Security Advisory Critical: chromium-browser security update

Advisory: RHSA-2017:0860-1
Type: Security Advisory
Severity: Critical
Issued on: 2017-03-31
Last updated on: 2017-03-31
Affected Products: Red Hat Enterprise Linux Desktop Supplementary (v. 6)
Red Hat Enterprise Linux Server Supplementary (v. 6)
Red Hat Enterprise Linux Workstation Supplementary (v. 6)
CVEs (cve.mitre.org): CVE-2017-5052
CVE-2017-5053
CVE-2017-5054
CVE-2017-5055
CVE-2017-5056

Details

An update for chromium-browser is now available for Red Hat Enterprise Linux 6
Supplementary.

Red Hat Product Security has rated this update as having a security impact of
Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a
detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.

Chromium is an open-source web browser, powered by WebKit (Blink).

This update upgrades Chromium to version 57.0.2987.133.

Security Fix(es):

* Multiple flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Chromium to crash, execute
arbitrary code, or disclose sensitive information when visited by the victim.
(CVE-2017-5055, CVE-2017-5052, CVE-2017-5053, CVE-2017-5054, CVE-2017-5056)


Solution

For details on how to apply this update, which includes the changes described in
this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Chromium must be restarted for the changes to take
effect.

Updated packages

Red Hat Enterprise Linux Desktop Supplementary (v. 6)

IA-32:
chromium-browser-57.0.2987.133-1.el6_9.i686.rpm
File outdated by:  RHSA-2017:1124
    MD5: 26543ab53633e00e7f3315aec8ff14d5
SHA-256: d87ae04985907c487abb7a0905b88a2149db21d6c4f373854eb68572f62fdc09
chromium-browser-debuginfo-57.0.2987.133-1.el6_9.i686.rpm
File outdated by:  RHSA-2017:1124
    MD5: 17be5a27d7ff1659703435cea3cdbb66
SHA-256: b924e9278577746eb956630eb3c02681b4d2c0d2bfdeb9dbb1fdc1deea5de7cc
 
x86_64:
chromium-browser-57.0.2987.133-1.el6_9.x86_64.rpm
File outdated by:  RHSA-2017:1124
    MD5: 9299f5b73eb1d5bfde06a68f3a2c91ee
SHA-256: 5d49c432d5a0cc3e799ff596e8e4cf1a3191bd64b2f45e4319400daba8d02796
chromium-browser-debuginfo-57.0.2987.133-1.el6_9.x86_64.rpm
File outdated by:  RHSA-2017:1124
    MD5: a6e1dcc9e3955e1ee45c1d11bc19c1f0
SHA-256: 8e95e15f3dcb9927c69f6a679d7027334af4f0376d86f7ac3bae195e25ab8385
 
Red Hat Enterprise Linux Server Supplementary (v. 6)

IA-32:
chromium-browser-57.0.2987.133-1.el6_9.i686.rpm
File outdated by:  RHSA-2017:1124
    MD5: 26543ab53633e00e7f3315aec8ff14d5
SHA-256: d87ae04985907c487abb7a0905b88a2149db21d6c4f373854eb68572f62fdc09
chromium-browser-debuginfo-57.0.2987.133-1.el6_9.i686.rpm
File outdated by:  RHSA-2017:1124
    MD5: 17be5a27d7ff1659703435cea3cdbb66
SHA-256: b924e9278577746eb956630eb3c02681b4d2c0d2bfdeb9dbb1fdc1deea5de7cc
 
x86_64:
chromium-browser-57.0.2987.133-1.el6_9.x86_64.rpm
File outdated by:  RHSA-2017:1124
    MD5: 9299f5b73eb1d5bfde06a68f3a2c91ee
SHA-256: 5d49c432d5a0cc3e799ff596e8e4cf1a3191bd64b2f45e4319400daba8d02796
chromium-browser-debuginfo-57.0.2987.133-1.el6_9.x86_64.rpm
File outdated by:  RHSA-2017:1124
    MD5: a6e1dcc9e3955e1ee45c1d11bc19c1f0
SHA-256: 8e95e15f3dcb9927c69f6a679d7027334af4f0376d86f7ac3bae195e25ab8385
 
Red Hat Enterprise Linux Workstation Supplementary (v. 6)

IA-32:
chromium-browser-57.0.2987.133-1.el6_9.i686.rpm
File outdated by:  RHSA-2017:1124
    MD5: 26543ab53633e00e7f3315aec8ff14d5
SHA-256: d87ae04985907c487abb7a0905b88a2149db21d6c4f373854eb68572f62fdc09
chromium-browser-debuginfo-57.0.2987.133-1.el6_9.i686.rpm
File outdated by:  RHSA-2017:1124
    MD5: 17be5a27d7ff1659703435cea3cdbb66
SHA-256: b924e9278577746eb956630eb3c02681b4d2c0d2bfdeb9dbb1fdc1deea5de7cc
 
x86_64:
chromium-browser-57.0.2987.133-1.el6_9.x86_64.rpm
File outdated by:  RHSA-2017:1124
    MD5: 9299f5b73eb1d5bfde06a68f3a2c91ee
SHA-256: 5d49c432d5a0cc3e799ff596e8e4cf1a3191bd64b2f45e4319400daba8d02796
chromium-browser-debuginfo-57.0.2987.133-1.el6_9.x86_64.rpm
File outdated by:  RHSA-2017:1124
    MD5: a6e1dcc9e3955e1ee45c1d11bc19c1f0
SHA-256: 8e95e15f3dcb9927c69f6a679d7027334af4f0376d86f7ac3bae195e25ab8385
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

1437348 - CVE-2017-5055 chromium-browser: use after free in printing
1437350 - CVE-2017-5054 chromium-browser: heap buffer overflow in v8
1437351 - CVE-2017-5052 chromium-browser: bad cast in blink
1437352 - CVE-2017-5056 chromium-browser: use after free in blink
1437353 - CVE-2017-5053 chromium-browser: out of bounds memory access in v8


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/