1 概要:
现已发布修复多个安全漏洞的新版chromium-browser软件包,适用于Red Hat Enterprise Linux 6 Supplementary。
Red Hat安全响应小组已将这个更新归为重要安全影响。“参考”部分的CVE链接中给出了用于评估漏洞风险级别CVSS基础评分。
2 相关版本/架构
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, i686, x86_64
Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - i686, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, i686, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, i686, x86_64
3
问题描述:
Chromium是开源的Web浏览器,由WebKit驱动。
* chromium-browser: bluetooth 存在释放后重利用漏洞 (CVE-2019-13723)
* chromium-browser: bluetooth 存在越界访问漏洞 (CVE-2019-13724)
用户应升级到包含可修复这些问题的补丁。请重启系统以使更新生效。
3 解决办法:
在应用这个升级之前,确保已经应用了之前所发布的所有系统相关补丁。
可从Red Hat Network获得这个更新。有关如何使用Red Hat Network应用此更新的详
细信息请见http://kbase.redhat.com/faq/docs/DOC-11259。4 已修复Bug(http://bugzilla.redhat.com/ ):
1775340 - CVE-2019-13723 chromium-browser: use-after-free in bluetooth
1775351 - CVE-2019-13724 chromium-browser: out-of-bounds access in bluetooth
5 软件包列表:
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386:
chromium-browser-78.0.3904.108-1.el6_10.i686.rpm
chromium-browser-debuginfo-78.0.3904.108-1.el6_10.i686.rpm
i686:
chromium-browser-78.0.3904.108-1.el6_10.i686.rpm
chromium-browser-debuginfo-78.0.3904.108-1.el6_10.i686.rpm
x86_64:
chromium-browser-78.0.3904.108-1.el6_10.x86_64.rpm
chromium-browser-debuginfo-78.0.3904.108-1.el6_10.x86_64.rpm
Red Hat Enterprise Linux HPC Node Supplementary (v. 6):
i686:
chromium-browser-78.0.3904.108-1.el6_10.i686.rpm
chromium-browser-debuginfo-78.0.3904.108-1.el6_10.i686.rpm
x86_64:
chromium-browser-78.0.3904.108-1.el6_10.x86_64.rpm
chromium-browser-debuginfo-78.0.3904.108-1.el6_10.x86_64.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386:
chromium-browser-78.0.3904.108-1.el6_10.i686.rpm
chromium-browser-debuginfo-78.0.3904.108-1.el6_10.i686.rpm
i686:
chromium-browser-78.0.3904.108-1.el6_10.i686.rpm
chromium-browser-debuginfo-78.0.3904.108-1.el6_10.i686.rpm
x86_64:
chromium-browser-78.0.3904.108-1.el6_10.x86_64.rpm
chromium-browser-debuginfo-78.0.3904.108-1.el6_10.x86_64.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386:
chromium-browser-78.0.3904.108-1.el6_10.i686.rpm
chromium-browser-debuginfo-78.0.3904.108-1.el6_10.i686.rpm
i686:
chromium-browser-78.0.3904.108-1.el6_10.i686.rpm
chromium-browser-debuginfo-78.0.3904.108-1.el6_10.i686.rpm
x86_64:
chromium-browser-78.0.3904.108-1.el6_10.x86_64.rpm
chromium-browser-debuginfo-78.0.3904.108-1.el6_10.x86_64.rpm
6.参考:https://access.redhat.com/security/cve/CVE-2019-13723https://access.redhat.com/security/cve/CVE-2019-13724https://access.redhat.com/security/updates/classification/#important7 联系:
Red Hat安全问题联系是<secalert@redhat.com>。更多细节请见https://www.redhat.com/security/team/contact/
