-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-d2b54d5a9d 2024-06-21 12:35:44.241297 --------------------------------------------------------------------------------
Name : chromium Product : Fedora 40 Version : 126.0.6478.114 Release : 1.fc40 URL : http://www.chromium.org/Home Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use Description : Chromium is an open-source web browser, powered by WebKit (Blink).
-------------------------------------------------------------------------------- Update Information:
update to 126.0.6478.114 High CVE-2024-6100: Type Confusion in V8 High CVE-2024-6101: Inappropriate implementation in WebAssembly High CVE-2024-6102: Out of bounds memory access in Dawn High CVE-2024-6103: Use after free in Dawn -------------------------------------------------------------------------------- ChangeLog:
* Wed Jun 19 2024 Than Ngo than@redhat.com - 126.0.6478.114-1 - update to 126.0.6478.114 * High CVE-2024-6100: Type Confusion in V8 * High CVE-2024-6101: Inappropriate implementation in WebAssembly * High CVE-2024-6102: Out of bounds memory access in Dawn * High CVE-2024-6103: Use after free in Dawn -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2292399 - CVE-2024-5171 chromium: libaom: Integer overflow in internal function��img_alloc_helper [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2292399 [ 2 ] Bug #2292403 - CVE-2024-5171 chromium: libaom: Integer overflow in internal function��img_alloc_helper [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2292403 [ 3 ] Bug #2292998 - 126.0.6478.114 available, fixing four High CVEs https://bugzilla.redhat.com/show_bug.cgi?id=2292998 [ 4 ] Bug #2293008 - CVE-2024-6100 CVE-2024-6101 chromium: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2293008 [ 5 ] Bug #2293012 - CVE-2024-6102 chromium: chromium-browser: out of bounds memory access in Dawn [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2293012 [ 6 ] Bug #2293015 - CVE-2024-6103 chromium: chromium-browser: use after free in Dawn [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2293015 --------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-d2b54d5a9d' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------
package-announce@lists.fedoraproject.org