-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2020-3e005ce2e0 2020-11-24 01:22:18.445344 --------------------------------------------------------------------------------
Name : chromium Product : Fedora 32 Version : 87.0.4280.66 Release : 1.fc32 URL : http://www.chromium.org/Home Summary : A WebKit (Blink) powered web browser Description : Chromium is an open-source web browser, powered by WebKit (Blink).
-------------------------------------------------------------------------------- Update Information:
Update to 87.0.4280.66. Fixes bugs and security holes. Yay! CVE-2020-16012 CVE-2020-16018 CVE-2020-16019 CVE-2020-16020 CVE-2020-16021 CVE-2020-16022 CVE-2020-16015 CVE-2020-16014 CVE-2020-16023 CVE-2020-16024 CVE-2020-16025 CVE-2020-16026 CVE-2020-16027 CVE-2020-16028 CVE-2020-16029 CVE-2020-16030 CVE-2020-16031 CVE-2020-16032 CVE-2020-16033 CVE-2020-16034 CVE-2020-16035 CVE-2020-16036 ---- Update to 86.0.4240.198. Fixes the following security issues: CVE-2020-16013 CVE-2020-16016 CVE-2020-16017 ---- Update to 86.0.4240.183. Fixes the following security issues: CVE-2020-16004 CVE-2020-16005 CVE-2020-16006 CVE-2020-16008 CVE-2020-16009 Also disables the very verbose output going to stdout. -------------------------------------------------------------------------------- ChangeLog:
* Wed Nov 18 2020 Tom Callaway spot@fedoraproject.org - 87.0.4280.66-1 - update to 87.0.4280.66 * Thu Nov 12 2020 Jeff Law law@fedoraproject.org - 86.0.4240.198-1 - Fix missing #inclues for gcc-11 - Fix bogus volatile caught by gcc-11 * Thu Nov 12 2020 Tom Callaway spot@fedoraproject.org - 86.0.4240.198-1 - update to 86.0.4240.198 * Tue Nov 10 2020 Tom Callaway spot@fedoraproject.org - 86.0.4240.193-1 - update to 86.0.4240.193 * Wed Nov 4 2020 Tom Callaway spot@fedoraproject.org - 86.0.4240.183-1 - update to 86.0.4240.183 * Mon Nov 2 2020 Tom Callaway spot@fedoraproject.org - 86.0.4240.111-2 - fix conditional typo that was causing console logging to be turned on -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1894197 - CVE-2020-16004 chromium-browser: Use after free in user interface https://bugzilla.redhat.com/show_bug.cgi?id=1894197 [ 2 ] Bug #1894198 - CVE-2020-16005 chromium-browser: Insufficient policy enforcement in ANGLE https://bugzilla.redhat.com/show_bug.cgi?id=1894198 [ 3 ] Bug #1894199 - CVE-2020-16006 chromium-browser: Inappropriate implementation in V8 https://bugzilla.redhat.com/show_bug.cgi?id=1894199 [ 4 ] Bug #1894201 - CVE-2020-16008 chromium-browser: Stack buffer overflow in WebRTC https://bugzilla.redhat.com/show_bug.cgi?id=1894201 [ 5 ] Bug #1894202 - CVE-2020-16009 chromium-browser: Inappropriate implementation in V8 https://bugzilla.redhat.com/show_bug.cgi?id=1894202 [ 6 ] Bug #1896641 - CVE-2020-16016 chromium-browser: Inappropriate implementation in base https://bugzilla.redhat.com/show_bug.cgi?id=1896641 [ 7 ] Bug #1897206 - CVE-2020-16013 chromium-browser: Inappropriate implementation in V8 https://bugzilla.redhat.com/show_bug.cgi?id=1897206 [ 8 ] Bug #1897207 - CVE-2020-16017 chromium-browser: Use after free in site isolation https://bugzilla.redhat.com/show_bug.cgi?id=1897207 [ 9 ] Bug #1899222 - CVE-2020-16018 chromium-browser: Use after free in payments https://bugzilla.redhat.com/show_bug.cgi?id=1899222 [ 10 ] Bug #1899223 - CVE-2020-16019 chromium-browser: Inappropriate implementation in filesystem https://bugzilla.redhat.com/show_bug.cgi?id=1899223 [ 11 ] Bug #1899224 - CVE-2020-16020 chromium-browser: Inappropriate implementation in cryptohome https://bugzilla.redhat.com/show_bug.cgi?id=1899224 [ 12 ] Bug #1899225 - CVE-2020-16021 chromium-browser: Race in ImageBurner https://bugzilla.redhat.com/show_bug.cgi?id=1899225 [ 13 ] Bug #1899226 - CVE-2020-16022 chromium-browser: Insufficient policy enforcement in networking https://bugzilla.redhat.com/show_bug.cgi?id=1899226 [ 14 ] Bug #1899227 - CVE-2020-16015 chromium-browser: Insufficient data validation in WASM https://bugzilla.redhat.com/show_bug.cgi?id=1899227 [ 15 ] Bug #1899228 - CVE-2020-16014 chromium-browser: Use after free in PPAPI https://bugzilla.redhat.com/show_bug.cgi?id=1899228 [ 16 ] Bug #1899229 - CVE-2020-16023 chromium-browser: Use after free in WebCodecs https://bugzilla.redhat.com/show_bug.cgi?id=1899229 [ 17 ] Bug #1899230 - CVE-2020-16024 chromium-browser: Heap buffer overflow in UI https://bugzilla.redhat.com/show_bug.cgi?id=1899230 [ 18 ] Bug #1899231 - CVE-2020-16025 chromium-browser: Heap buffer overflow in clipboard https://bugzilla.redhat.com/show_bug.cgi?id=1899231 [ 19 ] Bug #1899232 - CVE-2020-16026 chromium-browser: Use after free in WebRTC https://bugzilla.redhat.com/show_bug.cgi?id=1899232 [ 20 ] Bug #1899233 - CVE-2020-16027 chromium-browser: Insufficient policy enforcement in developer tools https://bugzilla.redhat.com/show_bug.cgi?id=1899233 [ 21 ] Bug #1899234 - CVE-2020-16028 chromium-browser: Heap buffer overflow in WebRTC https://bugzilla.redhat.com/show_bug.cgi?id=1899234 [ 22 ] Bug #1899235 - CVE-2020-16029 chromium-browser: Inappropriate implementation in PDFium https://bugzilla.redhat.com/show_bug.cgi?id=1899235 [ 23 ] Bug #1899237 - CVE-2020-16030 chromium-browser: Insufficient data validation in Blink https://bugzilla.redhat.com/show_bug.cgi?id=1899237 [ 24 ] Bug #1899239 - CVE-2019-8075 flash-plugin: Same origin policy bypass leading to information disclosure https://bugzilla.redhat.com/show_bug.cgi?id=1899239 [ 25 ] Bug #1899240 - CVE-2020-16031 chromium-browser: Incorrect security UI in tab preview https://bugzilla.redhat.com/show_bug.cgi?id=1899240 [ 26 ] Bug #1899241 - CVE-2020-16032 chromium-browser: Incorrect security UI in sharing https://bugzilla.redhat.com/show_bug.cgi?id=1899241 [ 27 ] Bug #1899242 - CVE-2020-16033 chromium-browser: Incorrect security UI in WebUSB https://bugzilla.redhat.com/show_bug.cgi?id=1899242 [ 28 ] Bug #1899243 - CVE-2020-16034 chromium-browser: Inappropriate implementation in WebRTC https://bugzilla.redhat.com/show_bug.cgi?id=1899243 [ 29 ] Bug #1899244 - CVE-2020-16035 chromium-browser: Insufficient data validation in cros-disks https://bugzilla.redhat.com/show_bug.cgi?id=1899244 [ 30 ] Bug #1899245 - CVE-2020-16036 chromium-browser: Inappropriate implementation in cookies https://bugzilla.redhat.com/show_bug.cgi?id=1899245 --------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-3e005ce2e0' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------