-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2016-a815b7bf5d 2016-12-15 23:54:29.139054 --------------------------------------------------------------------------------
Name : chromium Product : Fedora 25 Version : 55.0.2883.87 Release : 1.fc25 URL : http://www.chromium.org/Home Summary : A WebKit (Blink) powered web browser Description : Chromium is an open-source web browser, powered by WebKit (Blink).
-------------------------------------------------------------------------------- Update Information:
Update to Chromium 55. Security fix for CVE-2016-5199, CVE-2016-5200, CVE-2016-5201, CVE-2016-5202, CVE-2016-9651, CVE-2016-5208, CVE-2016-5207, CVE-2016-5206, CVE-2016-5205, CVE-2016-5204, CVE-2016-5209, CVE-2016-5203, CVE-2016-5210, CVE-2016-5212, CVE-2016-5211, CVE-2016-5213, CVE-2016-5214, CVE-2016-5216, CVE-2016-5215, CVE-2016-5217, CVE-2016-5218, CVE-2016-5219, CVE-2016-5221, CVE-2016-5220, CVE-2016-5222, CVE-2016-9650, CVE-2016-5223, CVE-2016-5226, CVE-2016-5225, CVE-2016-5224, CVE-2016-9652 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1393734 - CVE-2016-5202 chromium-browser: various fixes from internal audits https://bugzilla.redhat.com/show_bug.cgi?id=1393734 [ 2 ] Bug #1393733 - CVE-2016-5201 chromium-browser: info leak in extensions https://bugzilla.redhat.com/show_bug.cgi?id=1393733 [ 3 ] Bug #1393732 - CVE-2016-5200 chromium-browser: out of bounds memory access in v8 https://bugzilla.redhat.com/show_bug.cgi?id=1393732 [ 4 ] Bug #1393731 - CVE-2016-5199 chromium-browser: heap corruption in ffmpeg https://bugzilla.redhat.com/show_bug.cgi?id=1393731 [ 5 ] Bug #1400879 - CVE-2016-9652 chromium-browser: various fixes from internal audits https://bugzilla.redhat.com/show_bug.cgi?id=1400879 [ 6 ] Bug #1400878 - CVE-2016-5224 chromium-browser: same-origin bypass in svg https://bugzilla.redhat.com/show_bug.cgi?id=1400878 [ 7 ] Bug #1400877 - CVE-2016-5225 chromium-browser: csp bypass in blink https://bugzilla.redhat.com/show_bug.cgi?id=1400877 [ 8 ] Bug #1400876 - CVE-2016-5226 chromium-browser: limited xss in blink https://bugzilla.redhat.com/show_bug.cgi?id=1400876 [ 9 ] Bug #1400875 - CVE-2016-5223 chromium-browser: integer overflow in pdfium https://bugzilla.redhat.com/show_bug.cgi?id=1400875 [ 10 ] Bug #1400873 - CVE-2016-9650 chromium-browser: csp referrer disclosure https://bugzilla.redhat.com/show_bug.cgi?id=1400873 [ 11 ] Bug #1400872 - CVE-2016-5222 chromium-browser: address spoofing in omnibox https://bugzilla.redhat.com/show_bug.cgi?id=1400872 [ 12 ] Bug #1400871 - CVE-2016-5220 chromium-browser: local file access in pdfium https://bugzilla.redhat.com/show_bug.cgi?id=1400871 [ 13 ] Bug #1400870 - CVE-2016-5221 chromium-browser: integer overflow in angle https://bugzilla.redhat.com/show_bug.cgi?id=1400870 [ 14 ] Bug #1400869 - CVE-2016-5219 chromium-browser: use after free in v8 https://bugzilla.redhat.com/show_bug.cgi?id=1400869 [ 15 ] Bug #1400868 - CVE-2016-5218 chromium-browser: address spoofing in omnibox https://bugzilla.redhat.com/show_bug.cgi?id=1400868 [ 16 ] Bug #1400867 - CVE-2016-5217 chromium-browser: use of unvalidated data in pdfium https://bugzilla.redhat.com/show_bug.cgi?id=1400867 [ 17 ] Bug #1400866 - CVE-2016-5215 chromium-browser: use after free in webaudio https://bugzilla.redhat.com/show_bug.cgi?id=1400866 [ 18 ] Bug #1400865 - CVE-2016-5216 chromium-browser: use after free in pdfium https://bugzilla.redhat.com/show_bug.cgi?id=1400865 [ 19 ] Bug #1400864 - CVE-2016-5214 chromium-browser: file download protection bypass https://bugzilla.redhat.com/show_bug.cgi?id=1400864 [ 20 ] Bug #1400863 - CVE-2016-5213 chromium-browser: use after free in v8 https://bugzilla.redhat.com/show_bug.cgi?id=1400863 [ 21 ] Bug #1400862 - CVE-2016-5211 chromium-browser: use after free in pdfium https://bugzilla.redhat.com/show_bug.cgi?id=1400862 [ 22 ] Bug #1400861 - CVE-2016-5212 chromium-browser: local file disclosure in devtools https://bugzilla.redhat.com/show_bug.cgi?id=1400861 [ 23 ] Bug #1400859 - CVE-2016-5210 chromium-browser: out of bounds write in pdfium https://bugzilla.redhat.com/show_bug.cgi?id=1400859 [ 24 ] Bug #1400857 - CVE-2016-5203 chromium-browser: use after free in pdfium https://bugzilla.redhat.com/show_bug.cgi?id=1400857 [ 25 ] Bug #1400856 - CVE-2016-5209 chromium-browser: out of bounds write in blink https://bugzilla.redhat.com/show_bug.cgi?id=1400856 [ 26 ] Bug #1400855 - CVE-2016-5204 chromium-browser: universal xss in blink https://bugzilla.redhat.com/show_bug.cgi?id=1400855 [ 27 ] Bug #1400854 - CVE-2016-5205 chromium-browser: universal xss in blink https://bugzilla.redhat.com/show_bug.cgi?id=1400854 [ 28 ] Bug #1400853 - CVE-2016-5206 chromium-browser: same-origin bypass in pdfium https://bugzilla.redhat.com/show_bug.cgi?id=1400853 [ 29 ] Bug #1400852 - CVE-2016-5207 chromium-browser: universal xss in blink https://bugzilla.redhat.com/show_bug.cgi?id=1400852 [ 30 ] Bug #1400851 - CVE-2016-5208 chromium-browser: universal xss in blink https://bugzilla.redhat.com/show_bug.cgi?id=1400851 [ 31 ] Bug #1400850 - CVE-2016-9651 chromium-browser: private property access in v8 https://bugzilla.redhat.com/show_bug.cgi?id=1400850 --------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade chromium' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------