-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2019-561eae4626 2019-03-25 06:03:54.829925 --------------------------------------------------------------------------------
Name : chromium Product : Fedora 29 Version : 73.0.3683.75 Release : 2.fc29 URL : http://www.chromium.org/Home Summary : A WebKit (Blink) powered web browser Description : Chromium is an open-source web browser, powered by WebKit (Blink).
-------------------------------------------------------------------------------- Update Information:
Update to 73.0.3683.75. Fixes large bucket of CVEs. CVE-2019-5754 CVE-2019-5782 CVE-2019-5755 CVE-2019-5756 CVE-2019-5757 CVE-2019-5758 CVE-2019-5759 CVE-2019-5760 CVE-2019-5761 CVE-2019-5762 CVE-2019-5763 CVE-2019-5764 CVE-2019-5765 CVE-2019-5766 CVE-2019-5767 CVE-2019-5768 CVE-2019-5769 CVE-2019-5770 CVE-2019-5771 CVE-2019-5772 CVE-2019-5773 CVE-2019-5774 CVE-2019-5775 CVE-2019-5776 CVE-2019-5777 CVE-2019-5778 CVE-2019-5779 CVE-2019-5780 CVE-2019-5781 CVE-2019-5784 CVE-2019-5786 CVE-2019-5787 CVE-2019-5788 CVE-2019-5789 CVE-2019-5790 CVE-2019-5791 CVE-2019-5792 CVE-2019-5793 CVE-2019-5794 CVE-2019-5795 CVE-2019-5796 CVE-2019-5797 CVE-2019-5798 CVE-2019-5799 CVE-2019-5800 CVE-2019-5802 CVE-2019-5803 -------------------------------------------------------------------------------- ChangeLog:
* Tue Mar 19 2019 Tom Callaway spot@fedoraproject.org - 73.0.3683.75-2 - do not include pyproto/protoc files in package * Tue Mar 12 2019 Tom Callaway spot@fedoraproject.org - 73.0.3683.75-1 - update to 73.0.3683.75 * Sat Mar 9 2019 Tom Callaway spot@fedoraproject.org - 72.0.3626.121-1 - update to 72.0.3626.121 * Tue Feb 26 2019 Tom Callaway spot@fedoraproject.org - 71.0.3578.98-5 - rebuild for libva api change * Thu Jan 31 2019 Fedora Release Engineering releng@fedoraproject.org - 71.0.3578.98-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild * Mon Jan 21 2019 Tom Callaway spot@fedoraproject.org - 71.0.3578.98-3 - rebuild with widevine fix * Tue Jan 8 2019 Tom Callaway spot@fedoraproject.org - 71.0.3578.98-2 - drop rsp clobber, which breaks gcc9 (thanks to Jeff Law) * Fri Dec 14 2018 Tom Callaway spot@fedoraproject.org - 71.0.3578.98-1 - update to 71.0.3578.98 * Tue Nov 27 2018 Tom Callaway spot@fedoraproject.org - 70.0.3538.110-2 - enable vaapi support (thanks to Akarshan Biswas for doing the hard work here) * Mon Nov 26 2018 Tom Callaway spot@fedoraproject.org - 70.0.3538.110-1 - update to .110 * Wed Nov 7 2018 Tom Callaway spot@fedoraproject.org - 70.0.3538.77-4 - fix library requires filtering * Tue Nov 6 2018 Tom Callaway spot@fedoraproject.org - 70.0.3538.77-3 - fix build with harfbuzz2 in rawhide * Mon Nov 5 2018 Tom Callaway spot@fedoraproject.org - 70.0.3538.77-2 - drop jumbo_file_merge_limit to 8 to (hopefully) avoid OOMs on aarch64 * Fri Nov 2 2018 Tom Callaway spot@fedoraproject.org - 70.0.3538.77-1 - .77 came out while I was working on this. :/ * Fri Nov 2 2018 Tom Callaway spot@fedoraproject.org - 70.0.3538.67-1 - update to 70 * Tue Oct 16 2018 Tom Callaway spot@fedoraproject.org - 69.0.3497.100-2 - do not play with fonts on freeworld builds * Thu Oct 4 2018 Tom Callaway spot@fedoraproject.org - 69.0.3497.100-1 - update to 69.0.3497.100 * Wed Sep 12 2018 Tom Callaway spot@fedoraproject.org - 69.0.3497.92-1 - update to 69.0.3497.92 * Wed Sep 5 2018 Tom Callaway spot@fedoraproject.org - 69.0.3497.81-1 - update to 69.0.3497.81 * Tue Aug 28 2018 Patrik Novotn�� panovotn@redhat.com - 68.0.3440.106-4 - change requires to minizip-compat(-devel), rhbz#1609830, rhbz#1615381 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1688206 - CVE-2019-5804 chromium-browser: Command line command injection on Windows https://bugzilla.redhat.com/show_bug.cgi?id=1688206 [ 2 ] Bug #1688205 - CVE-2019-5803 chromium-browser: CSP bypass with Javascript URLs' https://bugzilla.redhat.com/show_bug.cgi?id=1688205 [ 3 ] Bug #1688204 - CVE-2019-5802 chromium-browser: Security UI spoofing https://bugzilla.redhat.com/show_bug.cgi?id=1688204 [ 4 ] Bug #1688203 - CVE-2019-5801 chromium-browser: Incorrect Omnibox display on iOS https://bugzilla.redhat.com/show_bug.cgi?id=1688203 [ 5 ] Bug #1688202 - CVE-2019-5800 chromium-browser: CSP bypass with blob URL https://bugzilla.redhat.com/show_bug.cgi?id=1688202 [ 6 ] Bug #1688201 - CVE-2019-5799 chromium-browser: CSP bypass with blob URL https://bugzilla.redhat.com/show_bug.cgi?id=1688201 [ 7 ] Bug #1688200 - CVE-2019-5798 chromium-browser: Out of bounds read in Skia https://bugzilla.redhat.com/show_bug.cgi?id=1688200 [ 8 ] Bug #1688199 - CVE-2019-5797 chromium-browser: Race condition in DOMStorage https://bugzilla.redhat.com/show_bug.cgi?id=1688199 [ 9 ] Bug #1688198 - CVE-2019-5796 chromium-browser: Race condition in Extensions https://bugzilla.redhat.com/show_bug.cgi?id=1688198 [ 10 ] Bug #1688197 - CVE-2019-5795 chromium-browser: Integer overflow in PDFium https://bugzilla.redhat.com/show_bug.cgi?id=1688197 [ 11 ] Bug #1688196 - CVE-2019-5794 chromium-browser: Security UI spoofing https://bugzilla.redhat.com/show_bug.cgi?id=1688196 [ 12 ] Bug #1688195 - CVE-2019-5793 chromium-browser: Excessive permissions for private API in Extensions https://bugzilla.redhat.com/show_bug.cgi?id=1688195 [ 13 ] Bug #1688194 - CVE-2019-5792 chromium-browser: Integer overflow in PDFium https://bugzilla.redhat.com/show_bug.cgi?id=1688194 [ 14 ] Bug #1688193 - CVE-2019-5791 chromium-browser: Type confusion in V8 https://bugzilla.redhat.com/show_bug.cgi?id=1688193 [ 15 ] Bug #1688192 - CVE-2019-5790 chromium-browser: Heap buffer overflow in V8 https://bugzilla.redhat.com/show_bug.cgi?id=1688192 [ 16 ] Bug #1688191 - CVE-2019-5789 chromium-browser: Use after free in WebMIDI https://bugzilla.redhat.com/show_bug.cgi?id=1688191 [ 17 ] Bug #1688190 - CVE-2019-5788 chromium-browser: Use after free in FileAPI https://bugzilla.redhat.com/show_bug.cgi?id=1688190 [ 18 ] Bug #1688189 - CVE-2019-5787 chromium-browser: Use after free in Canvas https://bugzilla.redhat.com/show_bug.cgi?id=1688189 [ 19 ] Bug #1685162 - CVE-2019-5786 chromium-browser: Use-after-free in FileReader https://bugzilla.redhat.com/show_bug.cgi?id=1685162 [ 20 ] Bug #1676527 - CVE-2019-5784 chromium-browser: Inappropriate implementation in V8 https://bugzilla.redhat.com/show_bug.cgi?id=1676527 [ 21 ] Bug #1670764 - CVE-2019-5780 chromium-browser: Insufficient policy enforcement https://bugzilla.redhat.com/show_bug.cgi?id=1670764 [ 22 ] Bug #1670763 - CVE-2019-5779 chromium-browser: Insufficient policy enforcement in ServiceWorker https://bugzilla.redhat.com/show_bug.cgi?id=1670763 [ 23 ] Bug #1670762 - CVE-2019-5778 chromium-browser: Insufficient policy enforcement in Extensions https://bugzilla.redhat.com/show_bug.cgi?id=1670762 [ 24 ] Bug #1670761 - CVE-2019-5777 chromium-browser: Insufficient policy enforcement in Omnibox https://bugzilla.redhat.com/show_bug.cgi?id=1670761 [ 25 ] Bug #1670760 - CVE-2019-5776 chromium-browser: Insufficient policy enforcement in Omnibox https://bugzilla.redhat.com/show_bug.cgi?id=1670760 [ 26 ] Bug #1670759 - CVE-2019-5775 chromium-browser: Insufficient policy enforcement in Omnibox https://bugzilla.redhat.com/show_bug.cgi?id=1670759 [ 27 ] Bug #1670758 - CVE-2019-5774 chromium-browser: Insufficient validation of untrusted input in SafeBrowsing https://bugzilla.redhat.com/show_bug.cgi?id=1670758 [ 28 ] Bug #1670757 - CVE-2019-5773 chromium-browser: Insufficient data validation in IndexedDB https://bugzilla.redhat.com/show_bug.cgi?id=1670757 [ 29 ] Bug #1670756 - CVE-2019-5772 chromium-browser: Use after free in PDFium https://bugzilla.redhat.com/show_bug.cgi?id=1670756 [ 30 ] Bug #1670755 - CVE-2019-5771 chromium-browser: Heap buffer overflow in SwiftShader https://bugzilla.redhat.com/show_bug.cgi?id=1670755 [ 31 ] Bug #1670754 - CVE-2019-5770 chromium-browser: Heap buffer overflow in WebGL https://bugzilla.redhat.com/show_bug.cgi?id=1670754 [ 32 ] Bug #1670753 - CVE-2019-5769 chromium-browser: Insufficient validation of untrusted input in Blink https://bugzilla.redhat.com/show_bug.cgi?id=1670753 [ 33 ] Bug #1670752 - CVE-2019-5768 chromium-browser: Insufficient policy enforcement in DevTools https://bugzilla.redhat.com/show_bug.cgi?id=1670752 [ 34 ] Bug #1670751 - CVE-2019-5767 chromium-browser: Incorrect security UI in WebAPKs https://bugzilla.redhat.com/show_bug.cgi?id=1670751 [ 35 ] Bug #1670750 - CVE-2019-5766 chromium-browser: Insufficient policy enforcement in Canvas https://bugzilla.redhat.com/show_bug.cgi?id=1670750 [ 36 ] Bug #1670749 - CVE-2019-5765 chromium-browser: Insufficient policy enforcement in the browser https://bugzilla.redhat.com/show_bug.cgi?id=1670749 [ 37 ] Bug #1670748 - CVE-2019-5764 chromium-browser: Use after free in WebRTC https://bugzilla.redhat.com/show_bug.cgi?id=1670748 [ 38 ] Bug #1670747 - CVE-2019-5763 chromium-browser: Insufficient validation of untrusted input in V8 https://bugzilla.redhat.com/show_bug.cgi?id=1670747 [ 39 ] Bug #1670746 - CVE-2019-5762 chromium-browser: Use after free in PDFium https://bugzilla.redhat.com/show_bug.cgi?id=1670746 [ 40 ] Bug #1670745 - CVE-2019-5761 chromium-browser: Use after free in SwiftShader https://bugzilla.redhat.com/show_bug.cgi?id=1670745 [ 41 ] Bug #1670744 - CVE-2019-5760 chromium-browser: Use after free in WebRTC https://bugzilla.redhat.com/show_bug.cgi?id=1670744 [ 42 ] Bug #1670743 - CVE-2019-5759 chromium-browser: Use after free in HTML select elements https://bugzilla.redhat.com/show_bug.cgi?id=1670743 [ 43 ] Bug #1670742 - CVE-2019-5758 chromium-browser: Use after free in Blink https://bugzilla.redhat.com/show_bug.cgi?id=1670742 [ 44 ] Bug #1670741 - CVE-2019-5757 chromium-browser: Type Confusion in SVG https://bugzilla.redhat.com/show_bug.cgi?id=1670741 [ 45 ] Bug #1670740 - CVE-2019-5756 chromium-browser: Use after free in PDFium https://bugzilla.redhat.com/show_bug.cgi?id=1670740 [ 46 ] Bug #1670739 - CVE-2019-5755 chromium-browser: Inappropriate implementation in V8 https://bugzilla.redhat.com/show_bug.cgi?id=1670739 [ 47 ] Bug #1670738 - CVE-2019-5782 chromium-browser: Inappropriate implementation in V8 https://bugzilla.redhat.com/show_bug.cgi?id=1670738 [ 48 ] Bug #1670737 - CVE-2019-5754 chromium-browser: Inappropriate implementation in QUIC Networking https://bugzilla.redhat.com/show_bug.cgi?id=1670737 --------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2019-561eae4626' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------