3b4b44694f3293ae4e8
 
x86_64:
chromium-browser-58.0.3029.96-1.el6_9.x86_64.rpm
File outdated by:  RHSA-2017:1495
    MD5: 0b0d8b607347dfcf83078e5fc3555f6e
SHA-256: 4c2c68bc9b5943038644b645c89b6f28bbba7cf68b9e0b6bac2159204eb9315f
chromium-browser-debuginfo-58.0.3029.96-1.el6_9.x86_64.rpm
File outdated by:  RHSA-2017:1495
    MD5: 2cb6dc1a497635d5f3be310a3c619df5
SHA-256: aa40bbb872d341eb8fee7769d894366681bf411b125f6aaa8922e6826d92fc82
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

1448031 - CVE-2017-5068 chromium-browser: race condition in webrtc


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/