-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2020-17149a4f3d 2020-03-27 07:58:57.670570 --------------------------------------------------------------------------------
Name : chromium Product : Fedora 32 Version : 80.0.3987.149 Release : 1.fc32 URL : http://www.chromium.org/Home Summary : A WebKit (Blink) powered web browser Description : Chromium is an open-source web browser, powered by WebKit (Blink).
-------------------------------------------------------------------------------- Update Information:
Update to 80.0.3987.149. Upstream says it fixes "13" security issues, but only lists these CVEs: * CVE-2020-6422: Use after free in WebGL * CVE-2020-6424: Use after free in media * CVE-2020-6425: Insufficient policy enforcement in extensions. * CVE-2020-6426: Inappropriate implementation in V8 * CVE-2020-6427: Use after free in audio * CVE-2020-6428: Use after free in audio * CVE-2020-6429: Use after free in audio. * CVE-2019-20503: Out of bounds read in usersctplib. * CVE-2020-6449: Use after free in audio -------------------------------------------------------------------------------- ChangeLog:
* Wed Mar 18 2020 Tom Callaway spot@fedoraproject.org - 80.0.3987.149-1 - update to 80.0.3987.149 * Thu Feb 27 2020 Tom Callaway spot@fedoraproject.org - 80.0.3987.132-1 - update to 80.0.3987.132 - disable C++17 changes (this means f32+ will no longer build, but it segfaulted immediately) * Thu Feb 27 2020 Tom Callaway spot@fedoraproject.org - 80.0.3987.122-1 - update to 80.0.3987.122 * Mon Feb 17 2020 Tom Callaway spot@fedoraproject.org - 80.0.3987.106-1 - update to 80.0.3987.106 * Wed Feb 5 2020 Tom Callaway spot@fedoraproject.org - 80.0.3987.87-1 - update to 80.0.3987.87 * Tue Jan 28 2020 Fedora Release Engineering releng@fedoraproject.org - 79.0.3945.130-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1815241 - CVE-2020-6424 chromium-browser: Use after free in media https://bugzilla.redhat.com/show_bug.cgi?id=1815241 [ 2 ] Bug #1815242 - CVE-2020-6425 chromium-browser: Insufficient policy enforcement in extensions https://bugzilla.redhat.com/show_bug.cgi?id=1815242 [ 3 ] Bug #1815243 - CVE-2020-6426 chromium-browser: Inappropriate implementation in V8 https://bugzilla.redhat.com/show_bug.cgi?id=1815243 [ 4 ] Bug #1815244 - CVE-2020-6427 chromium-browser: Use after free in audio https://bugzilla.redhat.com/show_bug.cgi?id=1815244 [ 5 ] Bug #1815245 - CVE-2020-6428 chromium-browser: Use after free in audio https://bugzilla.redhat.com/show_bug.cgi?id=1815245 [ 6 ] Bug #1815247 - CVE-2020-6429 chromium-browser: Use after free in audio https://bugzilla.redhat.com/show_bug.cgi?id=1815247 [ 7 ] Bug #1815248 - CVE-2020-6449 chromium-browser: Use after free in audio https://bugzilla.redhat.com/show_bug.cgi?id=1815248 [ 8 ] Bug #1815259 - CVE-2020-6422 chromium-browser: Use after free in WebGL https://bugzilla.redhat.com/show_bug.cgi?id=1815259 --------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-17149a4f3d' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------