--------------------------------------------------------------------------------Fedora Update Notification
FEDORA-2020-0e7f1b663b
2020-05-03 04:40:20.140369
--------------------------------------------------------------------------------Name        : chromium
Product     : Fedora 30
Version     : 81.0.4044.122
Release     : 1.fc30
URL         : https://www.chromium.org/Home/
Summary     : A WebKit (Blink) powered web browser
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).

--------------------------------------------------------------------------------Update Information:

Another day, another chromium update. This one fixes:  CVE-2020-6458
CVE-2020-6459 CVE-2020-6460  ----  Fix dependency issue introduced when
switching from a "shared" build to a "static" build.  ----  A new major version
of Chromium without any security bugs! Just kidding. Here's the CVE list:
CVE-2020-6454 CVE-2020-6423 CVE-2020-6455 CVE-2020-6430 CVE-2020-6456
CVE-2020-6431 CVE-2020-6433 CVE-2020-6434 CVE-2020-6435 CVE-2020-6436
CVE-2020-6437 CVE-2020-6438 CVE-2020-6439 CVE-2020-6440 CVE-2020-6441
CVE-2020-6442 CVE-2020-6443 CVE-2020-6444 CVE-2020-6445 CVE-2020-6446
CVE-2020-6447 CVE-2020-6448 CVE-2020-6432 CVE-2020-6457  Oh, and this build
switches over to a static build, so the chromium-libs and chromium-libs-media
subpackages are now obsolete, but it should be slightly better for performance.
--------------------------------------------------------------------------------ChangeLog:

* Thu Apr 23 2020 Tom Callaway  - 81.0.4044.122-1
- update to 81.0.4044.122
* Tue Apr 21 2020 Tom Callaway  - 81.0.4044.113-2
- add explicit Requires: chromium-common
* Thu Apr 16 2020 Tom Callaway  - 81.0.4044.113-1
- update to 81.0.4044.113
* Mon Apr 13 2020 Tom Callaway  - 81.0.4044.92-1
- update to 81.0.4044.92
- squelch the selinux output in the post scriptlet
- add Provides/Obsoletes in case we're build with shared set to 0
- add ulimit -n 4096 (needed for static builds, probably not harmful for shared builds either)
- do static build
--------------------------------------------------------------------------------References:

  [ 1 ] Bug #1822604 - CVE-2020-6454 chromium-browser: Use after free in extensions
        https://bugzilla.redhat.com/show_bug.cgi?id=1822604
  [ 2 ] Bug #1822605 - CVE-2020-6423 chromium-browser: Use after free in audio
        https://bugzilla.redhat.com/show_bug.cgi?id=1822605
  [ 3 ] Bug #1822606 - CVE-2020-6455 chromium-browser: Out of bounds read in WebSQL
        https://bugzilla.redhat.com/show_bug.cgi?id=1822606
  [ 4 ] Bug #1822607 - CVE-2020-6430 chromium-browser: Type Confusion in V8
        https://bugzilla.redhat.com/show_bug.cgi?id=1822607
  [ 5 ] Bug #1822608 - CVE-2020-6456 chromium-browser: Insufficient validation of untrusted input in clipboard
        https://bugzilla.redhat.com/show_bug.cgi?id=1822608
  [ 6 ] Bug #1822609 - CVE-2020-6431 chromium-browser: Insufficient policy enforcement in full screen
        https://bugzilla.redhat.com/show_bug.cgi?id=1822609
  [ 7 ] Bug #1822610 - CVE-2020-6433 chromium-browser: Insufficient policy enforcement in extensions
        https://bugzilla.redhat.com/show_bug.cgi?id=1822610
  [ 8 ] Bug #1822611 - CVE-2020-6434 chromium-browser: Use after free in devtools
        https://bugzilla.redhat.com/show_bug.cgi?id=1822611
  [ 9 ] Bug #1822612 - CVE-2020-6435 chromium-browser: Insufficient policy enforcement in extensions
        https://bugzilla.redhat.com/show_bug.cgi?id=1822612
  [ 10 ] Bug #1822613 - CVE-2020-6436 chromium-browser: Use after free in window management
        https://bugzilla.redhat.com/show_bug.cgi?id=1822613
  [ 11 ] Bug #1822614 - CVE-2020-6437 chromium-browser: Inappropriate implementation in WebView
        https://bugzilla.redhat.com/show_bug.cgi?id=1822614
  [ 12 ] Bug #1822615 - CVE-2020-6438 chromium-browser: Insufficient policy enforcement in extensions
        https://bugzilla.redhat.com/show_bug.cgi?id=1822615
  [ 13 ] Bug #1822616 - CVE-2020-6439 chromium-browser: Insufficient policy enforcement in navigations
        https://bugzilla.redhat.com/show_bug.cgi?id=1822616
  [ 14 ] Bug #1822617 - CVE-2020-6440 chromium-browser: Inappropriate implementation in extensions
        https://bugzilla.redhat.com/show_bug.cgi?id=1822617
  [ 15 ] Bug #1822618 - CVE-2020-6441 chromium-browser: Insufficient policy enforcement in omnibox
        https://bugzilla.redhat.com/show_bug.cgi?id=1822618
  [ 16 ] Bug #1822619 - CVE-2020-6442 chromium-browser: Inappropriate implementation in cache
        https://bugzilla.redhat.com/show_bug.cgi?id=1822619
  [ 17 ] Bug #1822620 - CVE-2020-6443 chromium-browser: Insufficient data validation in developer tools
        https://bugzilla.redhat.com/show_bug.cgi?id=1822620
  [ 18 ] Bug #1822621 - CVE-2020-6444 chromium-browser: Uninitialized use in WebRTC
        https://bugzilla.redhat.com/show_bug.cgi?id=1822621
  [ 19 ] Bug #1822622 - CVE-2020-6445 chromium-browser: Insufficient policy enforcement in trusted types
        https://bugzilla.redhat.com/show_bug.cgi?id=1822622
  [ 20 ] Bug #1822623 - CVE-2020-6446 chromium-browser: Insufficient policy enforcement in trusted types
        https://bugzilla.redhat.com/show_bug.cgi?id=1822623
  [ 21 ] Bug #1822624 - CVE-2020-6447 chromium-browser: Inappropriate implementation in developer tools
        https://bugzilla.redhat.com/show_bug.cgi?id=1822624
  [ 22 ] Bug #1822625 - CVE-2020-6448 chromium-browser: Use after free in V8
        https://bugzilla.redhat.com/show_bug.cgi?id=1822625
  [ 23 ] Bug #1824949 - CVE-2020-6457 chromium-browser: Use after free in speech recognizer
        https://bugzilla.redhat.com/show_bug.cgi?id=1824949
  [ 24 ] Bug #1827379 - CVE-2020-6459 chromium-browser: Use after free in payments
        https://bugzilla.redhat.com/show_bug.cgi?id=1827379
  [ 25 ] Bug #1827380 - CVE-2020-6460 chromium-browser: Insufficient data validation in URL formatting
        https://bugzilla.redhat.com/show_bug.cgi?id=1827380
  [ 26 ] Bug #1827381 - CVE-2020-6458 chromium-browser: Out of bounds read and write in PDFium
        https://bugzilla.redhat.com/show_bug.cgi?id=1827381
--------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2020-0e7f1b663b' at the command
line. For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/security/
--------------------------------------------------------------------------------_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Fedora 30: chromium FEDORA-2020-0e7f1b663b

May 3, 2020
Another day, another chromium update

Summary

Chromium is an open-source web browser, powered by WebKit (Blink).

Another day, another chromium update. This one fixes: CVE-2020-6458

CVE-2020-6459 CVE-2020-6460 ---- Fix dependency issue introduced when

switching from a "shared" build to a "static" build. ---- A new major version

of Chromium without any security bugs! Just kidding. Here's the CVE list:

CVE-2020-6454 CVE-2020-6423 CVE-2020-6455 CVE-2020-6430 CVE-2020-6456

CVE-2020-6431 CVE-2020-6433 CVE-2020-6434 CVE-2020-6435 CVE-2020-6436

CVE-2020-6437 CVE-2020-6438 CVE-2020-6439 CVE-2020-6440 CVE-2020-6441

CVE-2020-6442 CVE-2020-6443 CVE-2020-6444 CVE-2020-6445 CVE-2020-6446

CVE-2020-6447 CVE-2020-6448 CVE-2020-6432 CVE-2020-6457 Oh, and this build

switches over to a static build, so the chromium-libs and chromium-libs-media

subpackages are now obsolete, but it should be slightly better for performance.

* Thu Apr 23 2020 Tom Callaway - 81.0.4044.122-1

- update to 81.0.4044.122

* Tue Apr 21 2020 Tom Callaway - 81.0.4044.113-2

- add explicit Requires: chromium-common

* Thu Apr 16 2020 Tom Callaway - 81.0.4044.113-1

- update to 81.0.4044.113

* Mon Apr 13 2020 Tom Callaway - 81.0.4044.92-1

- update to 81.0.4044.92

- squelch the selinux output in the post scriptlet

- add Provides/Obsoletes in case we're build with shared set to 0

- add ulimit -n 4096 (needed for static builds, probably not harmful for shared builds either)

- do static build

[ 1 ] Bug #1822604 - CVE-2020-6454 chromium-browser: Use after free in extensions

https://bugzilla.redhat.com/show_bug.cgi?id=1822604

[ 2 ] Bug #1822605 - CVE-2020-6423 chromium-browser: Use after free in audio

https://bugzilla.redhat.com/show_bug.cgi?id=1822605

[ 3 ] Bug #1822606 - CVE-2020-6455 chromium-browser: Out of bounds read in WebSQL

https://bugzilla.redhat.com/show_bug.cgi?id=1822606

[ 4 ] Bug #1822607 - CVE-2020-6430 chromium-browser: Type Confusion in V8

https://bugzilla.redhat.com/show_bug.cgi?id=1822607

[ 5 ] Bug #1822608 - CVE-2020-6456 chromium-browser: Insufficient validation of untrusted input in clipboard

https://bugzilla.redhat.com/show_bug.cgi?id=1822608

[ 6 ] Bug #1822609 - CVE-2020-6431 chromium-browser: Insufficient policy enforcement in full screen

https://bugzilla.redhat.com/show_bug.cgi?id=1822609

[ 7 ] Bug #1822610 - CVE-2020-6433 chromium-browser: Insufficient policy enforcement in extensions

https://bugzilla.redhat.com/show_bug.cgi?id=1822610

[ 8 ] Bug #1822611 - CVE-2020-6434 chromium-browser: Use after free in devtools

https://bugzilla.redhat.com/show_bug.cgi?id=1822611

[ 9 ] Bug #1822612 - CVE-2020-6435 chromium-browser: Insufficient policy enforcement in extensions

https://bugzilla.redhat.com/show_bug.cgi?id=1822612

[ 10 ] Bug #1822613 - CVE-2020-6436 chromium-browser: Use after free in window management

https://bugzilla.redhat.com/show_bug.cgi?id=1822613

[ 11 ] Bug #1822614 - CVE-2020-6437 chromium-browser: Inappropriate implementation in WebView

https://bugzilla.redhat.com/show_bug.cgi?id=1822614

[ 12 ] Bug #1822615 - CVE-2020-6438 chromium-browser: Insufficient policy enforcement in extensions

https://bugzilla.redhat.com/show_bug.cgi?id=1822615

[ 13 ] Bug #1822616 - CVE-2020-6439 chromium-browser: Insufficient policy enforcement in navigations

https://bugzilla.redhat.com/show_bug.cgi?id=1822616

[ 14 ] Bug #1822617 - CVE-2020-6440 chromium-browser: Inappropriate implementation in extensions

https://bugzilla.redhat.com/show_bug.cgi?id=1822617

[ 15 ] Bug #1822618 - CVE-2020-6441 chromium-browser: Insufficient policy enforcement in omnibox

https://bugzilla.redhat.com/show_bug.cgi?id=1822618

[ 16 ] Bug #1822619 - CVE-2020-6442 chromium-browser: Inappropriate implementation in cache

https://bugzilla.redhat.com/show_bug.cgi?id=1822619

[ 17 ] Bug #1822620 - CVE-2020-6443 chromium-browser: Insufficient data validation in developer tools

https://bugzilla.redhat.com/show_bug.cgi?id=1822620

[ 18 ] Bug #1822621 - CVE-2020-6444 chromium-browser: Uninitialized use in WebRTC

https://bugzilla.redhat.com/show_bug.cgi?id=1822621

[ 19 ] Bug #1822622 - CVE-2020-6445 chromium-browser: Insufficient policy enforcement in trusted types

https://bugzilla.redhat.com/show_bug.cgi?id=1822622

[ 20 ] Bug #1822623 - CVE-2020-6446 chromium-browser: Insufficient policy enforcement in trusted types

https://bugzilla.redhat.com/show_bug.cgi?id=1822623

[ 21 ] Bug #1822624 - CVE-2020-6447 chromium-browser: Inappropriate implementation in developer tools

https://bugzilla.redhat.com/show_bug.cgi?id=1822624

[ 22 ] Bug #1822625 - CVE-2020-6448 chromium-browser: Use after free in V8

https://bugzilla.redhat.com/show_bug.cgi?id=1822625

[ 23 ] Bug #1824949 - CVE-2020-6457 chromium-browser: Use after free in speech recognizer

https://bugzilla.redhat.com/show_bug.cgi?id=1824949

[ 24 ] Bug #1827379 - CVE-2020-6459 chromium-browser: Use after free in payments

https://bugzilla.redhat.com/show_bug.cgi?id=1827379

[ 25 ] Bug #1827380 - CVE-2020-6460 chromium-browser: Insufficient data validation in URL formatting

https://bugzilla.redhat.com/show_bug.cgi?id=1827380

[ 26 ] Bug #1827381 - CVE-2020-6458 chromium-browser: Out of bounds read and write in PDFium

https://bugzilla.redhat.com/show_bug.cgi?id=1827381

su -c 'dnf upgrade --advisory FEDORA-2020-0e7f1b663b' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

FEDORA-2020-0e7f1b663b 2020-05-03 04:40:20.140369 Product : Fedora 30 Version : 81.0.4044.122 Release : 1.fc30 URL : https://www.chromium.org/Home/ Summary : A WebKit (Blink) powered web browser Description : Chromium is an open-source web browser, powered by WebKit (Blink). Another day, another chromium update. This one fixes: CVE-2020-6458 CVE-2020-6459 CVE-2020-6460 ---- Fix dependency issue introduced when switching from a "shared" build to a "static" build. ---- A new major version of Chromium without any security bugs! Just kidding. Here's the CVE list: CVE-2020-6454 CVE-2020-6423 CVE-2020-6455 CVE-2020-6430 CVE-2020-6456 CVE-2020-6431 CVE-2020-6433 CVE-2020-6434 CVE-2020-6435 CVE-2020-6436 CVE-2020-6437 CVE-2020-6438 CVE-2020-6439 CVE-2020-6440 CVE-2020-6441 CVE-2020-6442 CVE-2020-6443 CVE-2020-6444 CVE-2020-6445 CVE-2020-6446 CVE-2020-6447 CVE-2020-6448 CVE-2020-6432 CVE-2020-6457 Oh, and this build switches over to a static build, so the chromium-libs and chromium-libs-media subpackages are now obsolete, but it should be slightly better for performance. * Thu Apr 23 2020 Tom Callaway - 81.0.4044.122-1 - update to 81.0.4044.122 * Tue Apr 21 2020 Tom Callaway - 81.0.4044.113-2 - add explicit Requires: chromium-common * Thu Apr 16 2020 Tom Callaway - 81.0.4044.113-1 - update to 81.0.4044.113 * Mon Apr 13 2020 Tom Callaway - 81.0.4044.92-1 - update to 81.0.4044.92 - squelch the selinux output in the post scriptlet - add Provides/Obsoletes in case we're build with shared set to 0 - add ulimit -n 4096 (needed for static builds, probably not harmful for shared builds either) - do static build [ 1 ] Bug #1822604 - CVE-2020-6454 chromium-browser: Use after free in extensions https://bugzilla.redhat.com/show_bug.cgi?id=1822604 [ 2 ] Bug #1822605 - CVE-2020-6423 chromium-browser: Use after free in audio https://bugzilla.redhat.com/show_bug.cgi?id=1822605 [ 3 ] Bug #1822606 - CVE-2020-6455 chromium-browser: Out of bounds read in WebSQL https://bugzilla.redhat.com/show_bug.cgi?id=1822606 [ 4 ] Bug #1822607 - CVE-2020-6430 chromium-browser: Type Confusion in V8 https://bugzilla.redhat.com/show_bug.cgi?id=1822607 [ 5 ] Bug #1822608 - CVE-2020-6456 chromium-browser: Insufficient validation of untrusted input in clipboard https://bugzilla.redhat.com/show_bug.cgi?id=1822608 [ 6 ] Bug #1822609 - CVE-2020-6431 chromium-browser: Insufficient policy enforcement in full screen https://bugzilla.redhat.com/show_bug.cgi?id=1822609 [ 7 ] Bug #1822610 - CVE-2020-6433 chromium-browser: Insufficient policy enforcement in extensions https://bugzilla.redhat.com/show_bug.cgi?id=1822610 [ 8 ] Bug #1822611 - CVE-2020-6434 chromium-browser: Use after free in devtools https://bugzilla.redhat.com/show_bug.cgi?id=1822611 [ 9 ] Bug #1822612 - CVE-2020-6435 chromium-browser: Insufficient policy enforcement in extensions https://bugzilla.redhat.com/show_bug.cgi?id=1822612 [ 10 ] Bug #1822613 - CVE-2020-6436 chromium-browser: Use after free in window management https://bugzilla.redhat.com/show_bug.cgi?id=1822613 [ 11 ] Bug #1822614 - CVE-2020-6437 chromium-browser: Inappropriate implementation in WebView https://bugzilla.redhat.com/show_bug.cgi?id=1822614 [ 12 ] Bug #1822615 - CVE-2020-6438 chromium-browser: Insufficient policy enforcement in extensions https://bugzilla.redhat.com/show_bug.cgi?id=1822615 [ 13 ] Bug #1822616 - CVE-2020-6439 chromium-browser: Insufficient policy enforcement in navigations https://bugzilla.redhat.com/show_bug.cgi?id=1822616 [ 14 ] Bug #1822617 - CVE-2020-6440 chromium-browser: Inappropriate implementation in extensions https://bugzilla.redhat.com/show_bug.cgi?id=1822617 [ 15 ] Bug #1822618 - CVE-2020-6441 chromium-browser: Insufficient policy enforcement in omnibox https://bugzilla.redhat.com/show_bug.cgi?id=1822618 [ 16 ] Bug #1822619 - CVE-2020-6442 chromium-browser: Inappropriate implementation in cache https://bugzilla.redhat.com/show_bug.cgi?id=1822619 [ 17 ] Bug #1822620 - CVE-2020-6443 chromium-browser: Insufficient data validation in developer tools https://bugzilla.redhat.com/show_bug.cgi?id=1822620 [ 18 ] Bug #1822621 - CVE-2020-6444 chromium-browser: Uninitialized use in WebRTC https://bugzilla.redhat.com/show_bug.cgi?id=1822621 [ 19 ] Bug #1822622 - CVE-2020-6445 chromium-browser: Insufficient policy enforcement in trusted types https://bugzilla.redhat.com/show_bug.cgi?id=1822622 [ 20 ] Bug #1822623 - CVE-2020-6446 chromium-browser: Insufficient policy enforcement in trusted types https://bugzilla.redhat.com/show_bug.cgi?id=1822623 [ 21 ] Bug #1822624 - CVE-2020-6447 chromium-browser: Inappropriate implementation in developer tools https://bugzilla.redhat.com/show_bug.cgi?id=1822624 [ 22 ] Bug #1822625 - CVE-2020-6448 chromium-browser: Use after free in V8 https://bugzilla.redhat.com/show_bug.cgi?id=1822625 [ 23 ] Bug #1824949 - CVE-2020-6457 chromium-browser: Use after free in speech recognizer https://bugzilla.redhat.com/show_bug.cgi?id=1824949 [ 24 ] Bug #1827379 - CVE-2020-6459 chromium-browser: Use after free in payments https://bugzilla.redhat.com/show_bug.cgi?id=1827379 [ 25 ] Bug #1827380 - CVE-2020-6460 chromium-browser: Insufficient data validation in URL formatting https://bugzilla.redhat.com/show_bug.cgi?id=1827380 [ 26 ] Bug #1827381 - CVE-2020-6458 chromium-browser: Out of bounds read and write in PDFium https://bugzilla.redhat.com/show_bug.cgi?id=1827381 su -c 'dnf upgrade --advisory FEDORA-2020-0e7f1b663b' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Change Log

References

Update Instructions

Severity
Product : Fedora 30
Version : 81.0.4044.122
Release : 1.fc30
URL : https://www.chromium.org/Home/
Summary : A WebKit (Blink) powered web browser

Related News

24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved