-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2022-0102ccc2a2 2022-07-28 01:29:59.622167 --------------------------------------------------------------------------------
Name : chromium Product : Fedora 35 Version : 103.0.5060.114 Release : 1.fc35 URL : http://www.chromium.org/Home Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use Description : Chromium is an open-source web browser, powered by WebKit (Blink).
-------------------------------------------------------------------------------- Update Information:
Update to 103.0.5060.114. Fixes: CVE-2022-2156 CVE-2022-2157 CVE-2022-2158 CVE-2022-2160 CVE-2022-2161 CVE-2022-2162 CVE-2022-2163 CVE-2022-2164 CVE-2022-2165 CVE-2022-2294 CVE-2022-2295 CVE-2022-2296 -------------------------------------------------------------------------------- ChangeLog:
* Wed Jul 13 2022 Tom Callaway spot@fedoraproject.org - 103.0.5060.114-1 - update to 103.0.5060.114 * Wed Jun 22 2022 Tom Callaway spot@fedoraproject.org - 103.0.5060.53-1 - update to 103.0.5060.53 * Thu Jun 16 2022 Tom Callaway spot@fedoraproject.org - 102.0.5005.115-2 - fix minizip Requires for EL9 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2099947 - CVE-2022-2156 chromium-browser: Use after free in Base https://bugzilla.redhat.com/show_bug.cgi?id=2099947 [ 2 ] Bug #2099948 - CVE-2022-2157 chromium-browser: Use after free in Interest groups https://bugzilla.redhat.com/show_bug.cgi?id=2099948 [ 3 ] Bug #2099949 - CVE-2022-2158 chromium-browser: Type Confusion in V8 https://bugzilla.redhat.com/show_bug.cgi?id=2099949 [ 4 ] Bug #2099950 - CVE-2022-2160 chromium-browser: Insufficient policy enforcement in DevTools https://bugzilla.redhat.com/show_bug.cgi?id=2099950 [ 5 ] Bug #2099951 - CVE-2022-2161 chromium-browser: Use after free in WebApp Provider https://bugzilla.redhat.com/show_bug.cgi?id=2099951 [ 6 ] Bug #2099952 - CVE-2022-2162 chromium-browser: Insufficient policy enforcement in File System API https://bugzilla.redhat.com/show_bug.cgi?id=2099952 [ 7 ] Bug #2099953 - CVE-2022-2163 chromium-browser: Use after free in Cast UI and Toolbar https://bugzilla.redhat.com/show_bug.cgi?id=2099953 [ 8 ] Bug #2099954 - CVE-2022-2164 chromium-browser: Inappropriate implementation in Extensions API https://bugzilla.redhat.com/show_bug.cgi?id=2099954 [ 9 ] Bug #2099955 - CVE-2022-2165 chromium-browser: Insufficient data validation in URL formatting https://bugzilla.redhat.com/show_bug.cgi?id=2099955 [ 10 ] Bug #2103854 - CVE-2022-2294 chromium-browser: Heap buffer overflow in WebRTC https://bugzilla.redhat.com/show_bug.cgi?id=2103854 [ 11 ] Bug #2103855 - CVE-2022-2295 chromium-browser: Type Confusion in V8 https://bugzilla.redhat.com/show_bug.cgi?id=2103855 [ 12 ] Bug #2103856 - CVE-2022-2296 chromium-browser: Use after free in Chrome OS Shell https://bugzilla.redhat.com/show_bug.cgi?id=2103856 --------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-0102ccc2a2' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------
package-announce@lists.fedoraproject.org