Fedora EPEL 7 updates-testing report
by updates@fedoraproject.org
The following Fedora EPEL 7 Security updates need testing:
Age URL
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-d0445178a9 cacti-1.2.27-1.el7 cacti-spine-1.2.27-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
chromium-125.0.6422.76-1.el7
fedora-license-data-1.47-1.el7
Details about builds:
================================================================================
chromium-125.0.6422.76-1.el7 (FEDORA-EPEL-2024-46d6266ef3)
A WebKit (Blink) powered web browser that Google doesn't want you to use
--------------------------------------------------------------------------------
Update Information:
update to 125.0.6422.76
High CVE-2024-5157: Use after free in Scheduling
High CVE-2024-5158: Type Confusion in V8
High CVE-2024-5159: Heap buffer overflow in ANGLE
High CVE-2024-5160: Heap buffer overflow in Dawn
update to 125.0.6422.60
High CVE-2024-4947: Type Confusion in V8
High CVE-2024-4948: Use after free in Dawn
Medium CVE-2024-4949: Use after free in V8
Low CVE-2024-4950: Inappropriate implementation in Downloads
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 22 2024 Than Ngo <than(a)redhat.com> - 125.0.6422.76-1
- fix bz#2282246, update to 125.0.6422.76
* High CVE-2024-5157: Use after free in Scheduling
* High CVE-2024-5158: Type Confusion in V8
* High CVE-2024-5159: Heap buffer overflow in ANGLE
* High CVE-2024-5160: Heap buffer overflow in Dawn
- cleanup
* Mon May 20 2024 Than Ngo <than(a)redhat.com> - 125.0.6422.60-3
- remove unneeded BRs
- workarounds for el7 build
* Sun May 19 2024 Than Ngo <than(a)redhat.com> - 125.0.6422.60-2
- fix build errors on el7
* Thu May 16 2024 Than Ngo <than(a)redhat.com> - 125.0.6422.60-1
- update to 125.0.6422.60
* High CVE-2024-4947: Type Confusion in V8
* High CVE-2024-4948: Use after free in Dawn
* Medium CVE-2024-4949: Use after free in V8
* Low CVE-2024-4950: Inappropriate implementation in Downloads
* Sun May 12 2024 Than Ngo <than(a)redhat.com> - 125.0.6422.41-1
- update to 125.0.6422.41
* Sat May 11 2024 Than Ngo <than(a)redhat.com> - 124.0.6367.201-2
- include headless_command_resources.pak for headless_shell
* Fri May 10 2024 Than Ngo <than(a)redhat.com> - 124.0.6367.201-1
- update to 124.0.6367.201
* High CVE-2024-4671: Use after free in Visuals
* Wed May 8 2024 Than Ngo <than(a)redhat.com> - 124.0.6367.155-1
- update to 124.0.6367.155
* High CVE-2024-4558: Use after free in ANGLE
* High CVE-2024-4559: Heap buffer overflow in WebAudio
* Sun May 5 2024 Than Ngo <than(a)redhat.com> - 124.0.6367.118-2
- fixed build errors on el8
- refreshed clean_ffmpeg.sh
- added missing files for bundle ffmpeg
* Wed May 1 2024 Than Ngo <than(a)redhat.com> - 124.0.6367.118-1
- update to 124.0.6367.118
* High CVE-2024-4331: Use after free in Picture In Picture
* High CVE-2024-4368: Use after free in Dawn
- use system highway
* Sat Apr 27 2024 Than Ngo <than(a)redhat.com> - 124.0.6367.91-1
- update to 124.0.6367.91
- fixed bz#2277228 - chromium wrapper causes library issues (symbol lookup error)
- use system dav1d
* Wed Apr 24 2024 Than Ngo <than(a)redhat.com> - 124.0.6367.78-1
- update to 124.0.6367.78
* Critical CVE-2024-4058: Type Confusion in ANGLE
* High CVE-2024-4059: Out of bounds read in V8 API
* High CVE-2024-4060: Use after free in Dawn
* Sat Apr 20 2024 Than Ngo <than(a)redhat.com> - 124.0.6367.60-2
- fix waylang regression
* Tue Apr 16 2024 Than Ngo <than(a)redhat.com> - 124.0.6367.60-1
- update to 124.0.6367.60
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2280247 - CVE-2024-4671 chromium: chromium-browser: use after free in Visuals [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2280247
[ 2 ] Bug #2280590 - CVE-2024-4761 chromium: chromium-browser: Out of bounds write in V8 [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2280590
[ 3 ] Bug #2280866 - CVE-2024-4950 chromium: chromium-browser: Inappropriate implementation in Downloads [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2280866
[ 4 ] Bug #2280870 - CVE-2024-4949 chromium: chromium-browser: Use after free in V8 [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2280870
[ 5 ] Bug #2282269 - headless_shell segfaults
https://bugzilla.redhat.com/show_bug.cgi?id=2282269
[ 6 ] Bug #2282818 - CVE-2024-5157 CVE-2024-5158 CVE-2024-5159 CVE-2024-5160 chromium: various flaws [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2282818
--------------------------------------------------------------------------------
================================================================================
fedora-license-data-1.47-1.el7 (FEDORA-EPEL-2024-ff8898e6ee)
Fedora Linux license data
--------------------------------------------------------------------------------
Update Information:
Automatic update for fedora-license-data-1.47-1.el7.
Changelog for fedora-license-data
* Thu May 23 2024 Miroslav Such�� <msuchy(a)redhat.com> 1.47-1
- add GPL-2.0-or-later WITH RRDtool-FLOSS-exception-2.0
- add text of ultrapermissive dedication from sublimehq
- add HPND-export2-US license
- add Gutmann license
- add HPND-merchantability-variant license
- fix case in license id of BSD-2-Clause-first-lines
- add HPND-export-US-acknowledgement license
- add HPND-Intel license
- add loguru public domain dedication
- add BSD-3-Clause WITH AdditionRef-OpenEXR-Additional-IP-Rights-Grant
- add HPND-sell-variant-MIT-disclaimer-rev license
- add GD license
- Add crc32 license found in libsurvive to UltraPermissive
- allow lower case variant
- add any-OSI license
- document dotnet* packages as exception for LicenseRef-ISO-8879
--------------------------------------------------------------------------------
ChangeLog:
* Thu May 23 2024 Miroslav Such�� <msuchy(a)redhat.com> 1.47-1
- add GPL-2.0-or-later WITH RRDtool-FLOSS-exception-2.0
- add text of ultrapermissive dedication from sublimehq
- add HPND-export2-US license
- add Gutmann license
- add HPND-merchantability-variant license
- fix case in license id of BSD-2-Clause-first-lines
- add HPND-export-US-acknowledgement license
- add HPND-Intel license
- add loguru public domain dedication
- add BSD-3-Clause WITH AdditionRef-OpenEXR-Additional-IP-Rights-Grant
- add HPND-sell-variant-MIT-disclaimer-rev license
- add GD license
- Add crc32 license found in libsurvive to UltraPermissive
- allow lower case variant
- add any-OSI license
- document dotnet* packages as exception for LicenseRef-ISO-8879
--------------------------------------------------------------------------------