Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 439
Alerts This Week
Warning Icon 1 439

Fedora 26: 2017-f79ae2b96f Critical: Chromium Security Issues

fedora
Calendar Grey August 19, 2017
Dist Fedora Esm H88
Crucial security patch for Chromium on Fedora 26 tackling several severe vulnerabilities.
Chromium 60

Summary

Chromium is an open-source web browser, powered by WebKit (Blink).

Chromium 60. Security fix for CVE-2017-5091, CVE-2017-5092, CVE-2017-5093,

CVE-2017-5094, CVE-2017-5095, CVE-2017-5096, CVE-2017-5097, CVE-2017-5098,

CVE-2017-5099, CVE-2017-5100, CVE-2017-5101, CVE-2017-5102, CVE-2017-5103,

CVE-2017-5104, CVE-2017-7000, CVE-2017-5105, CVE-2017-5106, CVE-2017-5107,

CVE-2017-5108, CVE-2017-5109, CVE-2017-5110. New subpackage -headless.

[ 1 ] Bug #1475213 - CVE-2017-5110 chromium-browser: ui spoofing in payments dialog

https://bugzilla.redhat.com/show_bug.cgi?id=1475213

[ 2 ] Bug #1475212 - CVE-2017-5109 chromium-browser: ui spoofing in browser

https://bugzilla.redhat.com/show_bug.cgi?id=1475212

[ 3 ] Bug #1475211 - CVE-2017-5108 chromium-browser: type confusion in pdfium

https://bugzilla.redhat.com/show_bug.cgi?id=1475211

[ 4 ] Bug #1475210 - CVE-2017-5107 chromium-browser: user information leak via svg

https://bugzilla.redhat.com/show_bug.cgi?id=1475210

[ 5 ] Bug #1475209 - CVE-2017-5106 chromium-browser: url spoofing in omnibox

https://bugzilla.redhat.com/show_bug.cgi?id=1475209

[ 6 ] Bug #1475208 - CVE-2017-5105 chromium-browser: url spoofing in omnibox

https://bugzilla.redhat.com/show_bug.cgi?id=1475208

[ 7 ] Bug #1475207 - CVE-2017-7000 chromium-browser: pointer disclosure in sqlite

https://bugzilla.redhat.com/show_bug.cgi?id=1475207

[ 8 ] Bug #1475206 - CVE-2017-5104 chromium-browser: ui spoofing in browser

https://bugzilla.redhat.com/show_bug.cgi?id=1475206

[ 9 ] Bug #1475205 - CVE-2017-5103 chromium-browser: uninitialized use in skia

https://bugzilla.redhat.com/show_bug.cgi?id=1475205

[ 10 ] Bug #1475204 - CVE-2017-5102 chromium-browser: uninitialized use in skia

https://bugzilla.redhat.com/show_bug.cgi?id=1475204

[ 11 ] Bug #1475203 - CVE-2017-5101 chromium-browser: url spoofing in omnibox

https://bugzilla.redhat.com/show_bug.cgi?id=1475203

[ 12 ] Bug #1475202 - CVE-2017-5100 chromium-browser: use after free in chrome apps

https://bugzilla.redhat.com/show_bug.cgi?id=1475202

[ 13 ] Bug #1475201 - CVE-2017-5099 chromium-browser: out-of-bounds write in ppapi

https://bugzilla.redhat.com/show_bug.cgi?id=1475201

[ 14 ] Bug #1475200 - CVE-2017-5098 chromium-browser: use after free in v8

https://bugzilla.redhat.com/show_bug.cgi?id=1475200

[ 15 ] Bug #1475199 - CVE-2017-5097 chromium-browser: out-of-bounds read in skia

https://bugzilla.redhat.com/show_bug.cgi?id=1475199

[ 16 ] Bug #1475198 - CVE-2017-5096 chromium-browser: user information leak via android intents

https://bugzilla.redhat.com/show_bug.cgi?id=1475198

[ 17 ] Bug #1475197 - CVE-2017-5095 chromium-browser: out-of-bounds write in pdfium

https://bugzilla.redhat.com/show_bug.cgi?id=1475197

[ 18 ] Bug #1475196 - CVE-2017-5094 chromium-browser: type confusion in extensions

https://bugzilla.redhat.com/show_bug.cgi?id=1475196

[ 19 ] Bug #1475195 - CVE-2017-5093 chromium-browser: ui spoofing in blink

https://bugzilla.redhat.com/show_bug.cgi?id=1475195

[ 20 ] Bug #1475194 - CVE-2017-5092 chromium-browser: use after free in ppapi

https://bugzilla.redhat.com/show_bug.cgi?id=1475194

[ 21 ] Bug #1475193 - CVE-2017-5091 chromium-browser: use after free in indexeddb

https://bugzilla.redhat.com/show_bug.cgi?id=1475193

su -c 'dnf upgrade chromium' at the command line.

For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 26
Version: 60.0.3112.90
Release: 1.fc26
Summary: A WebKit (Blink) powered web browser

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.