Fedora 25: 2017-dc7ce3b314 Critical: chromium-native_client Issues
fedora
May 23, 2017
Update to chromium 58
Summary
Google's "pnacl" toolchain for native client support in Chromium. Depends on
their older "nacl" toolchain, packaged separately.
Update to chromium 58. Move chrome-remote-desktop to user systemd service.
Security fixes for CVE-2017-5068, CVE-2017-5057, CVE-2017-5058, CVE-2017-5059,
CVE-2017-5060, CVE-2017-5061, CVE-2017-5062, CVE-2017-5063, CVE-2017-5064,
CVE-2017-5065, CVE-2017-5066, CVE-2017-5067, CVE-2017-5069
[ 1 ] Bug #1443850 - CVE-2017-5069 chromium-browser: cross-origin bypass in blink
https://bugzilla.redhat.com/show_bug.cgi?id=1443850
[ 2 ] Bug #1443849 - CVE-2017-5067 chromium-browser: url spoofing in omnibox
https://bugzilla.redhat.com/show_bug.cgi?id=1443849
[ 3 ] Bug #1443848 - CVE-2017-5066 chromium-browser: incorrect signature handing in networking
https://bugzilla.redhat.com/show_bug.cgi?id=1443848
[ 4 ] Bug #1443847 - CVE-2017-5065 chromium-browser: incorrect ui in blink
https://bugzilla.redhat.com/show_bug.cgi?id=1443847
[ 5 ] Bug #1443845 - CVE-2017-5064 chromium-browser: use after free in blink
https://bugzilla.redhat.com/show_bug.cgi?id=1443845
[ 6 ] Bug #1443841 - CVE-2017-5063 chromium-browser: heap overflow in skia
https://bugzilla.redhat.com/show_bug.cgi?id=1443841
[ 7 ] Bug #1443840 - CVE-2017-5062 chromium-browser: use after free in chrome apps
https://bugzilla.redhat.com/show_bug.cgi?id=1443840
[ 8 ] Bug #1443839 - CVE-2017-5061 chromium-browser: url spoofing in omnibox
https://bugzilla.redhat.com/show_bug.cgi?id=1443839
[ 9 ] Bug #1443838 - CVE-2017-5060 chromium-browser: url spoofing in omnibox
https://bugzilla.redhat.com/show_bug.cgi?id=1443838
[ 10 ] Bug #1443837 - CVE-2017-5059 chromium-browser: type confusion in blink
https://bugzilla.redhat.com/show_bug.cgi?id=1443837
[ 11 ] Bug #1443836 - CVE-2017-5058 chromium-browser: heap use after free in print preview
https://bugzilla.redhat.com/show_bug.cgi?id=1443836
[ 12 ] Bug #1443835 - CVE-2017-5057 chromium-browser: type confusion in pdfium
https://bugzilla.redhat.com/show_bug.cgi?id=1443835
[ 13 ] Bug #1448031 - CVE-2017-5068 chromium-browser: race condition in webrtc
https://bugzilla.redhat.com/show_bug.cgi?id=1448031
su -c 'dnf upgrade chromium-native_client' at the command line.
For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/security/
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Change Log
References
Update Instructions
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Product: Fedora 25
Version: 58.0.3029.81
Release: 1.20170421gitc948e9b.fc25
Summary: Google Native Client Toolchain
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!