Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2016-2051
Vulnerability from cvelistv5
Published
2016-01-25 11:00
Modified
2024-08-05 23:17
Severity ?
EPSS score ?
Summary
Multiple unspecified vulnerabilities in Google V8 before 4.8.271.17, as used in Google Chrome before 48.0.2564.82, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:17:50.336Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2016:0072",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0072.html"
},
{
"name": "USN-2877-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2877-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html"
},
{
"name": "1034801",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034801"
},
{
"name": "81431",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/81431"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-01-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in Google V8 before 4.8.271.17, as used in Google Chrome before 48.0.2564.82, allow attackers to cause a denial of service or possibly have other impact via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-05T14:57:01",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"name": "RHSA-2016:0072",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0072.html"
},
{
"name": "USN-2877-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2877-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html"
},
{
"name": "1034801",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034801"
},
{
"name": "81431",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/81431"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2016-2051",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in Google V8 before 4.8.271.17, as used in Google Chrome before 48.0.2564.82, allow attackers to cause a denial of service or possibly have other impact via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2016:0072",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0072.html"
},
{
"name": "USN-2877-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2877-1"
},
{
"name": "http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html"
},
{
"name": "1034801",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034801"
},
{
"name": "81431",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/81431"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2016-2051",
"datePublished": "2016-01-25T11:00:00",
"dateReserved": "2016-01-24T00:00:00",
"dateUpdated": "2024-08-05T23:17:50.336Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"47.0.2526.111\", \"matchCriteriaId\": \"AFB52550-C3FC-4CDD-AA6E-500BD3304241\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_desktop_supplementary:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B8C6E104-EDBC-481E-85B8-D39ED2058D39\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server_supplementary:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4B74C62D-4A6D-4A4F-ADF6-A508322CD447\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server_supplementary_eus:6.7.z:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DCD167C9-1AAB-42DC-9D99-6E0810FEA558\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_workstation_supplementary:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6E89B38A-3697-46DD-BB3F-E8D2373588BE\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Multiple unspecified vulnerabilities in Google V8 before 4.8.271.17, as used in Google Chrome before 48.0.2564.82, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.\"}, {\"lang\": \"es\", \"value\": \"M\\u00faltiples vulnerabilidades no especificadas en Google V8 en versiones anteriores a 4.8.271.17, tal como se utiliza en Google Chrome en versiones anteriores a 48.0.2564.82, permiten a atacantes provocar una denegaci\\u00f3n de servicio o posiblemente tener otro impacto a trav\\u00e9s de vectores desconocidos.\"}]",
"id": "CVE-2016-2051",
"lastModified": "2024-11-21T02:47:41.813",
"metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:P\", \"baseScore\": 6.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2016-01-25T11:59:09.677",
"references": "[{\"url\": \"http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2016-0072.html\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"http://www.securityfocus.com/bid/81431\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"http://www.securitytracker.com/id/1034801\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"http://www.ubuntu.com/usn/USN-2877-1\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2016-0072.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/81431\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id/1034801\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.ubuntu.com/usn/USN-2877-1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "chrome-cve-admin@google.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2016-2051\",\"sourceIdentifier\":\"chrome-cve-admin@google.com\",\"published\":\"2016-01-25T11:59:09.677\",\"lastModified\":\"2024-11-21T02:47:41.813\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple unspecified vulnerabilities in Google V8 before 4.8.271.17, as used in Google Chrome before 48.0.2564.82, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.\"},{\"lang\":\"es\",\"value\":\"M\u00faltiples vulnerabilidades no especificadas en Google V8 en versiones anteriores a 4.8.271.17, tal como se utiliza en Google Chrome en versiones anteriores a 48.0.2564.82, permiten a atacantes provocar una denegaci\u00f3n de servicio o posiblemente tener otro impacto a trav\u00e9s de vectores desconocidos.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"47.0.2526.111\",\"matchCriteriaId\":\"AFB52550-C3FC-4CDD-AA6E-500BD3304241\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_desktop_supplementary:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8C6E104-EDBC-481E-85B8-D39ED2058D39\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_supplementary:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4B74C62D-4A6D-4A4F-ADF6-A508322CD447\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_supplementary_eus:6.7.z:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DCD167C9-1AAB-42DC-9D99-6E0810FEA558\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_workstation_supplementary:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6E89B38A-3697-46DD-BB3F-E8D2373588BE\"}]}]}],\"references\":[{\"url\":\"http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2016-0072.html\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://www.securityfocus.com/bid/81431\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://www.securitytracker.com/id/1034801\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://www.ubuntu.com/usn/USN-2877-1\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2016-0072.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/81431\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id/1034801\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.ubuntu.com/usn/USN-2877-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
rhsa-2016:0072
Vulnerability from csaf_redhat
Published
2016-01-27 11:26
Modified
2024-11-14 19:00
Summary
Red Hat Security Advisory: chromium-browser security update
Notes
Topic
Updated chromium-browser packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 6 Supplementary.
Red Hat Product Security has rated this update as having Important security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
Details
Chromium is an open-source web browser, powered by WebKit (Blink).
Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Chromium to crash, execute
arbitrary code, or disclose sensitive information when visited by the
victim. (CVE-2016-1612, CVE-2016-1613, CVE-2016-1614, CVE-2016-1615,
CVE-2016-1616, CVE-2016-1617, CVE-2016-1618, CVE-2016-1619, CVE-2016-1620,
CVE-2016-2051, CVE-2016-2052)
All Chromium users should upgrade to these updated packages, which
contain Chromium version 48.0.2564.82, which corrects these issues.
After installing the update, Chromium must be restarted for the changes
to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated chromium-browser packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having Important security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Chromium is an open-source web browser, powered by WebKit (Blink).\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Chromium to crash, execute\narbitrary code, or disclose sensitive information when visited by the\nvictim. (CVE-2016-1612, CVE-2016-1613, CVE-2016-1614, CVE-2016-1615,\nCVE-2016-1616, CVE-2016-1617, CVE-2016-1618, CVE-2016-1619, CVE-2016-1620,\nCVE-2016-2051, CVE-2016-2052)\n\nAll Chromium users should upgrade to these updated packages, which\ncontain Chromium version 48.0.2564.82, which corrects these issues.\nAfter installing the update, Chromium must be restarted for the changes\nto take effect.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2016:0072",
"url": "https://access.redhat.com/errata/RHSA-2016:0072"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html",
"url": "http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html"
},
{
"category": "external",
"summary": "1300988",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1300988"
},
{
"category": "external",
"summary": "1300989",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1300989"
},
{
"category": "external",
"summary": "1300990",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1300990"
},
{
"category": "external",
"summary": "1300991",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1300991"
},
{
"category": "external",
"summary": "1300992",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1300992"
},
{
"category": "external",
"summary": "1300993",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1300993"
},
{
"category": "external",
"summary": "1300994",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1300994"
},
{
"category": "external",
"summary": "1300995",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1300995"
},
{
"category": "external",
"summary": "1300996",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1300996"
},
{
"category": "external",
"summary": "1301550",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301550"
},
{
"category": "external",
"summary": "1301553",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301553"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2016/rhsa-2016_0072.json"
}
],
"title": "Red Hat Security Advisory: chromium-browser security update",
"tracking": {
"current_release_date": "2024-11-14T19:00:35+00:00",
"generator": {
"date": "2024-11-14T19:00:35+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2016:0072",
"initial_release_date": "2016-01-27T11:26:55+00:00",
"revision_history": [
{
"date": "2016-01-27T11:26:55+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2016-01-27T11:26:55+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-14T19:00:35+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.7.z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.7.z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.7.z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:6"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux Supplementary"
},
{
"branches": [
{
"category": "product_version",
"name": "chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"product": {
"name": "chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"product_id": "chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser@48.0.2564.82-1.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"product": {
"name": "chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"product_id": "chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser-debuginfo@48.0.2564.82-1.el6?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"product": {
"name": "chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"product_id": "chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser-debuginfo@48.0.2564.82-1.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "chromium-browser-0:48.0.2564.82-1.el6.i686",
"product": {
"name": "chromium-browser-0:48.0.2564.82-1.el6.i686",
"product_id": "chromium-browser-0:48.0.2564.82-1.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser@48.0.2564.82-1.el6?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:48.0.2564.82-1.el6.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686"
},
"product_reference": "chromium-browser-0:48.0.2564.82-1.el6.i686",
"relates_to_product_reference": "6Client-Supplementary-6.7.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:48.0.2564.82-1.el6.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64"
},
"product_reference": "chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"relates_to_product_reference": "6Client-Supplementary-6.7.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686"
},
"product_reference": "chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"relates_to_product_reference": "6Client-Supplementary-6.7.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64"
},
"product_reference": "chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"relates_to_product_reference": "6Client-Supplementary-6.7.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:48.0.2564.82-1.el6.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686"
},
"product_reference": "chromium-browser-0:48.0.2564.82-1.el6.i686",
"relates_to_product_reference": "6Server-Supplementary-6.7.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:48.0.2564.82-1.el6.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64"
},
"product_reference": "chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"relates_to_product_reference": "6Server-Supplementary-6.7.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686"
},
"product_reference": "chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"relates_to_product_reference": "6Server-Supplementary-6.7.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64"
},
"product_reference": "chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"relates_to_product_reference": "6Server-Supplementary-6.7.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:48.0.2564.82-1.el6.i686 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686"
},
"product_reference": "chromium-browser-0:48.0.2564.82-1.el6.i686",
"relates_to_product_reference": "6Workstation-Supplementary-6.7.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:48.0.2564.82-1.el6.x86_64 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64"
},
"product_reference": "chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"relates_to_product_reference": "6Workstation-Supplementary-6.7.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686"
},
"product_reference": "chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"relates_to_product_reference": "6Workstation-Supplementary-6.7.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64"
},
"product_reference": "chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"relates_to_product_reference": "6Workstation-Supplementary-6.7.z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-8947",
"discovery_date": "2016-01-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1301553"
}
],
"notes": [
{
"category": "description",
"text": "hb-ot-layout-gpos-table.hh in HarfBuzz before 1.0.5 allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via crafted data, a different vulnerability than CVE-2016-2052.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Multiple unspecified vulnerabilities in HarfBuzz before 1.0.6",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-8947"
},
{
"category": "external",
"summary": "RHBZ#1301553",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301553"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-8947",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8947"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-8947",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-8947"
}
],
"release_date": "2016-01-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-01-27T11:26:55+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:0072"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: Multiple unspecified vulnerabilities in HarfBuzz before 1.0.6"
},
{
"cve": "CVE-2016-1612",
"cwe": {
"id": "CWE-704",
"name": "Incorrect Type Conversion or Cast"
},
"discovery_date": "2016-01-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1300988"
}
],
"notes": [
{
"category": "description",
"text": "The LoadIC::UpdateCaches function in ic/ic.cc in Google V8, as used in Google Chrome before 48.0.2564.82, does not ensure receiver compatibility before performing a cast of an unspecified variable, which allows remote attackers to cause a denial of service or possibly have unknown other impact via crafted JavaScript code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: bad cast in V8",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-1612"
},
{
"category": "external",
"summary": "RHBZ#1300988",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1300988"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-1612",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1612"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-1612",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1612"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html",
"url": "http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html"
}
],
"release_date": "2016-01-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-01-27T11:26:55+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:0072"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: bad cast in V8"
},
{
"cve": "CVE-2016-1613",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2016-01-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1300989"
}
],
"notes": [
{
"category": "description",
"text": "Multiple use-after-free vulnerabilities in the formfiller implementation in PDFium, as used in Google Chrome before 48.0.2564.82, allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document, related to improper tracking of the destruction of (1) IPWL_FocusHandler and (2) IPWL_Provider objects.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: use-after-free in PDFium",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-1613"
},
{
"category": "external",
"summary": "RHBZ#1300989",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1300989"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-1613",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1613"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-1613",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1613"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html",
"url": "http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html"
}
],
"release_date": "2016-01-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-01-27T11:26:55+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:0072"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: use-after-free in PDFium"
},
{
"cve": "CVE-2016-1614",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2016-01-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1300990"
}
],
"notes": [
{
"category": "description",
"text": "The UnacceleratedImageBufferSurface class in WebKit/Source/platform/graphics/UnacceleratedImageBufferSurface.cpp in Blink, as used in Google Chrome before 48.0.2564.82, mishandles the initialization mode, which allows remote attackers to obtain sensitive information from process memory via a crafted web site.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: information leak in Blink",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-1614"
},
{
"category": "external",
"summary": "RHBZ#1300990",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1300990"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-1614",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1614"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-1614",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1614"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html",
"url": "http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html"
}
],
"release_date": "2016-01-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-01-27T11:26:55+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:0072"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: information leak in Blink"
},
{
"cve": "CVE-2016-1615",
"discovery_date": "2016-01-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1300991"
}
],
"notes": [
{
"category": "description",
"text": "The Omnibox implementation in Google Chrome before 48.0.2564.82 allows remote attackers to spoof a document\u0027s origin via unspecified vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: origin confusion in Omnibox",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-1615"
},
{
"category": "external",
"summary": "RHBZ#1300991",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1300991"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-1615",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1615"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-1615",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1615"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html",
"url": "http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html"
}
],
"release_date": "2016-01-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-01-27T11:26:55+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:0072"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: origin confusion in Omnibox"
},
{
"cve": "CVE-2016-1616",
"discovery_date": "2016-01-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1300992"
}
],
"notes": [
{
"category": "description",
"text": "The CustomButton::AcceleratorPressed function in ui/views/controls/button/custom_button.cc in Google Chrome before 48.0.2564.82 allows remote attackers to spoof URLs via vectors involving an unfocused custom button.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: various fixes from internal audits",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-1616"
},
{
"category": "external",
"summary": "RHBZ#1300992",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1300992"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-1616",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1616"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-1616",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1616"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html",
"url": "http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html"
}
],
"release_date": "2016-01-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-01-27T11:26:55+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:0072"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: various fixes from internal audits"
},
{
"cve": "CVE-2016-1617",
"discovery_date": "2016-01-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1300993"
}
],
"notes": [
{
"category": "description",
"text": "The CSPSource::schemeMatches function in WebKit/Source/core/frame/csp/CSPSource.cpp in the Content Security Policy (CSP) implementation in Blink, as used in Google Chrome before 48.0.2564.82, does not apply http policies to https URLs and does not apply ws policies to wss URLs, which makes it easier for remote attackers to determine whether a specific HSTS web site has been visited by reading a CSP report.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: various fixes from internal audits",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-1617"
},
{
"category": "external",
"summary": "RHBZ#1300993",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1300993"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-1617",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1617"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-1617",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1617"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html",
"url": "http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html"
}
],
"release_date": "2016-01-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-01-27T11:26:55+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:0072"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: various fixes from internal audits"
},
{
"cve": "CVE-2016-1618",
"cwe": {
"id": "CWE-338",
"name": "Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)"
},
"discovery_date": "2016-01-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1300994"
}
],
"notes": [
{
"category": "description",
"text": "Blink, as used in Google Chrome before 48.0.2564.82, does not ensure that a proper cryptographicallyRandomValues random number generator is used, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: weak random number generator in Blink",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-1618"
},
{
"category": "external",
"summary": "RHBZ#1300994",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1300994"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-1618",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1618"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-1618",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1618"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html",
"url": "http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html"
}
],
"release_date": "2016-01-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-01-27T11:26:55+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:0072"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: weak random number generator in Blink"
},
{
"cve": "CVE-2016-1619",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2016-01-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1300995"
}
],
"notes": [
{
"category": "description",
"text": "Multiple integer overflows in the (1) sycc422_to_rgb and (2) sycc444_to_rgb functions in fxcodec/codec/fx_codec_jpx_opj.cpp in PDFium, as used in Google Chrome before 48.0.2564.82, allow remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted PDF document.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: out-of-bounds read in PDFium",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-1619"
},
{
"category": "external",
"summary": "RHBZ#1300995",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1300995"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-1619",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1619"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-1619",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1619"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html",
"url": "http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html"
}
],
"release_date": "2016-01-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-01-27T11:26:55+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:0072"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: out-of-bounds read in PDFium"
},
{
"cve": "CVE-2016-1620",
"discovery_date": "2016-01-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1300996"
}
],
"notes": [
{
"category": "description",
"text": "Multiple unspecified vulnerabilities in Google Chrome before 48.0.2564.82 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: various fixes from internal audits",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-1620"
},
{
"category": "external",
"summary": "RHBZ#1300996",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1300996"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-1620",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1620"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-1620",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1620"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.fr/2016/01/stable-channel-update_20.html",
"url": "http://googlechromereleases.blogspot.fr/2016/01/stable-channel-update_20.html"
}
],
"release_date": "2016-01-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-01-27T11:26:55+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:0072"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: various fixes from internal audits"
},
{
"cve": "CVE-2016-2051",
"discovery_date": "2016-01-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1301550"
}
],
"notes": [
{
"category": "description",
"text": "Multiple unspecified vulnerabilities in Google V8 before 4.8.271.17, as used in Google Chrome before 48.0.2564.82, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Multiple unspecified vulnerabilities in Google V8 before 4.8.271.17",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-2051"
},
{
"category": "external",
"summary": "RHBZ#1301550",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301550"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-2051",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2051"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-2051",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2051"
}
],
"release_date": "2016-01-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-01-27T11:26:55+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:0072"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: Multiple unspecified vulnerabilities in Google V8 before 4.8.271.17"
},
{
"cve": "CVE-2016-2052",
"discovery_date": "2016-01-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1301553"
}
],
"notes": [
{
"category": "description",
"text": "Multiple unspecified vulnerabilities in HarfBuzz before 1.0.6, as used in Google Chrome before 48.0.2564.82, allow attackers to cause a denial of service or possibly have other impact via crafted data, as demonstrated by a buffer over-read resulting from an inverted length check in hb-ot-font.cc, a different issue than CVE-2015-8947.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Multiple unspecified vulnerabilities in HarfBuzz before 1.0.6",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-2052"
},
{
"category": "external",
"summary": "RHBZ#1301553",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301553"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-2052",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2052"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-2052",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2052"
}
],
"release_date": "2016-01-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-01-27T11:26:55+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:0072"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: Multiple unspecified vulnerabilities in HarfBuzz before 1.0.6"
}
]
}
RHSA-2016:0072
Vulnerability from csaf_redhat
Published
2016-01-27 11:26
Modified
2024-11-14 19:00
Summary
Red Hat Security Advisory: chromium-browser security update
Notes
Topic
Updated chromium-browser packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 6 Supplementary.
Red Hat Product Security has rated this update as having Important security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
Details
Chromium is an open-source web browser, powered by WebKit (Blink).
Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Chromium to crash, execute
arbitrary code, or disclose sensitive information when visited by the
victim. (CVE-2016-1612, CVE-2016-1613, CVE-2016-1614, CVE-2016-1615,
CVE-2016-1616, CVE-2016-1617, CVE-2016-1618, CVE-2016-1619, CVE-2016-1620,
CVE-2016-2051, CVE-2016-2052)
All Chromium users should upgrade to these updated packages, which
contain Chromium version 48.0.2564.82, which corrects these issues.
After installing the update, Chromium must be restarted for the changes
to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated chromium-browser packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having Important security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Chromium is an open-source web browser, powered by WebKit (Blink).\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Chromium to crash, execute\narbitrary code, or disclose sensitive information when visited by the\nvictim. (CVE-2016-1612, CVE-2016-1613, CVE-2016-1614, CVE-2016-1615,\nCVE-2016-1616, CVE-2016-1617, CVE-2016-1618, CVE-2016-1619, CVE-2016-1620,\nCVE-2016-2051, CVE-2016-2052)\n\nAll Chromium users should upgrade to these updated packages, which\ncontain Chromium version 48.0.2564.82, which corrects these issues.\nAfter installing the update, Chromium must be restarted for the changes\nto take effect.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2016:0072",
"url": "https://access.redhat.com/errata/RHSA-2016:0072"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html",
"url": "http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html"
},
{
"category": "external",
"summary": "1300988",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1300988"
},
{
"category": "external",
"summary": "1300989",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1300989"
},
{
"category": "external",
"summary": "1300990",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1300990"
},
{
"category": "external",
"summary": "1300991",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1300991"
},
{
"category": "external",
"summary": "1300992",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1300992"
},
{
"category": "external",
"summary": "1300993",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1300993"
},
{
"category": "external",
"summary": "1300994",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1300994"
},
{
"category": "external",
"summary": "1300995",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1300995"
},
{
"category": "external",
"summary": "1300996",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1300996"
},
{
"category": "external",
"summary": "1301550",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301550"
},
{
"category": "external",
"summary": "1301553",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301553"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2016/rhsa-2016_0072.json"
}
],
"title": "Red Hat Security Advisory: chromium-browser security update",
"tracking": {
"current_release_date": "2024-11-14T19:00:35+00:00",
"generator": {
"date": "2024-11-14T19:00:35+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2016:0072",
"initial_release_date": "2016-01-27T11:26:55+00:00",
"revision_history": [
{
"date": "2016-01-27T11:26:55+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2016-01-27T11:26:55+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-14T19:00:35+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.7.z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.7.z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.7.z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:6"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux Supplementary"
},
{
"branches": [
{
"category": "product_version",
"name": "chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"product": {
"name": "chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"product_id": "chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser@48.0.2564.82-1.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"product": {
"name": "chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"product_id": "chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser-debuginfo@48.0.2564.82-1.el6?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"product": {
"name": "chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"product_id": "chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser-debuginfo@48.0.2564.82-1.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "chromium-browser-0:48.0.2564.82-1.el6.i686",
"product": {
"name": "chromium-browser-0:48.0.2564.82-1.el6.i686",
"product_id": "chromium-browser-0:48.0.2564.82-1.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser@48.0.2564.82-1.el6?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:48.0.2564.82-1.el6.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686"
},
"product_reference": "chromium-browser-0:48.0.2564.82-1.el6.i686",
"relates_to_product_reference": "6Client-Supplementary-6.7.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:48.0.2564.82-1.el6.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64"
},
"product_reference": "chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"relates_to_product_reference": "6Client-Supplementary-6.7.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686"
},
"product_reference": "chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"relates_to_product_reference": "6Client-Supplementary-6.7.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64"
},
"product_reference": "chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"relates_to_product_reference": "6Client-Supplementary-6.7.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:48.0.2564.82-1.el6.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686"
},
"product_reference": "chromium-browser-0:48.0.2564.82-1.el6.i686",
"relates_to_product_reference": "6Server-Supplementary-6.7.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:48.0.2564.82-1.el6.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64"
},
"product_reference": "chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"relates_to_product_reference": "6Server-Supplementary-6.7.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686"
},
"product_reference": "chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"relates_to_product_reference": "6Server-Supplementary-6.7.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64"
},
"product_reference": "chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"relates_to_product_reference": "6Server-Supplementary-6.7.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:48.0.2564.82-1.el6.i686 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686"
},
"product_reference": "chromium-browser-0:48.0.2564.82-1.el6.i686",
"relates_to_product_reference": "6Workstation-Supplementary-6.7.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:48.0.2564.82-1.el6.x86_64 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64"
},
"product_reference": "chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"relates_to_product_reference": "6Workstation-Supplementary-6.7.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686"
},
"product_reference": "chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"relates_to_product_reference": "6Workstation-Supplementary-6.7.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64"
},
"product_reference": "chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"relates_to_product_reference": "6Workstation-Supplementary-6.7.z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-8947",
"discovery_date": "2016-01-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1301553"
}
],
"notes": [
{
"category": "description",
"text": "hb-ot-layout-gpos-table.hh in HarfBuzz before 1.0.5 allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via crafted data, a different vulnerability than CVE-2016-2052.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Multiple unspecified vulnerabilities in HarfBuzz before 1.0.6",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-8947"
},
{
"category": "external",
"summary": "RHBZ#1301553",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301553"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-8947",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8947"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-8947",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-8947"
}
],
"release_date": "2016-01-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-01-27T11:26:55+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:0072"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: Multiple unspecified vulnerabilities in HarfBuzz before 1.0.6"
},
{
"cve": "CVE-2016-1612",
"cwe": {
"id": "CWE-704",
"name": "Incorrect Type Conversion or Cast"
},
"discovery_date": "2016-01-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1300988"
}
],
"notes": [
{
"category": "description",
"text": "The LoadIC::UpdateCaches function in ic/ic.cc in Google V8, as used in Google Chrome before 48.0.2564.82, does not ensure receiver compatibility before performing a cast of an unspecified variable, which allows remote attackers to cause a denial of service or possibly have unknown other impact via crafted JavaScript code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: bad cast in V8",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-1612"
},
{
"category": "external",
"summary": "RHBZ#1300988",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1300988"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-1612",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1612"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-1612",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1612"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html",
"url": "http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html"
}
],
"release_date": "2016-01-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-01-27T11:26:55+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:0072"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: bad cast in V8"
},
{
"cve": "CVE-2016-1613",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2016-01-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1300989"
}
],
"notes": [
{
"category": "description",
"text": "Multiple use-after-free vulnerabilities in the formfiller implementation in PDFium, as used in Google Chrome before 48.0.2564.82, allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document, related to improper tracking of the destruction of (1) IPWL_FocusHandler and (2) IPWL_Provider objects.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: use-after-free in PDFium",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-1613"
},
{
"category": "external",
"summary": "RHBZ#1300989",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1300989"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-1613",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1613"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-1613",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1613"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html",
"url": "http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html"
}
],
"release_date": "2016-01-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-01-27T11:26:55+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:0072"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: use-after-free in PDFium"
},
{
"cve": "CVE-2016-1614",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2016-01-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1300990"
}
],
"notes": [
{
"category": "description",
"text": "The UnacceleratedImageBufferSurface class in WebKit/Source/platform/graphics/UnacceleratedImageBufferSurface.cpp in Blink, as used in Google Chrome before 48.0.2564.82, mishandles the initialization mode, which allows remote attackers to obtain sensitive information from process memory via a crafted web site.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: information leak in Blink",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-1614"
},
{
"category": "external",
"summary": "RHBZ#1300990",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1300990"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-1614",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1614"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-1614",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1614"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html",
"url": "http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html"
}
],
"release_date": "2016-01-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-01-27T11:26:55+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:0072"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: information leak in Blink"
},
{
"cve": "CVE-2016-1615",
"discovery_date": "2016-01-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1300991"
}
],
"notes": [
{
"category": "description",
"text": "The Omnibox implementation in Google Chrome before 48.0.2564.82 allows remote attackers to spoof a document\u0027s origin via unspecified vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: origin confusion in Omnibox",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-1615"
},
{
"category": "external",
"summary": "RHBZ#1300991",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1300991"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-1615",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1615"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-1615",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1615"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html",
"url": "http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html"
}
],
"release_date": "2016-01-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-01-27T11:26:55+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:0072"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: origin confusion in Omnibox"
},
{
"cve": "CVE-2016-1616",
"discovery_date": "2016-01-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1300992"
}
],
"notes": [
{
"category": "description",
"text": "The CustomButton::AcceleratorPressed function in ui/views/controls/button/custom_button.cc in Google Chrome before 48.0.2564.82 allows remote attackers to spoof URLs via vectors involving an unfocused custom button.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: various fixes from internal audits",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-1616"
},
{
"category": "external",
"summary": "RHBZ#1300992",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1300992"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-1616",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1616"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-1616",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1616"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html",
"url": "http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html"
}
],
"release_date": "2016-01-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-01-27T11:26:55+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:0072"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: various fixes from internal audits"
},
{
"cve": "CVE-2016-1617",
"discovery_date": "2016-01-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1300993"
}
],
"notes": [
{
"category": "description",
"text": "The CSPSource::schemeMatches function in WebKit/Source/core/frame/csp/CSPSource.cpp in the Content Security Policy (CSP) implementation in Blink, as used in Google Chrome before 48.0.2564.82, does not apply http policies to https URLs and does not apply ws policies to wss URLs, which makes it easier for remote attackers to determine whether a specific HSTS web site has been visited by reading a CSP report.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: various fixes from internal audits",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-1617"
},
{
"category": "external",
"summary": "RHBZ#1300993",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1300993"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-1617",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1617"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-1617",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1617"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html",
"url": "http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html"
}
],
"release_date": "2016-01-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-01-27T11:26:55+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:0072"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: various fixes from internal audits"
},
{
"cve": "CVE-2016-1618",
"cwe": {
"id": "CWE-338",
"name": "Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)"
},
"discovery_date": "2016-01-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1300994"
}
],
"notes": [
{
"category": "description",
"text": "Blink, as used in Google Chrome before 48.0.2564.82, does not ensure that a proper cryptographicallyRandomValues random number generator is used, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: weak random number generator in Blink",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-1618"
},
{
"category": "external",
"summary": "RHBZ#1300994",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1300994"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-1618",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1618"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-1618",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1618"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html",
"url": "http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html"
}
],
"release_date": "2016-01-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-01-27T11:26:55+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:0072"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: weak random number generator in Blink"
},
{
"cve": "CVE-2016-1619",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2016-01-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1300995"
}
],
"notes": [
{
"category": "description",
"text": "Multiple integer overflows in the (1) sycc422_to_rgb and (2) sycc444_to_rgb functions in fxcodec/codec/fx_codec_jpx_opj.cpp in PDFium, as used in Google Chrome before 48.0.2564.82, allow remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted PDF document.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: out-of-bounds read in PDFium",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-1619"
},
{
"category": "external",
"summary": "RHBZ#1300995",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1300995"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-1619",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1619"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-1619",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1619"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html",
"url": "http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html"
}
],
"release_date": "2016-01-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-01-27T11:26:55+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:0072"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: out-of-bounds read in PDFium"
},
{
"cve": "CVE-2016-1620",
"discovery_date": "2016-01-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1300996"
}
],
"notes": [
{
"category": "description",
"text": "Multiple unspecified vulnerabilities in Google Chrome before 48.0.2564.82 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: various fixes from internal audits",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-1620"
},
{
"category": "external",
"summary": "RHBZ#1300996",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1300996"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-1620",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1620"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-1620",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1620"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.fr/2016/01/stable-channel-update_20.html",
"url": "http://googlechromereleases.blogspot.fr/2016/01/stable-channel-update_20.html"
}
],
"release_date": "2016-01-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-01-27T11:26:55+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:0072"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: various fixes from internal audits"
},
{
"cve": "CVE-2016-2051",
"discovery_date": "2016-01-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1301550"
}
],
"notes": [
{
"category": "description",
"text": "Multiple unspecified vulnerabilities in Google V8 before 4.8.271.17, as used in Google Chrome before 48.0.2564.82, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Multiple unspecified vulnerabilities in Google V8 before 4.8.271.17",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-2051"
},
{
"category": "external",
"summary": "RHBZ#1301550",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301550"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-2051",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2051"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-2051",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2051"
}
],
"release_date": "2016-01-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-01-27T11:26:55+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:0072"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: Multiple unspecified vulnerabilities in Google V8 before 4.8.271.17"
},
{
"cve": "CVE-2016-2052",
"discovery_date": "2016-01-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1301553"
}
],
"notes": [
{
"category": "description",
"text": "Multiple unspecified vulnerabilities in HarfBuzz before 1.0.6, as used in Google Chrome before 48.0.2564.82, allow attackers to cause a denial of service or possibly have other impact via crafted data, as demonstrated by a buffer over-read resulting from an inverted length check in hb-ot-font.cc, a different issue than CVE-2015-8947.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Multiple unspecified vulnerabilities in HarfBuzz before 1.0.6",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-2052"
},
{
"category": "external",
"summary": "RHBZ#1301553",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301553"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-2052",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2052"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-2052",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2052"
}
],
"release_date": "2016-01-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-01-27T11:26:55+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:0072"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: Multiple unspecified vulnerabilities in HarfBuzz before 1.0.6"
}
]
}
rhsa-2016_0072
Vulnerability from csaf_redhat
Published
2016-01-27 11:26
Modified
2024-11-14 19:00
Summary
Red Hat Security Advisory: chromium-browser security update
Notes
Topic
Updated chromium-browser packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 6 Supplementary.
Red Hat Product Security has rated this update as having Important security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
Details
Chromium is an open-source web browser, powered by WebKit (Blink).
Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Chromium to crash, execute
arbitrary code, or disclose sensitive information when visited by the
victim. (CVE-2016-1612, CVE-2016-1613, CVE-2016-1614, CVE-2016-1615,
CVE-2016-1616, CVE-2016-1617, CVE-2016-1618, CVE-2016-1619, CVE-2016-1620,
CVE-2016-2051, CVE-2016-2052)
All Chromium users should upgrade to these updated packages, which
contain Chromium version 48.0.2564.82, which corrects these issues.
After installing the update, Chromium must be restarted for the changes
to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated chromium-browser packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having Important security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Chromium is an open-source web browser, powered by WebKit (Blink).\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Chromium to crash, execute\narbitrary code, or disclose sensitive information when visited by the\nvictim. (CVE-2016-1612, CVE-2016-1613, CVE-2016-1614, CVE-2016-1615,\nCVE-2016-1616, CVE-2016-1617, CVE-2016-1618, CVE-2016-1619, CVE-2016-1620,\nCVE-2016-2051, CVE-2016-2052)\n\nAll Chromium users should upgrade to these updated packages, which\ncontain Chromium version 48.0.2564.82, which corrects these issues.\nAfter installing the update, Chromium must be restarted for the changes\nto take effect.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2016:0072",
"url": "https://access.redhat.com/errata/RHSA-2016:0072"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html",
"url": "http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html"
},
{
"category": "external",
"summary": "1300988",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1300988"
},
{
"category": "external",
"summary": "1300989",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1300989"
},
{
"category": "external",
"summary": "1300990",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1300990"
},
{
"category": "external",
"summary": "1300991",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1300991"
},
{
"category": "external",
"summary": "1300992",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1300992"
},
{
"category": "external",
"summary": "1300993",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1300993"
},
{
"category": "external",
"summary": "1300994",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1300994"
},
{
"category": "external",
"summary": "1300995",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1300995"
},
{
"category": "external",
"summary": "1300996",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1300996"
},
{
"category": "external",
"summary": "1301550",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301550"
},
{
"category": "external",
"summary": "1301553",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301553"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2016/rhsa-2016_0072.json"
}
],
"title": "Red Hat Security Advisory: chromium-browser security update",
"tracking": {
"current_release_date": "2024-11-14T19:00:35+00:00",
"generator": {
"date": "2024-11-14T19:00:35+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2016:0072",
"initial_release_date": "2016-01-27T11:26:55+00:00",
"revision_history": [
{
"date": "2016-01-27T11:26:55+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2016-01-27T11:26:55+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-14T19:00:35+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.7.z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.7.z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.7.z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:6"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux Supplementary"
},
{
"branches": [
{
"category": "product_version",
"name": "chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"product": {
"name": "chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"product_id": "chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser@48.0.2564.82-1.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"product": {
"name": "chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"product_id": "chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser-debuginfo@48.0.2564.82-1.el6?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"product": {
"name": "chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"product_id": "chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser-debuginfo@48.0.2564.82-1.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "chromium-browser-0:48.0.2564.82-1.el6.i686",
"product": {
"name": "chromium-browser-0:48.0.2564.82-1.el6.i686",
"product_id": "chromium-browser-0:48.0.2564.82-1.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser@48.0.2564.82-1.el6?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:48.0.2564.82-1.el6.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686"
},
"product_reference": "chromium-browser-0:48.0.2564.82-1.el6.i686",
"relates_to_product_reference": "6Client-Supplementary-6.7.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:48.0.2564.82-1.el6.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64"
},
"product_reference": "chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"relates_to_product_reference": "6Client-Supplementary-6.7.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686"
},
"product_reference": "chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"relates_to_product_reference": "6Client-Supplementary-6.7.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64"
},
"product_reference": "chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"relates_to_product_reference": "6Client-Supplementary-6.7.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:48.0.2564.82-1.el6.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686"
},
"product_reference": "chromium-browser-0:48.0.2564.82-1.el6.i686",
"relates_to_product_reference": "6Server-Supplementary-6.7.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:48.0.2564.82-1.el6.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64"
},
"product_reference": "chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"relates_to_product_reference": "6Server-Supplementary-6.7.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686"
},
"product_reference": "chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"relates_to_product_reference": "6Server-Supplementary-6.7.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64"
},
"product_reference": "chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"relates_to_product_reference": "6Server-Supplementary-6.7.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:48.0.2564.82-1.el6.i686 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686"
},
"product_reference": "chromium-browser-0:48.0.2564.82-1.el6.i686",
"relates_to_product_reference": "6Workstation-Supplementary-6.7.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:48.0.2564.82-1.el6.x86_64 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64"
},
"product_reference": "chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"relates_to_product_reference": "6Workstation-Supplementary-6.7.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686"
},
"product_reference": "chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"relates_to_product_reference": "6Workstation-Supplementary-6.7.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64"
},
"product_reference": "chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"relates_to_product_reference": "6Workstation-Supplementary-6.7.z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-8947",
"discovery_date": "2016-01-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1301553"
}
],
"notes": [
{
"category": "description",
"text": "hb-ot-layout-gpos-table.hh in HarfBuzz before 1.0.5 allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via crafted data, a different vulnerability than CVE-2016-2052.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Multiple unspecified vulnerabilities in HarfBuzz before 1.0.6",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-8947"
},
{
"category": "external",
"summary": "RHBZ#1301553",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301553"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-8947",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8947"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-8947",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-8947"
}
],
"release_date": "2016-01-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-01-27T11:26:55+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:0072"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: Multiple unspecified vulnerabilities in HarfBuzz before 1.0.6"
},
{
"cve": "CVE-2016-1612",
"cwe": {
"id": "CWE-704",
"name": "Incorrect Type Conversion or Cast"
},
"discovery_date": "2016-01-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1300988"
}
],
"notes": [
{
"category": "description",
"text": "The LoadIC::UpdateCaches function in ic/ic.cc in Google V8, as used in Google Chrome before 48.0.2564.82, does not ensure receiver compatibility before performing a cast of an unspecified variable, which allows remote attackers to cause a denial of service or possibly have unknown other impact via crafted JavaScript code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: bad cast in V8",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-1612"
},
{
"category": "external",
"summary": "RHBZ#1300988",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1300988"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-1612",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1612"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-1612",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1612"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html",
"url": "http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html"
}
],
"release_date": "2016-01-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-01-27T11:26:55+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:0072"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: bad cast in V8"
},
{
"cve": "CVE-2016-1613",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2016-01-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1300989"
}
],
"notes": [
{
"category": "description",
"text": "Multiple use-after-free vulnerabilities in the formfiller implementation in PDFium, as used in Google Chrome before 48.0.2564.82, allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document, related to improper tracking of the destruction of (1) IPWL_FocusHandler and (2) IPWL_Provider objects.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: use-after-free in PDFium",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-1613"
},
{
"category": "external",
"summary": "RHBZ#1300989",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1300989"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-1613",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1613"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-1613",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1613"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html",
"url": "http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html"
}
],
"release_date": "2016-01-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-01-27T11:26:55+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:0072"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: use-after-free in PDFium"
},
{
"cve": "CVE-2016-1614",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2016-01-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1300990"
}
],
"notes": [
{
"category": "description",
"text": "The UnacceleratedImageBufferSurface class in WebKit/Source/platform/graphics/UnacceleratedImageBufferSurface.cpp in Blink, as used in Google Chrome before 48.0.2564.82, mishandles the initialization mode, which allows remote attackers to obtain sensitive information from process memory via a crafted web site.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: information leak in Blink",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-1614"
},
{
"category": "external",
"summary": "RHBZ#1300990",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1300990"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-1614",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1614"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-1614",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1614"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html",
"url": "http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html"
}
],
"release_date": "2016-01-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-01-27T11:26:55+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:0072"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: information leak in Blink"
},
{
"cve": "CVE-2016-1615",
"discovery_date": "2016-01-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1300991"
}
],
"notes": [
{
"category": "description",
"text": "The Omnibox implementation in Google Chrome before 48.0.2564.82 allows remote attackers to spoof a document\u0027s origin via unspecified vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: origin confusion in Omnibox",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-1615"
},
{
"category": "external",
"summary": "RHBZ#1300991",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1300991"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-1615",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1615"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-1615",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1615"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html",
"url": "http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html"
}
],
"release_date": "2016-01-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-01-27T11:26:55+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:0072"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: origin confusion in Omnibox"
},
{
"cve": "CVE-2016-1616",
"discovery_date": "2016-01-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1300992"
}
],
"notes": [
{
"category": "description",
"text": "The CustomButton::AcceleratorPressed function in ui/views/controls/button/custom_button.cc in Google Chrome before 48.0.2564.82 allows remote attackers to spoof URLs via vectors involving an unfocused custom button.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: various fixes from internal audits",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-1616"
},
{
"category": "external",
"summary": "RHBZ#1300992",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1300992"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-1616",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1616"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-1616",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1616"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html",
"url": "http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html"
}
],
"release_date": "2016-01-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-01-27T11:26:55+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:0072"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: various fixes from internal audits"
},
{
"cve": "CVE-2016-1617",
"discovery_date": "2016-01-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1300993"
}
],
"notes": [
{
"category": "description",
"text": "The CSPSource::schemeMatches function in WebKit/Source/core/frame/csp/CSPSource.cpp in the Content Security Policy (CSP) implementation in Blink, as used in Google Chrome before 48.0.2564.82, does not apply http policies to https URLs and does not apply ws policies to wss URLs, which makes it easier for remote attackers to determine whether a specific HSTS web site has been visited by reading a CSP report.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: various fixes from internal audits",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-1617"
},
{
"category": "external",
"summary": "RHBZ#1300993",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1300993"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-1617",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1617"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-1617",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1617"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html",
"url": "http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html"
}
],
"release_date": "2016-01-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-01-27T11:26:55+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:0072"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: various fixes from internal audits"
},
{
"cve": "CVE-2016-1618",
"cwe": {
"id": "CWE-338",
"name": "Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)"
},
"discovery_date": "2016-01-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1300994"
}
],
"notes": [
{
"category": "description",
"text": "Blink, as used in Google Chrome before 48.0.2564.82, does not ensure that a proper cryptographicallyRandomValues random number generator is used, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: weak random number generator in Blink",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-1618"
},
{
"category": "external",
"summary": "RHBZ#1300994",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1300994"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-1618",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1618"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-1618",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1618"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html",
"url": "http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html"
}
],
"release_date": "2016-01-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-01-27T11:26:55+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:0072"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: weak random number generator in Blink"
},
{
"cve": "CVE-2016-1619",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2016-01-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1300995"
}
],
"notes": [
{
"category": "description",
"text": "Multiple integer overflows in the (1) sycc422_to_rgb and (2) sycc444_to_rgb functions in fxcodec/codec/fx_codec_jpx_opj.cpp in PDFium, as used in Google Chrome before 48.0.2564.82, allow remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted PDF document.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: out-of-bounds read in PDFium",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-1619"
},
{
"category": "external",
"summary": "RHBZ#1300995",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1300995"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-1619",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1619"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-1619",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1619"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html",
"url": "http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html"
}
],
"release_date": "2016-01-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-01-27T11:26:55+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:0072"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: out-of-bounds read in PDFium"
},
{
"cve": "CVE-2016-1620",
"discovery_date": "2016-01-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1300996"
}
],
"notes": [
{
"category": "description",
"text": "Multiple unspecified vulnerabilities in Google Chrome before 48.0.2564.82 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: various fixes from internal audits",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-1620"
},
{
"category": "external",
"summary": "RHBZ#1300996",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1300996"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-1620",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1620"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-1620",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1620"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.fr/2016/01/stable-channel-update_20.html",
"url": "http://googlechromereleases.blogspot.fr/2016/01/stable-channel-update_20.html"
}
],
"release_date": "2016-01-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-01-27T11:26:55+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:0072"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: various fixes from internal audits"
},
{
"cve": "CVE-2016-2051",
"discovery_date": "2016-01-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1301550"
}
],
"notes": [
{
"category": "description",
"text": "Multiple unspecified vulnerabilities in Google V8 before 4.8.271.17, as used in Google Chrome before 48.0.2564.82, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Multiple unspecified vulnerabilities in Google V8 before 4.8.271.17",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-2051"
},
{
"category": "external",
"summary": "RHBZ#1301550",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301550"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-2051",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2051"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-2051",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2051"
}
],
"release_date": "2016-01-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-01-27T11:26:55+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:0072"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: Multiple unspecified vulnerabilities in Google V8 before 4.8.271.17"
},
{
"cve": "CVE-2016-2052",
"discovery_date": "2016-01-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1301553"
}
],
"notes": [
{
"category": "description",
"text": "Multiple unspecified vulnerabilities in HarfBuzz before 1.0.6, as used in Google Chrome before 48.0.2564.82, allow attackers to cause a denial of service or possibly have other impact via crafted data, as demonstrated by a buffer over-read resulting from an inverted length check in hb-ot-font.cc, a different issue than CVE-2015-8947.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Multiple unspecified vulnerabilities in HarfBuzz before 1.0.6",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-2052"
},
{
"category": "external",
"summary": "RHBZ#1301553",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301553"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-2052",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2052"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-2052",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2052"
}
],
"release_date": "2016-01-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-01-27T11:26:55+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:0072"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-0:48.0.2564.82-1.el6.x86_64",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.i686",
"6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:48.0.2564.82-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: Multiple unspecified vulnerabilities in HarfBuzz before 1.0.6"
}
]
}
CVE-2016-2051
Vulnerability from fkie_nvd
Published
2016-01-25 11:59
Modified
2024-11-21 02:47
Severity ?
Summary
Multiple unspecified vulnerabilities in Google V8 before 4.8.271.17, as used in Google Chrome before 48.0.2564.82, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| chrome | * | ||
| redhat | enterprise_linux_desktop_supplementary | 6.0 | |
| redhat | enterprise_linux_server_supplementary | 6.0 | |
| redhat | enterprise_linux_server_supplementary_eus | 6.7.z | |
| redhat | enterprise_linux_workstation_supplementary | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AFB52550-C3FC-4CDD-AA6E-500BD3304241",
"versionEndIncluding": "47.0.2526.111",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop_supplementary:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B8C6E104-EDBC-481E-85B8-D39ED2058D39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_supplementary:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4B74C62D-4A6D-4A4F-ADF6-A508322CD447",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_supplementary_eus:6.7.z:*:*:*:*:*:*:*",
"matchCriteriaId": "DCD167C9-1AAB-42DC-9D99-6E0810FEA558",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation_supplementary:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6E89B38A-3697-46DD-BB3F-E8D2373588BE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in Google V8 before 4.8.271.17, as used in Google Chrome before 48.0.2564.82, allow attackers to cause a denial of service or possibly have other impact via unknown vectors."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades no especificadas en Google V8 en versiones anteriores a 4.8.271.17, tal como se utiliza en Google Chrome en versiones anteriores a 48.0.2564.82, permiten a atacantes provocar una denegaci\u00f3n de servicio o posiblemente tener otro impacto a trav\u00e9s de vectores desconocidos."
}
],
"id": "CVE-2016-2051",
"lastModified": "2024-11-21T02:47:41.813",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-01-25T11:59:09.677",
"references": [
{
"source": "chrome-cve-admin@google.com",
"url": "http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0072.html"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://www.securityfocus.com/bid/81431"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://www.securitytracker.com/id/1034801"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://www.ubuntu.com/usn/USN-2877-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0072.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/81431"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1034801"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2877-1"
}
],
"sourceIdentifier": "chrome-cve-admin@google.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
gsd-2016-2051
Vulnerability from gsd
Modified
2023-12-13 01:21
Details
Multiple unspecified vulnerabilities in Google V8 before 4.8.271.17, as used in Google Chrome before 48.0.2564.82, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2016-2051",
"description": "Multiple unspecified vulnerabilities in Google V8 before 4.8.271.17, as used in Google Chrome before 48.0.2564.82, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.",
"id": "GSD-2016-2051",
"references": [
"https://www.suse.com/security/cve/CVE-2016-2051.html",
"https://access.redhat.com/errata/RHSA-2016:0072",
"https://ubuntu.com/security/CVE-2016-2051"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2016-2051"
],
"details": "Multiple unspecified vulnerabilities in Google V8 before 4.8.271.17, as used in Google Chrome before 48.0.2564.82, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.",
"id": "GSD-2016-2051",
"modified": "2023-12-13T01:21:19.629530Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2016-2051",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in Google V8 before 4.8.271.17, as used in Google Chrome before 48.0.2564.82, allow attackers to cause a denial of service or possibly have other impact via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2016:0072",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0072.html"
},
{
"name": "USN-2877-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2877-1"
},
{
"name": "http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html"
},
{
"name": "1034801",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034801"
},
{
"name": "81431",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/81431"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "47.0.2526.111",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_supplementary_eus:6.7.z:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_supplementary:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop_supplementary:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation_supplementary:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2016-2051"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in Google V8 before 4.8.271.17, as used in Google Chrome before 48.0.2564.82, allow attackers to cause a denial of service or possibly have other impact via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html"
},
{
"name": "81431",
"refsource": "BID",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/81431"
},
{
"name": "RHSA-2016:0072",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0072.html"
},
{
"name": "1034801",
"refsource": "SECTRACK",
"tags": [],
"url": "http://www.securitytracker.com/id/1034801"
},
{
"name": "USN-2877-1",
"refsource": "UBUNTU",
"tags": [],
"url": "http://www.ubuntu.com/usn/USN-2877-1"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
},
"lastModifiedDate": "2016-12-07T18:33Z",
"publishedDate": "2016-01-25T11:59Z"
}
}
}
ghsa-3m6g-295f-v8cf
Vulnerability from github
Published
2022-05-17 03:24
Modified
2022-05-17 03:24
Severity ?
Details
Multiple unspecified vulnerabilities in Google V8 before 4.8.271.17, as used in Google Chrome before 48.0.2564.82, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
{
"affected": [],
"aliases": [
"CVE-2016-2051"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2016-01-25T11:59:00Z",
"severity": "CRITICAL"
},
"details": "Multiple unspecified vulnerabilities in Google V8 before 4.8.271.17, as used in Google Chrome before 48.0.2564.82, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.",
"id": "GHSA-3m6g-295f-v8cf",
"modified": "2022-05-17T03:24:13Z",
"published": "2022-05-17T03:24:13Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2051"
},
{
"type": "WEB",
"url": "http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0072.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/81431"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1034801"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-2877-1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.