Fedora 26: 2017:1563-1 Critical: Chromium Address Spoofing Issues
fedora
June 26, 2017
Chromium 59
Summary
Google's "pnacl" toolchain for native client support in Chromium. Depends on
their older "nacl" toolchain, packaged separately.
Chromium 59. Add smaller logo files. Fix lots of security bugs: Security fix for
CVE-2017-5070, CVE-2017-5071, CVE-2017-5072, CVE-2017-5073, CVE-2017-5074,
CVE-2017-5075, CVE-2017-5086, CVE-2017-5076, CVE-2017-5077, CVE-2017-5078,
CVE-2017-5079, CVE-2017-5080, CVE-2017-5081, CVE-2017-5082, CVE-2017-5083,
CVE-2017-5085
[ 1 ] Bug #1459037 - CVE-2017-5085 chromium-browser: inappropriate javascript execution on webui pages
https://bugzilla.redhat.com/show_bug.cgi?id=1459037
[ 2 ] Bug #1459036 - CVE-2017-5083 chromium-browser: ui spoofing in blink
https://bugzilla.redhat.com/show_bug.cgi?id=1459036
[ 3 ] Bug #1459035 - CVE-2017-5082 chromium-browser: insufficient hardening in credit card editor
https://bugzilla.redhat.com/show_bug.cgi?id=1459035
[ 4 ] Bug #1459034 - CVE-2017-5081 chromium-browser: extension verification bypass
https://bugzilla.redhat.com/show_bug.cgi?id=1459034
[ 5 ] Bug #1459033 - CVE-2017-5080 chromium-browser: use after free in credit card autofill
https://bugzilla.redhat.com/show_bug.cgi?id=1459033
[ 6 ] Bug #1459032 - CVE-2017-5079 chromium-browser: ui spoofing in blink
https://bugzilla.redhat.com/show_bug.cgi?id=1459032
[ 7 ] Bug #1459031 - CVE-2017-5078 chromium-browser: possible command injection in mailto handling
https://bugzilla.redhat.com/show_bug.cgi?id=1459031
[ 8 ] Bug #1459030 - CVE-2017-5077 chromium-browser: heap buffer overflow in skia
https://bugzilla.redhat.com/show_bug.cgi?id=1459030
[ 9 ] Bug #1459029 - CVE-2017-5076 chromium-browser: address spoofing in omnibox
https://bugzilla.redhat.com/show_bug.cgi?id=1459029
[ 10 ] Bug #1459028 - CVE-2017-5086 chromium-browser: address spoofing in omnibox
https://bugzilla.redhat.com/show_bug.cgi?id=1459028
[ 11 ] Bug #1459027 - CVE-2017-5075 chromium-browser: information leak in csp reporting
https://bugzilla.redhat.com/show_bug.cgi?id=1459027
[ 12 ] Bug #1459025 - CVE-2017-5074 chromium-browser: use after free in apps bluetooth
https://bugzilla.redhat.com/show_bug.cgi?id=1459025
[ 13 ] Bug #1459024 - CVE-2017-5073 chromium-browser: use after free in print preview
https://bugzilla.redhat.com/show_bug.cgi?id=1459024
[ 14 ] Bug #1459023 - CVE-2017-5072 chromium-browser: address spoofing in omnibox
https://bugzilla.redhat.com/show_bug.cgi?id=1459023
[ 15 ] Bug #1459022 - CVE-2017-5071 chromium-browser: out of bounds read in v8
https://bugzilla.redhat.com/show_bug.cgi?id=1459022
[ 16 ] Bug #1459021 - CVE-2017-5070 chromium-browser: type confusion in v8
https://bugzilla.redhat.com/show_bug.cgi?id=1459021
su -c 'dnf upgrade chromium-native_client' at the command line.
For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/security/
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Topics Covered
Change Log
References
Update Instructions
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Product: Fedora 26
Version: 59.0.3071.86
Release: 1.20170607gitaac1de2.fc26
Summary: Google Native Client Toolchain
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!