Fedora 30: chromium FEDORA-2019-2fa7552273

    Date14 Nov 2019
    CategoryFedora
    165
    Posted ByLinuxSecurity Advisories
    Update chromium to 78.0.3904.87. Fixes CVE-2019-13720 and CVE-2019-13721 ---- Chromium 78. Fixes these: CVE-2019-5870 CVE-2019-5871 CVE-2019-5872 CVE-2019-5874 CVE-2019-5875 CVE-2019-13691 CVE-2019-13692 CVE-2019-5876 CVE-2019-5877 CVE-2019-5878 CVE-2019-5879 CVE-2019-5880 CVE-2019-5881 CVE-2019-13659 CVE-2019-13660 CVE-2019-13661 CVE-2019-13662 CVE-2019-13663
    --------------------------------------------------------------------------------
    Fedora Update Notification
    FEDORA-2019-2fa7552273
    2019-11-15 03:54:31.619838
    --------------------------------------------------------------------------------
    
    Name        : chromium
    Product     : Fedora 30
    Version     : 78.0.3904.87
    Release     : 1.fc30
    URL         : http://www.chromium.org/Home
    Summary     : A WebKit (Blink) powered web browser
    Description :
    Chromium is an open-source web browser, powered by WebKit (Blink).
    
    --------------------------------------------------------------------------------
    Update Information:
    
    Update chromium to 78.0.3904.87. Fixes CVE-2019-13720 and CVE-2019-13721   ----
    Chromium 78.   Fixes these: CVE-2019-5870 CVE-2019-5871 CVE-2019-5872
    CVE-2019-5874 CVE-2019-5875 CVE-2019-13691 CVE-2019-13692 CVE-2019-5876
    CVE-2019-5877 CVE-2019-5878 CVE-2019-5879 CVE-2019-5880 CVE-2019-5881
    CVE-2019-13659 CVE-2019-13660 CVE-2019-13661 CVE-2019-13662 CVE-2019-13663
    CVE-2019-13664 CVE-2019-13665 CVE-2019-13666 CVE-2019-13667 CVE-2019-13668
    CVE-2019-13669 CVE-2019-13670 CVE-2019-13671 CVE-2019-13673 CVE-2019-13674
    CVE-2019-13675 CVE-2019-13676 CVE-2019-13677 CVE-2019-13678 CVE-2019-13679
    CVE-2019-13680 CVE-2019-13681 CVE-2019-13682 CVE-2019-13683
    --------------------------------------------------------------------------------
    ChangeLog:
    
    * Fri Nov  1 2019 Tom Callaway  - 78.0.3904.87-1
    - update to 78.0.3904.87
    - apply most of the freeworld changes in PR 23/24/25
    * Wed Oct 23 2019 Tom Callaway  - 78.0.3904.80-1
    - update to 78.0.3904.80
    * Wed Oct 16 2019 Tom Callaway  - 77.0.3865.120-4
    - upstream fix for zlib symbol exports with gcc
    * Wed Oct 16 2019 Tom Callaway  - 77.0.3865.120-3
    - silence outdated build noise (bz1745745)
    * Tue Oct 15 2019 Tom Callaway  - 77.0.3865.120-2
    - fix node handling for EPEL-8
    * Mon Oct 14 2019 Tomas Popela  - 77.0.3865.120-1
    - Update to 77.0.3865.120
    * Thu Oct 10 2019 Tom Callaway  - 77.0.3865.90-4
    - enable aarch64 for EPEL-8
    * Wed Oct  9 2019 Tom Callaway  - 77.0.3865.90-3
    - spec cleanups and changes to make EPEL8 try to build
    * Mon Sep 23 2019 Tomas Popela  - 77.0.3865.90-2
    - Fix the icon
    - Remove quite a few of downstream patches
    - Fix the crashes by backporting an upstream bug
    - Resolves: rhbz#1754179
    * Thu Sep 19 2019 Tomas Popela  - 77.0.3865.90-1
    - Update to 77.0.3865.90
    * Mon Sep 16 2019 Tomas Popela  - 77.0.3865.75-2
    - Update the list of private libraries
    * Fri Sep 13 2019 Tomas Popela  - 77.0.3865.75-1
    - Update to 77.0.3865.75
    * Tue Sep  3 2019 Tomas Popela  - 76.0.3809.132-2
    - Backport patch to fix certificate transparency
    * Tue Aug 27 2019 Tomas Popela  - 76.0.3809.132-1
    - Update to 76.0.3809.132
    * Tue Aug 13 2019 Tomas Popela  - 76.0.3809.100-1
    - Update to 76.0.3809.100
    * Wed Jul 24 2019 Fedora Release Engineering  - 75.0.3770.100-4
    - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
    * Tue Jul  2 2019 Tom Callaway  - 75.0.3770.100-3
    - apply upstream fix to resolve issue where it is dangerous to post a
      task with a RenderProcessHost pointer because the RenderProcessHost
      can go away before the task is run (causing a segfault).
    * Tue Jun 25 2019 Tom Callaway  - 75.0.3770.100-2
    - fix v8 compile with gcc
    * Thu Jun 20 2019 Tom Callaway  - 75.0.3770.100-1
    - update to 75.0.3770.100
    * Fri Jun 14 2019 Tom Callaway  - 75.0.3770.90-1
    - update to 75.0.3770.90
    * Wed Jun  5 2019 Tom Callaway  - 75.0.3770.80-1
    - update to 75.0.3770.80
    - disable vaapi (via conditional), too broken
    * Fri May 31 2019 Tom Callaway  - 74.0.3729.169-1
    - update to 74.0.3729.169
    * Thu Apr 11 2019 Tom Callaway  - 73.0.3683.103-1
    - update to 73.0.3683.103
    - add CLONE_VFORK logic to seccomp filter for linux to handle glibc 2.29 change
    --------------------------------------------------------------------------------
    References:
    
      [ 1 ] Bug #1768578 - CVE-2019-13721 chromium-browser: use-after-free in PDFium
            https://bugzilla.redhat.com/show_bug.cgi?id=1768578
      [ 2 ] Bug #1768586 - CVE-2019-13720 chromium-browser: use-after-free in audio
            https://bugzilla.redhat.com/show_bug.cgi?id=1768586
      [ 3 ] Bug #1762402 - CVE-2019-13682 chromium-browser: Site isolation bypass
            https://bugzilla.redhat.com/show_bug.cgi?id=1762402
      [ 4 ] Bug #1762401 - CVE-2019-13681 chromium-browser: Bypass on download restrictions
            https://bugzilla.redhat.com/show_bug.cgi?id=1762401
      [ 5 ] Bug #1762400 - CVE-2019-13680 chromium-browser: IP address spoofing to servers
            https://bugzilla.redhat.com/show_bug.cgi?id=1762400
      [ 6 ] Bug #1762399 - CVE-2019-13679 chromium-browser: User gesture needed for printing
            https://bugzilla.redhat.com/show_bug.cgi?id=1762399
      [ 7 ] Bug #1762398 - CVE-2019-13678 chromium-browser: Download dialog spoofing
            https://bugzilla.redhat.com/show_bug.cgi?id=1762398
      [ 8 ] Bug #1762397 - CVE-2019-13677 chromium-browser: Chrome web store origin needs to be isolated
            https://bugzilla.redhat.com/show_bug.cgi?id=1762397
      [ 9 ] Bug #1762396 - CVE-2019-13676 chromium-browser: Google URI shown for certificate warning
            https://bugzilla.redhat.com/show_bug.cgi?id=1762396
      [ 10 ] Bug #1762395 - CVE-2019-13675 chromium-browser: Extensions can be disabled by trailing slash
            https://bugzilla.redhat.com/show_bug.cgi?id=1762395
      [ 11 ] Bug #1762394 - CVE-2019-13674 chromium-browser: IDN spoofing
            https://bugzilla.redhat.com/show_bug.cgi?id=1762394
      [ 12 ] Bug #1762393 - CVE-2019-13673 chromium-browser: Cross-origin information leak using devtools
            https://bugzilla.redhat.com/show_bug.cgi?id=1762393
      [ 13 ] Bug #1762392 - CVE-2019-13671 chromium-browser: Dialog box fails to show origin
            https://bugzilla.redhat.com/show_bug.cgi?id=1762392
      [ 14 ] Bug #1762391 - CVE-2019-13670 chromium-browser: V8 memory corruption in regex
            https://bugzilla.redhat.com/show_bug.cgi?id=1762391
      [ 15 ] Bug #1762390 - CVE-2019-13669 chromium-browser: HTTP authentication spoof
            https://bugzilla.redhat.com/show_bug.cgi?id=1762390
      [ 16 ] Bug #1762389 - CVE-2019-13668 chromium-browser: Global window leak via console
            https://bugzilla.redhat.com/show_bug.cgi?id=1762389
      [ 17 ] Bug #1762388 - CVE-2019-13667 chromium-browser: URI bar spoof when using external app URIs
            https://bugzilla.redhat.com/show_bug.cgi?id=1762388
      [ 18 ] Bug #1762387 - CVE-2019-13666 chromium-browser: Side channel using storage size estimate
            https://bugzilla.redhat.com/show_bug.cgi?id=1762387
      [ 19 ] Bug #1762386 - CVE-2019-13665 chromium-browser: Multiple file download protection bypass
            https://bugzilla.redhat.com/show_bug.cgi?id=1762386
      [ 20 ] Bug #1762385 - CVE-2019-13664 chromium-browser: CSRF bypass
            https://bugzilla.redhat.com/show_bug.cgi?id=1762385
      [ 21 ] Bug #1762384 - CVE-2019-13663 chromium-browser: IDN spoof
            https://bugzilla.redhat.com/show_bug.cgi?id=1762384
      [ 22 ] Bug #1762383 - CVE-2019-13662 chromium-browser: CSP bypass
            https://bugzilla.redhat.com/show_bug.cgi?id=1762383
      [ 23 ] Bug #1762382 - CVE-2019-13661 chromium-browser: Full screen notification spoof
            https://bugzilla.redhat.com/show_bug.cgi?id=1762382
      [ 24 ] Bug #1762381 - CVE-2019-13660 chromium-browser: Full screen notification overlap
            https://bugzilla.redhat.com/show_bug.cgi?id=1762381
      [ 25 ] Bug #1762380 - CVE-2019-13659 chromium-browser: URL spoof
            https://bugzilla.redhat.com/show_bug.cgi?id=1762380
      [ 26 ] Bug #1762379 - CVE-2019-5881 chromium-browser: Arbitrary read in SwiftShader
            https://bugzilla.redhat.com/show_bug.cgi?id=1762379
      [ 27 ] Bug #1762378 - CVE-2019-5880 chromium-browser: SameSite cookie bypass
            https://bugzilla.redhat.com/show_bug.cgi?id=1762378
      [ 28 ] Bug #1762377 - CVE-2019-5879 chromium-browser: Extensions can read some local files
            https://bugzilla.redhat.com/show_bug.cgi?id=1762377
      [ 29 ] Bug #1762376 - CVE-2019-5878 chromium-browser: Use-after-free in V8
            https://bugzilla.redhat.com/show_bug.cgi?id=1762376
      [ 30 ] Bug #1762375 - CVE-2019-5877 chromium-browser: Out-of-bounds access in V8
            https://bugzilla.redhat.com/show_bug.cgi?id=1762375
      [ 31 ] Bug #1762374 - CVE-2019-5876 chromium-browser: Use-after-free in media
            https://bugzilla.redhat.com/show_bug.cgi?id=1762374
      [ 32 ] Bug #1762373 - CVE-2019-13692 chromium-browser: SOP bypass
            https://bugzilla.redhat.com/show_bug.cgi?id=1762373
      [ 33 ] Bug #1762372 - CVE-2019-13691 chromium-browser: Omnibox spoof
            https://bugzilla.redhat.com/show_bug.cgi?id=1762372
      [ 34 ] Bug #1762371 - CVE-2019-5875 chromium-browser: URL bar spoof via download redirect
            https://bugzilla.redhat.com/show_bug.cgi?id=1762371
      [ 35 ] Bug #1762370 - CVE-2019-5874 chromium-browser: External URIs may trigger other browsers
            https://bugzilla.redhat.com/show_bug.cgi?id=1762370
      [ 36 ] Bug #1762368 - CVE-2019-5872 chromium-browser: Use-after-free in Mojo
            https://bugzilla.redhat.com/show_bug.cgi?id=1762368
      [ 37 ] Bug #1762367 - CVE-2019-5871 chromium-browser: Heap overflow in Skia
            https://bugzilla.redhat.com/show_bug.cgi?id=1762367
      [ 38 ] Bug #1762366 - CVE-2019-5870 chromium-browser: Use-after-free in media
            https://bugzilla.redhat.com/show_bug.cgi?id=1762366
    --------------------------------------------------------------------------------
    
    This update can be installed with the "dnf" update program. Use
    su -c 'dnf upgrade --advisory FEDORA-2019-2fa7552273' at the command
    line. For more information, refer to the dnf documentation available at
    http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
    
    All packages are signed with the Fedora Project GPG key. More details on the
    GPG keys used by the Fedora Project can be found at
    https://fedoraproject.org/keys
    --------------------------------------------------------------------------------
    _______________________________________________
    package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it.
    To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it.
    Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
    List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
    List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"65","type":"x","order":"1","pct":57.52,"resources":[]},{"id":"88","title":"Should be more technical","votes":"15","type":"x","order":"2","pct":13.27,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"33","type":"x","order":"3","pct":29.2,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.