[SECURITY] Fedora 28 Update: chromium-71.0.3578.98-1.fc28

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2019-348547a32d 2019-01-16 01:41:55.187883 --------------------------------------------------------------------------------

Name : chromium Product : Fedora 28 Version : 71.0.3578.98 Release : 1.fc28 URL : http://www.chromium.org/Home Summary : A WebKit (Blink) powered web browser Description : Chromium is an open-source web browser, powered by WebKit (Blink).

-------------------------------------------------------------------------------- Update Information:

Update to Chromium 71. Fixes CVE-2018-17480 CVE-2018-17481 CVE-2018-18335 CVE-2018-18336 CVE-2018-18337 CVE-2018-18338 CVE-2018-18339 CVE-2018-18340 CVE-2018-18341 CVE-2018-18342 CVE-2018-18343 CVE-2018-18344 CVE-2018-18345 CVE-2018-18346 CVE-2018-18347 CVE-2018-18348 CVE-2018-18349 CVE-2018-18350 CVE-2018-18351 CVE-2018-18352 CVE-2018-18353 CVE-2018-18354 CVE-2018-18355 CVE-2018-18356 CVE-2018-18357 CVE-2018-18358 CVE-2018-18359 -------------------------------------------------------------------------------- ChangeLog:

* Fri Dec 14 2018 Tom Callaway spot@fedoraproject.org - 71.0.3578.98-1 - update to 71.0.3578.98 * Tue Nov 27 2018 Tom Callaway spot@fedoraproject.org - 70.0.3538.110-2 - enable vaapi support (thanks to Akarshan Biswas for doing the hard work here) * Mon Nov 26 2018 Tom Callaway spot@fedoraproject.org - 70.0.3538.110-1 - update to .110 * Wed Nov 7 2018 Tom Callaway spot@fedoraproject.org - 70.0.3538.77-4 - fix library requires filtering * Tue Nov 6 2018 Tom Callaway spot@fedoraproject.org - 70.0.3538.77-3 - fix build with harfbuzz2 in rawhide * Mon Nov 5 2018 Tom Callaway spot@fedoraproject.org - 70.0.3538.77-2 - drop jumbo_file_merge_limit to 8 to (hopefully) avoid OOMs on aarch64 * Fri Nov 2 2018 Tom Callaway spot@fedoraproject.org - 70.0.3538.77-1 - .77 came out while I was working on this. :/ * Fri Nov 2 2018 Tom Callaway spot@fedoraproject.org - 70.0.3538.67-1 - update to 70 * Tue Oct 16 2018 Tom Callaway spot@fedoraproject.org - 69.0.3497.100-2 - do not play with fonts on freeworld builds * Thu Oct 4 2018 Tom Callaway spot@fedoraproject.org - 69.0.3497.100-1 - update to 69.0.3497.100 * Wed Sep 12 2018 Tom Callaway spot@fedoraproject.org - 69.0.3497.92-1 - update to 69.0.3497.92 * Wed Sep 5 2018 Tom Callaway spot@fedoraproject.org - 69.0.3497.81-1 - update to 69.0.3497.81 * Tue Aug 28 2018 Patrik Novotn�� panovotn@redhat.com - 68.0.3440.106-4 - change requires to minizip-compat(-devel), rhbz#1609830, rhbz#1615381 * Sun Aug 19 2018 Tom Callaway spot@fedoraproject.org - 68.0.3440.106-3 - fix library filters * Fri Aug 17 2018 Tom Callaway spot@fedoraproject.org - 68.0.3440.106-2 - fix error with defaulting on redeclaration * Thu Aug 9 2018 Tom Callaway spot@fedoraproject.org - 68.0.3440.106-1 - update to 68.0.3440.106 * Wed Aug 8 2018 Tom Callaway spot@fedoraproject.org - 68.0.3440.84-1 - update to 68.0.3440.84 * Mon Jul 30 2018 Tom Callaway spot@fedoraproject.org - 68.0.3440.75-1 - update to 68.0.3440.75 * Thu Jul 12 2018 Fedora Release Engineering releng@fedoraproject.org - 67.0.3396.99-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild * Mon Jul 9 2018 Tom Callaway spot@fedoraproject.org 67.0.3396.99-1 - update to 67.0.3396.99 * Mon Jun 25 2018 Tom Callaway spot@fedoraproject.org 67.0.3396.87-2 - add "Fedora" to the user agent string * Tue Jun 19 2018 Tom Callaway spot@fedoraproject.org 67.0.3396.87-1 - update to 67.0.3396.87 * Thu Jun 7 2018 Tom Callaway spot@fedoraproject.org 67.0.3396.79-1 - update to 67.0.3396.79 * Wed Jun 6 2018 Tom Callaway spot@fedoraproject.org 67.0.3396.62-2 - work around bug in RHEL7 python exec * Wed May 30 2018 Tom Callaway spot@fedoraproject.org 67.0.3396.62-1 - 67 releases of chromium on the wall... * Tue May 29 2018 Tom Callaway spot@fedoraproject.org 66.0.3359.181-3 - also filter out fontconfig on epel7 * Wed May 23 2018 Tom Callaway spot@fedoraproject.org 66.0.3359.181-2 - fix missing files * Mon May 21 2018 Tom Callaway spot@fedoraproject.org 66.0.3359.181-1 - update to 66.0.3359.181 * Tue May 15 2018 Tom Callaway spot@fedoraproject.org 66.0.3359.170-2 - only x86_64 i686 have swiftshader - fix gcc8 alignof issue on i686 * Mon May 14 2018 Tom Callaway spot@fedoraproject.org 66.0.3359.170-1 - update to 66.0.3359.170 - include swiftshader files * Tue May 1 2018 Tom Callaway spot@fedoraproject.org 66.0.3359.139-1 - update to 66.0.3359.139 * Wed Apr 18 2018 Tom Callaway spot@fedoraproject.org 66.0.3359.117-1 - update to 66.0.3359.117 * Tue Apr 17 2018 Tom Callaway spot@fedoraproject.org 65.0.3325.181-3 - use system fontconfig (except on epel7) * Wed Apr 4 2018 Tom Callaway spot@fedoraproject.org 65.0.3325.181-2 - add explicit dependency on minizip (bz 1534282) * Wed Mar 28 2018 Tom Callaway spot@fedoraproject.org - check that there is no system 'google' module, shadowing bundled ones - conditionalize api keys (on by default) -------------------------------------------------------------------------------- References:

[ 1 ] Bug #1656547 - CVE-2018-17480 chromium-browser: Out of bounds write in V8 https://bugzilla.redhat.com/show_bug.cgi?id=1656547 [ 2 ] Bug #1656548 - CVE-2018-17481 chromium-browser: Use after frees in PDFium https://bugzilla.redhat.com/show_bug.cgi?id=1656548 [ 3 ] Bug #1656549 - CVE-2018-18335 chromium-browser: Heap buffer overflow in Skia https://bugzilla.redhat.com/show_bug.cgi?id=1656549 [ 4 ] Bug #1656550 - CVE-2018-18336 chromium-browser: Use after free in PDFium https://bugzilla.redhat.com/show_bug.cgi?id=1656550 [ 5 ] Bug #1656551 - CVE-2018-18337 chromium-browser: Use after free in Blink https://bugzilla.redhat.com/show_bug.cgi?id=1656551 [ 6 ] Bug #1656552 - CVE-2018-18338 chromium-browser: Heap buffer overflow in Canvas https://bugzilla.redhat.com/show_bug.cgi?id=1656552 [ 7 ] Bug #1656553 - CVE-2018-18339 chromium-browser: Use after free in WebAudio https://bugzilla.redhat.com/show_bug.cgi?id=1656553 [ 8 ] Bug #1656554 - CVE-2018-18340 chromium-browser: Use after free in MediaRecorder https://bugzilla.redhat.com/show_bug.cgi?id=1656554 [ 9 ] Bug #1656555 - CVE-2018-18341 chromium-browser: Heap buffer overflow in Blink https://bugzilla.redhat.com/show_bug.cgi?id=1656555 [ 10 ] Bug #1656556 - CVE-2018-18342 chromium-browser: Out of bounds write in V8 https://bugzilla.redhat.com/show_bug.cgi?id=1656556 [ 11 ] Bug #1656557 - CVE-2018-18343 chromium-browser: Use after free in Skia https://bugzilla.redhat.com/show_bug.cgi?id=1656557 [ 12 ] Bug #1656558 - CVE-2018-18344 chromium-browser: Inappropriate implementation in Extensions https://bugzilla.redhat.com/show_bug.cgi?id=1656558 [ 13 ] Bug #1656559 - CVE-2018-18345 chromium-browser: Inappropriate implementation in Site Isolation https://bugzilla.redhat.com/show_bug.cgi?id=1656559 [ 14 ] Bug #1656560 - CVE-2018-18346 chromium-browser: Incorrect security UI in Blink https://bugzilla.redhat.com/show_bug.cgi?id=1656560 [ 15 ] Bug #1656561 - CVE-2018-18347 chromium-browser: Inappropriate implementation in Navigation https://bugzilla.redhat.com/show_bug.cgi?id=1656561 [ 16 ] Bug #1656562 - CVE-2018-18348 chromium-browser: Inappropriate implementation in Omnibox https://bugzilla.redhat.com/show_bug.cgi?id=1656562 [ 17 ] Bug #1656563 - CVE-2018-18349 chromium-browser: Insufficient policy enforcement in Blink https://bugzilla.redhat.com/show_bug.cgi?id=1656563 [ 18 ] Bug #1656564 - CVE-2018-18350 chromium-browser: Insufficient policy enforcement in Blink https://bugzilla.redhat.com/show_bug.cgi?id=1656564 [ 19 ] Bug #1656565 - CVE-2018-18351 chromium-browser: Insufficient policy enforcement in Navigation https://bugzilla.redhat.com/show_bug.cgi?id=1656565 [ 20 ] Bug #1656566 - CVE-2018-18352 chromium-browser: Inappropriate implementation in Media https://bugzilla.redhat.com/show_bug.cgi?id=1656566 [ 21 ] Bug #1656567 - CVE-2018-18353 chromium-browser: Inappropriate implementation in Network Authentication https://bugzilla.redhat.com/show_bug.cgi?id=1656567 [ 22 ] Bug #1656568 - CVE-2018-18354 chromium-browser: Insufficient data validation in Shell Integration https://bugzilla.redhat.com/show_bug.cgi?id=1656568 [ 23 ] Bug #1656569 - CVE-2018-18355 chromium-browser: Insufficient policy enforcement in URL Formatter https://bugzilla.redhat.com/show_bug.cgi?id=1656569 [ 24 ] Bug #1656570 - CVE-2018-18356 chromium-browser: Use after free in Skia https://bugzilla.redhat.com/show_bug.cgi?id=1656570 [ 25 ] Bug #1656571 - CVE-2018-18357 chromium-browser: Insufficient policy enforcement in URL Formatter https://bugzilla.redhat.com/show_bug.cgi?id=1656571 [ 26 ] Bug #1656572 - CVE-2018-18358 chromium-browser: Insufficient policy enforcement in Proxy https://bugzilla.redhat.com/show_bug.cgi?id=1656572 [ 27 ] Bug #1656573 - CVE-2018-18359 chromium-browser: Out of bounds read in V8 https://bugzilla.redhat.com/show_bug.cgi?id=1656573 --------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2019-348547a32d' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------