--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2018-34f7f68029
2018-11-23 02:29:40.055213
--------------------------------------------------------------------------------
Name : chromium
Product : Fedora 29
Version : 70.0.3538.77
Release : 4.fc29
URL :
http://www.chromium.org/Home
Summary : A WebKit (Blink) powered web browser
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).
--------------------------------------------------------------------------------
Update Information:
Update to chromium 70.0.3538.77. Fixes CVE-2018-16435 CVE-2018-17462
CVE-2018-17463 CVE-2018-17464 CVE-2018-17465 CVE-2018-17466 CVE-2018-17467
CVE-2018-17468 CVE-2018-17469 CVE-2018-17470 CVE-2018-17471 CVE-2018-17473
CVE-2018-17474 CVE-2018-17475 CVE-2018-17476 CVE-2018-5179 CVE-2018-17477
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 7 2018 Tom Callaway <spot(a)fedoraproject.org> - 70.0.3538.77-4
- fix library requires filtering
* Tue Nov 6 2018 Tom Callaway <spot(a)fedoraproject.org> - 70.0.3538.77-3
- fix build with harfbuzz2 in rawhide
* Mon Nov 5 2018 Tom Callaway <spot(a)fedoraproject.org> - 70.0.3538.77-2
- drop jumbo_file_merge_limit to 8 to (hopefully) avoid OOMs on aarch64
* Fri Nov 2 2018 Tom Callaway <spot(a)fedoraproject.org> - 70.0.3538.77-1
- .77 came out while I was working on this. :/
* Fri Nov 2 2018 Tom Callaway <spot(a)fedoraproject.org> - 70.0.3538.67-1
- update to 70
* Tue Oct 16 2018 Tom Callaway <spot(a)fedoraproject.org> - 69.0.3497.100-2
- do not play with fonts on freeworld builds
* Thu Oct 4 2018 Tom Callaway <spot(a)fedoraproject.org> - 69.0.3497.100-1
- update to 69.0.3497.100
* Wed Sep 12 2018 Tom Callaway <spot(a)fedoraproject.org> - 69.0.3497.92-1
- update to 69.0.3497.92
* Wed Sep 5 2018 Tom Callaway <spot(a)fedoraproject.org> - 69.0.3497.81-1
- update to 69.0.3497.81
* Tue Aug 28 2018 Patrik Novotn�� <panovotn(a)redhat.com> - 68.0.3440.106-4
- change requires to minizip-compat(-devel), rhbz#1609830, rhbz#1615381
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1640118 - chromium-browser: Heap buffer overflow in lcms in PDFium
https://bugzilla.redhat.com/show_bug.cgi?id=1640118
[ 2 ] Bug #1640115 - CVE-2018-17477 chromium-browser: UI spoof in Extensions
https://bugzilla.redhat.com/show_bug.cgi?id=1640115
[ 3 ] Bug #1640114 - CVE-2018-5179 chromium-browser: Lack of limits on update() in
ServiceWorker
https://bugzilla.redhat.com/show_bug.cgi?id=1640114
[ 4 ] Bug #1640113 - CVE-2018-17476 chromium-browser: Security UI occlusion in full
screen mode
https://bugzilla.redhat.com/show_bug.cgi?id=1640113
[ 5 ] Bug #1640112 - CVE-2018-17475 chromium-browser: URL spoof in Omnibox
https://bugzilla.redhat.com/show_bug.cgi?id=1640112
[ 6 ] Bug #1640111 - CVE-2018-17474 chromium-browser: Use after free in Blink
https://bugzilla.redhat.com/show_bug.cgi?id=1640111
[ 7 ] Bug #1640110 - CVE-2018-17473 chromium-browser: URL spoof in Omnibox
https://bugzilla.redhat.com/show_bug.cgi?id=1640110
[ 8 ] Bug #1640108 - CVE-2018-17472 chromium-browser: iframe sandbox escape on iOS
https://bugzilla.redhat.com/show_bug.cgi?id=1640108
[ 9 ] Bug #1640107 - CVE-2018-17471 chromium-browser: Security UI occlusion in full
screen mode
https://bugzilla.redhat.com/show_bug.cgi?id=1640107
[ 10 ] Bug #1640106 - CVE-2018-17470 chromium-browser: Memory corruption in GPU
Internals
https://bugzilla.redhat.com/show_bug.cgi?id=1640106
[ 11 ] Bug #1640105 - CVE-2018-17469 chromium-browser: Heap buffer overflow in PDFium
https://bugzilla.redhat.com/show_bug.cgi?id=1640105
[ 12 ] Bug #1640104 - CVE-2018-17468 chromium-browser: Cross-origin URL disclosure in
Blink
https://bugzilla.redhat.com/show_bug.cgi?id=1640104
[ 13 ] Bug #1640103 - CVE-2018-17467 chromium-browser: URL spoof in Omnibox
https://bugzilla.redhat.com/show_bug.cgi?id=1640103
[ 14 ] Bug #1640102 - CVE-2018-17466 chromium-browser: Memory corruption in Angle
https://bugzilla.redhat.com/show_bug.cgi?id=1640102
[ 15 ] Bug #1640101 - CVE-2018-17465 chromium-browser: Use after free in V8
https://bugzilla.redhat.com/show_bug.cgi?id=1640101
[ 16 ] Bug #1640100 - CVE-2018-17464 chromium-browser: URL spoof in Omnibox
https://bugzilla.redhat.com/show_bug.cgi?id=1640100
[ 17 ] Bug #1640099 - CVE-2018-17463 chromium-browser: Remote code execution in V8
https://bugzilla.redhat.com/show_bug.cgi?id=1640099
[ 18 ] Bug #1640098 - CVE-2018-17462 chromium-browser: Sandbox escape in AppCache
https://bugzilla.redhat.com/show_bug.cgi?id=1640098
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2018-34f7f68029' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------