Alerts This Week
Warning Icon 1 631
Alerts This Week
Warning Icon 1 631

Fedora 30: 2019-8fb8240d14 Critical: Chromium Buffer Overflow Issues

fedora
Calendar Grey June 30, 2019
Dist Fedora Esm H88
Resolves various problems in Chromium following the Fedora 30 update, addressing severe crashes and vulnerabilities tied to buffer handling.
Update to Chromium 75.0.3770.100

Summary

Chromium is an open-source web browser, powered by WebKit (Blink).

Update to Chromium 75.0.3770.100. The usual pile of bugs and CVE fixes. vaapi

support disabled, just too broken. :( Fixes CVE-2019-5805 CVE-2019-5806

CVE-2019-5807 CVE-2019-5808 CVE-2019-5809 CVE-2019-5810 CVE-2019-5811

CVE-2019-5813 CVE-2019-5814 CVE-2019-5815 CVE-2019-5818 CVE-2019-5819

CVE-2019-5820 CVE-2019-5821 CVE-2019-5822 CVE-2019-5824 CVE-2019-5825

CVE-2019-5826 CVE-2019-5827 CVE-2019-5828 CVE-2019-5829 CVE-2019-5830

CVE-2019-5831 CVE-2019-5832 CVE-2019-5833 CVE-2019-5834 CVE-2019-5835

CVE-2019-5836 CVE-2019-5837 CVE-2019-5838 CVE-2019-5839 CVE-2019-5840

CVE-2019-5842

* Tue Jun 25 2019 Tom Callaway - 75.0.3770.100-2

- fix v8 compile with gcc

* Thu Jun 20 2019 Tom Callaway - 75.0.3770.100-1

- update to 75.0.3770.100

* Fri Jun 14 2019 Tom Callaway - 75.0.3770.90-1

- update to 75.0.3770.90

* Wed Jun 5 2019 Tom Callaway - 75.0.3770.80-1

- update to 75.0.3770.80

- disable vaapi (via conditional), too broken

* Fri May 31 2019 Tom Callaway - 74.0.3729.169-1

- update to 74.0.3729.169

* Thu Apr 11 2019 Tom Callaway - 73.0.3683.103-1

- update to 73.0.3683.103

- add CLONE_VFORK logic to seccomp filter for linux to handle glibc 2.29 change

[ 1 ] Bug #1720544 - CVE-2019-5842 chromium-browser: Use-after-free in Blink

https://bugzilla.redhat.com/show_bug.cgi?id=1720544

[ 2 ] Bug #1718269 - CVE-2019-5840 chromium-browser: Popup blocker bypass

https://bugzilla.redhat.com/show_bug.cgi?id=1718269

[ 3 ] Bug #1718268 - CVE-2019-5839 chromium-browser: Incorrect handling of certain code points in Blink

https://bugzilla.redhat.com/show_bug.cgi?id=1718268

[ 4 ] Bug #1718267 - CVE-2019-5838 chromium-browser: Overly permissive tab access in Extensions

https://bugzilla.redhat.com/show_bug.cgi?id=1718267

[ 5 ] Bug #1718266 - CVE-2019-5837 chromium-browser: Cross-origin resources size disclosure in Appcache

https://bugzilla.redhat.com/show_bug.cgi?id=1718266

[ 6 ] Bug #1718264 - CVE-2019-5836 chromium-browser: Heap buffer overflow in Angle

https://bugzilla.redhat.com/show_bug.cgi?id=1718264

[ 7 ] Bug #1718263 - CVE-2019-5835 chromium-browser: Out of bounds read in Swiftshader

https://bugzilla.redhat.com/show_bug.cgi?id=1718263

[ 8 ] Bug #1718262 - CVE-2019-5834 chromium-browser: URL spoof in Omnibox on iOS

https://bugzilla.redhat.com/show_bug.cgi?id=1718262

[ 9 ] Bug #1718261 - CVE-2019-5833 chromium-browser: Inconsistent security UI placement

https://bugzilla.redhat.com/show_bug.cgi?id=1718261

[ 10 ] Bug #1718260 - CVE-2019-5832 chromium-browser: Incorrect CORS handling in XHR

https://bugzilla.redhat.com/show_bug.cgi?id=1718260

[ 11 ] Bug #1718259 - CVE-2019-5831 chromium-browser: Incorrect map processing in V8

https://bugzilla.redhat.com/show_bug.cgi?id=1718259

[ 12 ] Bug #1718258 - CVE-2019-5830 chromium-browser: Incorrectly credentialed requests in CORS

https://bugzilla.redhat.com/show_bug.cgi?id=1718258

[ 13 ] Bug #1718257 - CVE-2019-5829 chromium-browser: Use after free in Download Manager

https://bugzilla.redhat.com/show_bug.cgi?id=1718257

[ 14 ] Bug #1718256 - CVE-2019-5828 chromium-browser: Use after free in ServiceWorker

https://bugzilla.redhat.com/show_bug.cgi?id=1718256

[ 15 ] Bug #1706805 - CVE-2019-5827 chromium-browser: out-of-bounds access in SQLite

https://bugzilla.redhat.com/show_bug.cgi?id=1706805

[ 16 ] Bug #1706812 - CVE-2019-5824 chromium-browser: parameter passing error in media player leading to unauthorized access

https://bugzilla.redhat.com/show_bug.cgi?id=1706812

[ 17 ] Bug #1707248 - CVE-2019-5826 chromium-browser: Use-after-free in IndexedDB

https://bugzilla.redhat.com/show_bug.cgi?id=1707248

[ 18 ] Bug #1707247 - CVE-2019-5825 chromium-browser: Out-of-bounds write in V8

https://bugzilla.redhat.com/show_bug.cgi?id=1707247

su -c 'dnf upgrade --advisory FEDORA-2019-8fb8240d14' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Topics%20covered

Topics Covered

security advisory update buffer overflow Fedora chromium use after free invalid memory access

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 30
Version: 75.0.3770.100
Release: 2.fc30
URL: https://www.chromium.org/Home/
Summary: A WebKit (Blink) powered web browser

Topics%20covered

Topics Covered

security advisory update buffer overflow Fedora chromium use after free invalid memory access

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here