[SECURITY] Fedora 29 Update: chromium-69.0.3497.100-1.fc29

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2018-39be36e9fc 2018-10-30 17:13:37.318039 -------------------------------------------------------------------------------- Name : chromium Product : Fedora 29 Version : 69.0.3497.100 Release : 1.fc29 URL : http://www.chromium.org/Home Summary : A WebKit (Blink) powered web browser Description : Chromium is an open-source web browser, powered by WebKit (Blink). -------------------------------------------------------------------------------- Update Information: Security fixes for CVE-2018-6055 CVE-2018-6119 CVE-2018-16429 CVE-2018-16428 ---- Update to Chromium 69. (EPEL-7 update is blocked by a GCC bug: 1629813, so as soon as devtoolset-8 arrives...) Fixes a lot of security issues, like every major release of Chromium, including CVE-2018-16087 CVE-2018-16088 CVE-2018-16086CVE-2018-16065 CVE-2018-16066 CVE-2018-16067 CVE-2018-16068 CVE-2018-16069 CVE-2018-16070 CVE-2018-16071 CVE-2018-16072 CVE-2018-16073 CVE-2018-16074 CVE-2018-16075 CVE-2018-16076 CVE-2018-16077 CVE-2018-16078 -------------------------------------------------------------------------------- ChangeLog: * Thu Oct 4 2018 Tom Callaway <spot(a)fedoraproject.org&gt; - 69.0.3497.100-1 - update to 69.0.3497.100 * Wed Sep 12 2018 Tom Callaway <spot(a)fedoraproject.org&gt; - 69.0.3497.92-1 - update to 69.0.3497.92 * Wed Sep 5 2018 Tom Callaway <spot(a)fedoraproject.org&gt; - 69.0.3497.81-1 - update to 69.0.3497.81 * Tue Aug 28 2018 Patrik Novotn�� <panovotn(a)redhat.com&gt; - 68.0.3440.106-4 - change requires to minizip-compat(-devel), rhbz#1609830, rhbz#1615381 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1625488 - CVE-2018-16085 chromium-browser: Use after free in Memory Instrumentation https://bugzilla.redhat.com/show_bug.cgi?id=1625488 [ 2 ] Bug #1625487 - CVE-2018-16084 chromium-browser: User confirmation bypass in external protocol handling https://bugzilla.redhat.com/show_bug.cgi?id=1625487 [ 3 ] Bug #1625486 - CVE-2018-16083 chromium-browser: Out of bounds read in WebRTC https://bugzilla.redhat.com/show_bug.cgi?id=1625486 [ 4 ] Bug #1625485 - CVE-2018-16082 chromium-browser: Stack buffer overflow in SwiftShader https://bugzilla.redhat.com/show_bug.cgi?id=1625485 [ 5 ] Bug #1625484 - CVE-2018-16081 chromium-browser: Local file access in DevTools https://bugzilla.redhat.com/show_bug.cgi?id=1625484 [ 6 ] Bug #1625482 - CVE-2018-16080 chromium-browser: URL spoof in full screen mode https://bugzilla.redhat.com/show_bug.cgi?id=1625482 [ 7 ] Bug #1625481 - CVE-2018-16079 chromium-browser: URL spoof in permission dialogs https://bugzilla.redhat.com/show_bug.cgi?id=1625481 [ 8 ] Bug #1625480 - CVE-2018-16078 chromium-browser: Credit card information leak in Autofill https://bugzilla.redhat.com/show_bug.cgi?id=1625480 [ 9 ] Bug #1625479 - CVE-2018-16077 chromium-browser: Content security policy bypass in Blink https://bugzilla.redhat.com/show_bug.cgi?id=1625479 [ 10 ] Bug #1625478 - CVE-2018-16076 chromium-browser: Out of bounds read in PDFium https://bugzilla.redhat.com/show_bug.cgi?id=1625478 [ 11 ] Bug #1625477 - CVE-2018-16075 chromium-browser: Local file access in Blink https://bugzilla.redhat.com/show_bug.cgi?id=1625477 [ 12 ] Bug #1625476 - CVE-2018-16074 chromium-browser: Site Isolation bypass using Blob URLS https://bugzilla.redhat.com/show_bug.cgi?id=1625476 [ 13 ] Bug #1625475 - CVE-2018-16073 chromium-browser: Site Isolation bypass after tab restore https://bugzilla.redhat.com/show_bug.cgi?id=1625475 [ 14 ] Bug #1625474 - CVE-2018-16072 chromium-browser: Cross origin pixel leak in Chrome's interaction with Android's MediaPlayer https://bugzilla.redhat.com/show_bug.cgi?id=1625474 [ 15 ] Bug #1625473 - CVE-2018-16071 chromium-browser: Use after free in WebRTC https://bugzilla.redhat.com/show_bug.cgi?id=1625473 [ 16 ] Bug #1625472 - CVE-2018-16070 chromium-browser: Integer overflow in Skia https://bugzilla.redhat.com/show_bug.cgi?id=1625472 [ 17 ] Bug #1625471 - CVE-2018-16069 chromium-browser: Out of bounds read in SwiftShader https://bugzilla.redhat.com/show_bug.cgi?id=1625471 [ 18 ] Bug #1625470 - CVE-2018-16068 chromium-browser: Out of bounds write in Mojo https://bugzilla.redhat.com/show_bug.cgi?id=1625470 [ 19 ] Bug #1625469 - CVE-2018-16067 chromium-browser: Out of bounds read in WebAudio https://bugzilla.redhat.com/show_bug.cgi?id=1625469 [ 20 ] Bug #1625467 - CVE-2018-16066 chromium-browser: Out of bounds read in Blink https://bugzilla.redhat.com/show_bug.cgi?id=1625467 [ 21 ] Bug #1625466 - CVE-2018-16065 chromium-browser: Out of bounds write in V8 https://bugzilla.redhat.com/show_bug.cgi?id=1625466 [ 22 ] Bug #1628080 - CVE-2018-17459 chromium-browser: URL Spoofing in Omnibox https://bugzilla.redhat.com/show_bug.cgi?id=1628080 [ 23 ] Bug #1628078 - CVE-2018-17458 chromium-browser: Function signature mismatch in WebAssembly https://bugzilla.redhat.com/show_bug.cgi?id=1628078 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2018-39be36e9fc' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------