[SECURITY] Fedora 39 Update: chromium-117.0.5938.132-2.fc39

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2023-c890266d3f 2023-10-02 00:15:10.165451 --------------------------------------------------------------------------------

Name : chromium Product : Fedora 39 Version : 117.0.5938.132 Release : 2.fc39 URL : http://www.chromium.org/Home Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use Description : Chromium is an open-source web browser, powered by WebKit (Blink).

-------------------------------------------------------------------------------- Update Information:

update to 117.0.5938.132. Fixes following security issues: CVE-2023-5129 CVE-2023-5186 ---- Update to 117.0.5938.92. ---- update to 117.0.5938.88 ---- update to 117.0.5938.62. Fixes following security issues: CVE-2023-4900 CVE-2023-4901 CVE-2023-4902 CVE-2023-4903 CVE-2023-4904 CVE-2023-4905 CVE-2023-4906 CVE-2023-4907 CVE-2023-4908 CVE-2023-4909 ---- update to 116.0.5845.187. Fixes following security issue: CVE-2023-4863 -------------------------------------------------------------------------------- ChangeLog:

* Fri Sep 29 2023 Than Ngo than@redhat.com - 117.0.5938.132-2 - add workaround for the crash on BTI capable system * Thu Sep 28 2023 Than Ngo than@redhat.com - 117.0.5938.132-1 - update to 117.0.5938.132 - CVE-2023-5217, heap buffer overflow in vp8 encoding in libvpx. - CVE-2023-5186, use after free in Passwords. - CVE-2023-5187, use after free in Extensions. ��� * Sat Sep 23 2023 Than Ngo than@redhat.com - 117.0.5938.92-2 - backport upstream patch to fix memory leak * Fri Sep 22 2023 Than Ngo than@redhat.com - 117.0.5938.92-1 - update to 117.0.5938.92 * Sun Sep 17 2023 Than Ngo than@redhat.com - 117.0.5938.88-1 - update to 117.0.5938.88 * Wed Sep 13 2023 Than Ngo than@redhat.com - 117.0.5938.62-1 - update to 117.0.5938.62 * Tue Sep 12 2023 Than Ngo than@redhat.com - 116.0.5845.187-1 - update to 116.0.5845.187 -------------------------------------------------------------------------------- References:

[ 1 ] Bug #2238432 - CVE-2023-4863 chromium: chromium-browser: Heap buffer overflow in WebP [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2238432 [ 2 ] Bug #2238433 - CVE-2023-4863 chromium: chromium-browser: Heap buffer overflow in WebP [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2238433 [ 3 ] Bug #2238832 - CVE-2023-4900 CVE-2023-4901 CVE-2023-4902 CVE-2023-4903 CVE-2023-4904 CVE-2023-4905 CVE-2023-4906 CVE-2023-4907 CVE-2023-4908 CVE-2023-4909 chromium: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2238832 [ 4 ] Bug #2238833 - CVE-2023-4900 CVE-2023-4901 CVE-2023-4902 CVE-2023-4903 CVE-2023-4904 CVE-2023-4905 CVE-2023-4906 CVE-2023-4907 CVE-2023-4908 CVE-2023-4909 chromium: various flaws [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2238833 [ 5 ] Bug #2239523 - chromium chrashes with SIGILL on BTI capable systems (Apple M2) https://bugzilla.redhat.com/show_bug.cgi?id=2239523 [ 6 ] Bug #2241119 - CVE-2023-5129 chromium: libwebp: out-of-bounds write with a specially crafted WebP lossless file [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2241119 [ 7 ] Bug #2241120 - CVE-2023-5129 chromium: libwebp: out-of-bounds write with a specially crafted WebP lossless file [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2241120 [ 8 ] Bug #2241194 - CVE-2023-5186 CVE-2023-5187 CVE-2023-5217 chromium: various flaws [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2241194 [ 9 ] Bug #2241195 - CVE-2023-5186 CVE-2023-5187 CVE-2023-5217 chromium: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2241195 --------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-c890266d3f' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------