Fedora 27 Update: Chromium Security Fix for Critical Bugs

Chromium is an open-source web browser, powered by WebKit (Blink).

Security fix for CVE-2017-15398, CVE-2017-15399 ---- Security fix for

CVE-2017-15386 CVE-2017-15387 CVE-2017-15388 CVE-2017-15389 CVE-2017-15390

CVE-2017-15391 CVE-2017-15392 CVE-2017-15393 CVE-2017-15394 CVE-2017-15395

CVE-2017-5124 CVE-2017-5125 CVE-2017-5126 CVE-2017-5127. Build switched to use

gtk3.

[ 1 ] Bug #1510431 - CVE-2017-15399 chromium-browser: use after free in v8

https://bugzilla.redhat.com/show_bug.cgi?id=1510431

[ 2 ] Bug #1510429 - CVE-2017-15398 chromium-browser: stack buffer overflow in quic

https://bugzilla.redhat.com/show_bug.cgi?id=1510429

[ 3 ] Bug #1503550 - CVE-2017-15395 chromium-browser: null pointer dereference in imagecapture

https://bugzilla.redhat.com/show_bug.cgi?id=1503550

[ 4 ] Bug #1503549 - CVE-2017-15394 chromium-browser: url spoofing in extensions ui

https://bugzilla.redhat.com/show_bug.cgi?id=1503549

[ 5 ] Bug #1503548 - CVE-2017-15393 chromium-browser: referrer leak in devtools

https://bugzilla.redhat.com/show_bug.cgi?id=1503548

[ 6 ] Bug #1503547 - CVE-2017-15392 chromium-browser: incorrect registry key handling in platformintegration

https://bugzilla.redhat.com/show_bug.cgi?id=1503547

[ 7 ] Bug #1503546 - CVE-2017-15391 chromium-browser: extension limitation bypass in extensions

https://bugzilla.redhat.com/show_bug.cgi?id=1503546

[ 8 ] Bug #1503545 - CVE-2017-15390 chromium-browser: url spoofing in omnibox

https://bugzilla.redhat.com/show_bug.cgi?id=1503545

[ 9 ] Bug #1503544 - CVE-2017-15389 chromium-browser: url spoofing in omnibox

https://bugzilla.redhat.com/show_bug.cgi?id=1503544

[ 10 ] Bug #1503543 - CVE-2017-15388 chromium-browser: out of bounds read in skia

https://bugzilla.redhat.com/show_bug.cgi?id=1503543

[ 11 ] Bug #1503542 - CVE-2017-15387 chromium-browser: content security bypass

https://bugzilla.redhat.com/show_bug.cgi?id=1503542

[ 12 ] Bug #1503540 - CVE-2017-15386 chromium-browser: ui spoofing in blink

https://bugzilla.redhat.com/show_bug.cgi?id=1503540

[ 13 ] Bug #1503539 - CVE-2017-5133 chromium-browser: out of bounds write in skia

https://bugzilla.redhat.com/show_bug.cgi?id=1503539

[ 14 ] Bug #1503538 - CVE-2017-5131 chromium-browser: out of bounds write in skia

https://bugzilla.redhat.com/show_bug.cgi?id=1503538

[ 15 ] Bug #1503537 - CVE-2017-5130 chromium-browser: heap overflow in libxml2

https://bugzilla.redhat.com/show_bug.cgi?id=1503537

[ 16 ] Bug #1503536 - CVE-2017-5132 chromium-browser: incorrect stack manipulation in webassembly

https://bugzilla.redhat.com/show_bug.cgi?id=1503536

[ 17 ] Bug #1503535 - CVE-2017-5129 chromium-browser: use after free in webaudio

https://bugzilla.redhat.com/show_bug.cgi?id=1503535

[ 18 ] Bug #1503534 - CVE-2017-5128 chromium-browser: heap overflow in webgl

https://bugzilla.redhat.com/show_bug.cgi?id=1503534

[ 19 ] Bug #1503533 - CVE-2017-5127 chromium-browser: use after free in pdfium

https://bugzilla.redhat.com/show_bug.cgi?id=1503533

[ 20 ] Bug #1503532 - CVE-2017-5126 chromium-browser: use after free in pdfium

https://bugzilla.redhat.com/show_bug.cgi?id=1503532

[ 21 ] Bug #1503531 - CVE-2017-5125 chromium-browser: heap overflow in skia

https://bugzilla.redhat.com/show_bug.cgi?id=1503531

[ 22 ] Bug #1503530 - CVE-2017-5124 chromium-browser: uxss with mhtml

https://bugzilla.redhat.com/show_bug.cgi?id=1503530

su -c 'dnf upgrade chromium' at the command line.

For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org