-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2019-1a10c04281 2019-12-18 01:52:04.721318 --------------------------------------------------------------------------------
Name : chromium Product : Fedora 31 Version : 79.0.3945.79 Release : 1.fc31 URL : http://www.chromium.org/Home Summary : A WebKit (Blink) powered web browser Description : Chromium is an open-source web browser, powered by WebKit (Blink).
-------------------------------------------------------------------------------- Update Information:
Update to Chromium 79. Fixes the usual giant pile of bugs and security issues. This time, the list is: CVE-2019-13725 CVE-2019-13726 CVE-2019-13727 CVE-2019-13728 CVE-2019-13729 CVE-2019-13730 CVE-2019-13732 CVE-2019-13734 CVE-2019-13735 CVE-2019-13764 CVE-2019-13736 CVE-2019-13737 CVE-2019-13738 CVE-2019-13739 CVE-2019-13740 CVE-2019-13741 CVE-2019-13742 CVE-2019-13743 CVE-2019-13744 CVE-2019-13745 CVE-2019-13746 CVE-2019-13747 CVE-2019-13748 CVE-2019-13749 CVE-2019-13750 CVE-2019-13751 CVE-2019-13752 CVE-2019-13753 CVE-2019-13754 CVE-2019-13755 CVE-2019-13756 CVE-2019-13757 CVE-2019-13758 CVE-2019-13759 CVE-2019-13761 CVE-2019-13762 CVE-2019-13763 -------------------------------------------------------------------------------- ChangeLog:
* Tue Dec 10 2019 Tom Callaway spot@fedoraproject.org - 79.0.3945.79-1 - update to 79.0.3945.79 * Wed Dec 4 2019 Tom Callaway spot@fedoraproject.org - 79.0.3945.56-2 - fix lib provides filtering * Tue Dec 3 2019 Tom Callaway spot@fedoraproject.org - 79.0.3945.56-1 - update to current beta (rawhide only) - switch to upstream patch for clock_nanosleep fix * Mon Nov 25 2019 Tom Callaway spot@fedoraproject.org - 78.0.3904.108-1 - update to 78.0.3904.108 * Sun Nov 17 2019 Tom Callaway spot@fedoraproject.org - 78.0.3904.97-2 - allow clock_nanosleep through seccomp (bz #1773289) * Thu Nov 7 2019 Tom Callaway spot@fedoraproject.org - 78.0.3904.97-1 - update to 78.0.3904.97 * Fri Nov 1 2019 Tom Callaway spot@fedoraproject.org - 78.0.3904.87-1 - update to 78.0.3904.87 - apply most of the freeworld changes in PR 23/24/25 * Wed Oct 23 2019 Tom Callaway spot@fedoraproject.org - 78.0.3904.80-1 - update to 78.0.3904.80 * Wed Oct 16 2019 Tom Callaway spot@fedoraproject.org - 77.0.3865.120-4 - upstream fix for zlib symbol exports with gcc * Wed Oct 16 2019 Tom Callaway spot@fedoraproject.org - 77.0.3865.120-3 - silence outdated build noise (bz1745745) * Tue Oct 15 2019 Tom Callaway spot@fedoraproject.org - 77.0.3865.120-2 - fix node handling for EPEL-8 * Mon Oct 14 2019 Tomas Popela tpopela@redhat.com - 77.0.3865.120-1 - Update to 77.0.3865.120 * Thu Oct 10 2019 Tom Callaway spot@fedoraproject.org - 77.0.3865.90-4 - enable aarch64 for EPEL-8 * Wed Oct 9 2019 Tom Callaway spot@fedoraproject.org - 77.0.3865.90-3 - spec cleanups and changes to make EPEL8 try to build -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1782008 - CVE-2019-13763 chromium-browser: Insufficient policy enforcement in payments https://bugzilla.redhat.com/show_bug.cgi?id=1782008 [ 2 ] Bug #1782007 - CVE-2019-13762 chromium-browser: Insufficient policy enforcement in downloads https://bugzilla.redhat.com/show_bug.cgi?id=1782007 [ 3 ] Bug #1782006 - CVE-2019-13761 chromium-browser: Incorrect security UI in Omnibox https://bugzilla.redhat.com/show_bug.cgi?id=1782006 [ 4 ] Bug #1782005 - CVE-2019-13759 chromium-browser: Incorrect security UI in interstitials https://bugzilla.redhat.com/show_bug.cgi?id=1782005 [ 5 ] Bug #1782004 - CVE-2019-13757 chromium-browser: Incorrect security UI in Omnibox https://bugzilla.redhat.com/show_bug.cgi?id=1782004 [ 6 ] Bug #1782000 - CVE-2019-13753 sqlite: fts3: incorrectly removed corruption check https://bugzilla.redhat.com/show_bug.cgi?id=1782000 [ 7 ] Bug #1782003 - CVE-2019-13756 chromium-browser: Incorrect security UI in printing https://bugzilla.redhat.com/show_bug.cgi?id=1782003 [ 8 ] Bug #1782002 - CVE-2019-13755 chromium-browser: Insufficient policy enforcement in extensions https://bugzilla.redhat.com/show_bug.cgi?id=1782002 [ 9 ] Bug #1782001 - CVE-2019-13754 chromium-browser: Insufficient policy enforcement in extensions https://bugzilla.redhat.com/show_bug.cgi?id=1782001 [ 10 ] Bug #1781998 - CVE-2019-13751 sqlite: fts3: improve detection of corrupted records https://bugzilla.redhat.com/show_bug.cgi?id=1781998 [ 11 ] Bug #1781999 - CVE-2019-13752 sqlite: fts3: improve shadow table corruption detection https://bugzilla.redhat.com/show_bug.cgi?id=1781999 [ 12 ] Bug #1781995 - CVE-2019-13749 chromium-browser: Incorrect security UI in Omnibox https://bugzilla.redhat.com/show_bug.cgi?id=1781995 [ 13 ] Bug #1781993 - CVE-2019-13747 chromium-browser: Uninitialized Use in rendering https://bugzilla.redhat.com/show_bug.cgi?id=1781993 [ 14 ] Bug #1781997 - CVE-2019-13750 sqlite: dropping of shadow tables not restricted in defensive mode https://bugzilla.redhat.com/show_bug.cgi?id=1781997 [ 15 ] Bug #1781992 - CVE-2019-13746 chromium-browser: Insufficient policy enforcement in Omnibox https://bugzilla.redhat.com/show_bug.cgi?id=1781992 [ 16 ] Bug #1781994 - CVE-2019-13748 chromium-browser: Insufficient policy enforcement in developer tools https://bugzilla.redhat.com/show_bug.cgi?id=1781994 [ 17 ] Bug #1781991 - CVE-2019-13745 chromium-browser: Insufficient policy enforcement in audio https://bugzilla.redhat.com/show_bug.cgi?id=1781991 [ 18 ] Bug #1781990 - CVE-2019-13743 chromium-browser: Incorrect security UI in external protocol handling https://bugzilla.redhat.com/show_bug.cgi?id=1781990 [ 19 ] Bug #1781987 - CVE-2019-13740 chromium-browser: Incorrect security UI in sharing https://bugzilla.redhat.com/show_bug.cgi?id=1781987 [ 20 ] Bug #1781989 - CVE-2019-13742 chromium-browser: Incorrect security UI in Omnibox https://bugzilla.redhat.com/show_bug.cgi?id=1781989 [ 21 ] Bug #1781988 - CVE-2019-13741 chromium-browser: Insufficient validation of untrusted input in Blink https://bugzilla.redhat.com/show_bug.cgi?id=1781988 [ 22 ] Bug #1781986 - CVE-2019-13739 chromium-browser: Incorrect security UI in Omnibox https://bugzilla.redhat.com/show_bug.cgi?id=1781986 [ 23 ] Bug #1781985 - CVE-2019-13738 chromium-browser: Insufficient policy enforcement in navigation https://bugzilla.redhat.com/show_bug.cgi?id=1781985 [ 24 ] Bug #1781983 - CVE-2019-13736 chromium-browser: Integer overflow in PDFium https://bugzilla.redhat.com/show_bug.cgi?id=1781983 [ 25 ] Bug #1781984 - CVE-2019-13737 chromium-browser: Insufficient policy enforcement in autocomplete https://bugzilla.redhat.com/show_bug.cgi?id=1781984 [ 26 ] Bug #1781980 - CVE-2019-13734 sqlite: fts3: improve shadow table corruption detection https://bugzilla.redhat.com/show_bug.cgi?id=1781980 [ 27 ] Bug #1781982 - CVE-2019-13764 chromium-browser: Type Confusion in V8 https://bugzilla.redhat.com/show_bug.cgi?id=1781982 [ 28 ] Bug #1781981 - CVE-2019-13735 chromium-browser: Out of bounds write in V8 https://bugzilla.redhat.com/show_bug.cgi?id=1781981 [ 29 ] Bug #1781979 - CVE-2019-13732 chromium-browser: Use after free in WebAudio https://bugzilla.redhat.com/show_bug.cgi?id=1781979 [ 30 ] Bug #1781978 - CVE-2019-13730 chromium-browser: Type Confusion in V8 https://bugzilla.redhat.com/show_bug.cgi?id=1781978 [ 31 ] Bug #1781974 - CVE-2019-13726 chromium-browser: Heap buffer overflow in password manager https://bugzilla.redhat.com/show_bug.cgi?id=1781974 [ 32 ] Bug #1781975 - CVE-2019-13727 chromium-browser: Insufficient policy enforcement in WebSockets https://bugzilla.redhat.com/show_bug.cgi?id=1781975 [ 33 ] Bug #1781976 - CVE-2019-13728 chromium-browser: Out of bounds write in V8 https://bugzilla.redhat.com/show_bug.cgi?id=1781976 [ 34 ] Bug #1781977 - CVE-2019-13729 chromium-browser: Use after free in WebSockets https://bugzilla.redhat.com/show_bug.cgi?id=1781977 [ 35 ] Bug #1781973 - CVE-2019-13725 chromium-browser: Use after free in Bluetooth https://bugzilla.redhat.com/show_bug.cgi?id=1781973 [ 36 ] Bug #1782021 - CVE-2019-13744 chromium-browser: Insufficient policy enforcement in cookies https://bugzilla.redhat.com/show_bug.cgi?id=1782021 [ 37 ] Bug #1782017 - CVE-2019-13758 chromium-browser: Insufficient policy enforcement in navigation https://bugzilla.redhat.com/show_bug.cgi?id=1782017 --------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2019-1a10c04281' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------