-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2022-49b52819a4 2022-03-14 22:25:14.381987 --------------------------------------------------------------------------------
Name : chromium Product : Fedora 34 Version : 99.0.4844.51 Release : 1.fc34 URL : http://www.chromium.org/Home Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use Description : Chromium is an open-source web browser, powered by WebKit (Blink).
-------------------------------------------------------------------------------- Update Information:
Update Chromium to 99.0.4844.51. Fixes, well, a LOT of security bugs. Sorry about that. CVE-2021-22570 CVE-2022-0096 CVE-2022-0097 CVE-2022-0098 CVE-2022-0099 CVE-2022-0100 CVE-2022-0101 CVE-2022-0102 CVE-2022-0103 CVE-2022-0104 CVE-2022-0105 CVE-2022-0106 CVE-2022-0107 CVE-2022-0108 CVE-2022-0109 CVE-2022-0110 CVE-2022-0111 CVE-2022-0112 CVE-2022-0113 CVE-2022-0114 CVE-2022-0115 CVE-2022-0116 CVE-2022-0117 CVE-2022-0118 CVE-2022-0120 CVE-2022-0789 CVE-2022-0790 CVE-2022-0791 CVE-2022-0792 CVE-2022-0793 CVE-2022-0794 CVE-2022-0795 CVE-2022-0796 CVE-2022-0797 CVE-2022-0798 CVE-2022-0799 CVE-2022-0800 CVE-2022-0801 CVE-2022-0802 CVE-2022-0803 CVE-2022-0804 CVE-2022-0805 CVE-2022-0806 CVE-2022-0807 CVE-2022-0808 CVE-2022-0809 -------------------------------------------------------------------------------- ChangeLog:
* Sat Mar 5 2022 Tom Callaway spot@fedoraproject.org - 99.0.4844.5-1 - update to 99.0.4844.5 * Fri Feb 25 2022 Tom Callaway spot@fedoraproject.org - 98.0.4758.102-1 - update to 98.0.4758.102 - fix build issue with subzero and gcc12 * Tue Feb 8 2022 Tom Callaway spot@fedoraproject.org - 98.0.4758.80-1 - update to 98.0.4758.80 * Sat Feb 5 2022 Jiri Vanek jvanek@redhat.com - 96.0.4664.110-9 - Rebuilt for java-17-openjdk as system jdk * Wed Jan 19 2022 Fedora Release Engineering releng@fedoraproject.org - 96.0.4664.110-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild * Wed Jan 5 2022 Tom Callaway spot@fedoraproject.org - 96.0.4664.110-7 - i hate regex. trying again * Tue Jan 4 2022 Tom Callaway spot@fedoraproject.org - 96.0.4664.110-6 - always filter provides, was previously inside conditional for shared builds * Mon Jan 3 2022 Tom Callaway spot@fedoraproject.org - 96.0.4664.110-5 - fix provides filtering to be more inclusive (and work properly) * Thu Dec 30 2021 Tom Callaway spot@fedoraproject.org - 96.0.4664.110-4 - package up more swiftshader/angle stuff - move swiftshader files to -common so headless can use them -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2037457 - CVE-2022-0096 chromium-browser: Use after free in Storage https://bugzilla.redhat.com/show_bug.cgi?id=2037457 [ 2 ] Bug #2037458 - CVE-2022-0097 chromium-browser: Inappropriate implementation in DevTools https://bugzilla.redhat.com/show_bug.cgi?id=2037458 [ 3 ] Bug #2037459 - CVE-2022-0098 chromium-browser: Use after free in Screen Capture https://bugzilla.redhat.com/show_bug.cgi?id=2037459 [ 4 ] Bug #2037460 - CVE-2022-0099 chromium-browser: Use after free in Sign-in https://bugzilla.redhat.com/show_bug.cgi?id=2037460 [ 5 ] Bug #2037461 - CVE-2022-0100 chromium-browser: Heap buffer overflow in Media streams API https://bugzilla.redhat.com/show_bug.cgi?id=2037461 [ 6 ] Bug #2037462 - CVE-2022-0101 chromium-browser: Heap buffer overflow in Bookmarks https://bugzilla.redhat.com/show_bug.cgi?id=2037462 [ 7 ] Bug #2037463 - CVE-2022-0102 chromium-browser: Type Confusion in V8 https://bugzilla.redhat.com/show_bug.cgi?id=2037463 [ 8 ] Bug #2037464 - CVE-2022-0103 chromium-browser: Use after free in SwiftShader https://bugzilla.redhat.com/show_bug.cgi?id=2037464 [ 9 ] Bug #2037465 - CVE-2022-0104 chromium-browser: Heap buffer overflow in ANGLE https://bugzilla.redhat.com/show_bug.cgi?id=2037465 [ 10 ] Bug #2037466 - CVE-2022-0105 chromium-browser: Use after free in PDF https://bugzilla.redhat.com/show_bug.cgi?id=2037466 [ 11 ] Bug #2037467 - CVE-2022-0106 chromium-browser: Use after free in Autofill https://bugzilla.redhat.com/show_bug.cgi?id=2037467 [ 12 ] Bug #2037468 - CVE-2022-0107 chromium-browser: Use after free in File Manager API https://bugzilla.redhat.com/show_bug.cgi?id=2037468 [ 13 ] Bug #2037469 - CVE-2022-0108 chromium-browser: Inappropriate implementation in Navigation https://bugzilla.redhat.com/show_bug.cgi?id=2037469 [ 14 ] Bug #2037470 - CVE-2022-0109 chromium-browser: Inappropriate implementation in Autofill https://bugzilla.redhat.com/show_bug.cgi?id=2037470 [ 15 ] Bug #2037471 - CVE-2022-0110 chromium-browser: Incorrect security UI in Autofill https://bugzilla.redhat.com/show_bug.cgi?id=2037471 [ 16 ] Bug #2037472 - CVE-2022-0111 chromium-browser: Inappropriate implementation in Navigation https://bugzilla.redhat.com/show_bug.cgi?id=2037472 [ 17 ] Bug #2037473 - CVE-2022-0112 chromium-browser: Incorrect security UI in Browser UI https://bugzilla.redhat.com/show_bug.cgi?id=2037473 [ 18 ] Bug #2037474 - CVE-2022-0113 chromium-browser: Inappropriate implementation in Blink https://bugzilla.redhat.com/show_bug.cgi?id=2037474 [ 19 ] Bug #2037475 - CVE-2022-0114 chromium-browser: Out of bounds memory access in Web Serial https://bugzilla.redhat.com/show_bug.cgi?id=2037475 [ 20 ] Bug #2037476 - CVE-2022-0115 chromium-browser: Uninitialized Use in File API https://bugzilla.redhat.com/show_bug.cgi?id=2037476 [ 21 ] Bug #2037477 - CVE-2022-0116 chromium-browser: Inappropriate implementation in Compositing https://bugzilla.redhat.com/show_bug.cgi?id=2037477 [ 22 ] Bug #2037478 - CVE-2022-0117 chromium-browser: Policy bypass in Service Workers https://bugzilla.redhat.com/show_bug.cgi?id=2037478 [ 23 ] Bug #2037479 - CVE-2022-0118 chromium-browser: Inappropriate implementation in WebShare https://bugzilla.redhat.com/show_bug.cgi?id=2037479 [ 24 ] Bug #2037480 - CVE-2022-0120 chromium-browser: Inappropriate implementation in Passwords https://bugzilla.redhat.com/show_bug.cgi?id=2037480 [ 25 ] Bug #2049429 - CVE-2021-22570 protobuf: Incorrect parsing of nullchar in the proto symbol leads to Nullptr dereference https://bugzilla.redhat.com/show_bug.cgi?id=2049429 [ 26 ] Bug #2059898 - CVE-2022-0789 chromium-browser: Heap buffer overflow in ANGLE https://bugzilla.redhat.com/show_bug.cgi?id=2059898 [ 27 ] Bug #2059900 - CVE-2022-0791 chromium-browser: Use after free in Omnibox https://bugzilla.redhat.com/show_bug.cgi?id=2059900 [ 28 ] Bug #2059901 - CVE-2022-0792 chromium-browser: Out of bounds read in ANGLE https://bugzilla.redhat.com/show_bug.cgi?id=2059901 [ 29 ] Bug #2059902 - CVE-2022-0793 chromium-browser: Use after free in Views https://bugzilla.redhat.com/show_bug.cgi?id=2059902 [ 30 ] Bug #2059905 - CVE-2022-0796 chromium-browser: Use after free in Media https://bugzilla.redhat.com/show_bug.cgi?id=2059905 [ 31 ] Bug #2059910 - CVE-2022-0801 chromium-browser: Inappropriate implementation in HTML parser https://bugzilla.redhat.com/show_bug.cgi?id=2059910 [ 32 ] Bug #2059911 - CVE-2022-0802 chromium-browser: Inappropriate implementation in Full screen mode https://bugzilla.redhat.com/show_bug.cgi?id=2059911 [ 33 ] Bug #2059912 - CVE-2022-0803 chromium-browser: Inappropriate implementation in Permissions https://bugzilla.redhat.com/show_bug.cgi?id=2059912 [ 34 ] Bug #2059913 - CVE-2022-0804 chromium-browser: Inappropriate implementation in Full screen mode https://bugzilla.redhat.com/show_bug.cgi?id=2059913 [ 35 ] Bug #2059914 - CVE-2022-0805 chromium-browser: Use after free in Browser Switcher https://bugzilla.redhat.com/show_bug.cgi?id=2059914 [ 36 ] Bug #2059915 - CVE-2022-0806 chromium-browser: Data leak in Canvas https://bugzilla.redhat.com/show_bug.cgi?id=2059915 [ 37 ] Bug #2059916 - CVE-2022-0807 chromium-browser: Inappropriate implementation in Autofill https://bugzilla.redhat.com/show_bug.cgi?id=2059916 --------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-49b52819a4' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------
package-announce@lists.fedoraproject.org