Fedora 30: chromium FEDORA-2020-4355ea258e

    Date 18 Jan 2020
    340
    Posted By LinuxSecurity Advisories
    Update to 79.0.3945.117. Fixes CVE-2020-6377. ---- Security fix for CVE-2019-13767. ---- Update to Chromium 79. Fixes the usual giant pile of bugs and security issues. This time, the list is: CVE-2019-13725 CVE-2019-13726 CVE-2019-13727 CVE-2019-13728 CVE-2019-13729 CVE-2019-13730 CVE-2019-13732 CVE-2019-13734 CVE-2019-13735 CVE-2019-13764 CVE-2019-13736 CVE-2019-13737
    --------------------------------------------------------------------------------
    Fedora Update Notification
    FEDORA-2020-4355ea258e
    2020-01-19 01:00:16.266048
    --------------------------------------------------------------------------------
    
    Name        : chromium
    Product     : Fedora 30
    Version     : 79.0.3945.117
    Release     : 1.fc30
    URL         : https://www.chromium.org/Home
    Summary     : A WebKit (Blink) powered web browser
    Description :
    Chromium is an open-source web browser, powered by WebKit (Blink).
    
    --------------------------------------------------------------------------------
    Update Information:
    
    Update to 79.0.3945.117. Fixes CVE-2020-6377.  ----  Security fix for
    CVE-2019-13767.  ----  Update to Chromium 79. Fixes the usual giant pile of bugs
    and security issues. This time, the list is:  CVE-2019-13725 CVE-2019-13726
    CVE-2019-13727 CVE-2019-13728 CVE-2019-13729 CVE-2019-13730 CVE-2019-13732
    CVE-2019-13734 CVE-2019-13735 CVE-2019-13764 CVE-2019-13736 CVE-2019-13737
    CVE-2019-13738 CVE-2019-13739 CVE-2019-13740 CVE-2019-13741 CVE-2019-13742
    CVE-2019-13743 CVE-2019-13744 CVE-2019-13745 CVE-2019-13746 CVE-2019-13747
    CVE-2019-13748 CVE-2019-13749 CVE-2019-13750 CVE-2019-13751 CVE-2019-13752
    CVE-2019-13753 CVE-2019-13754 CVE-2019-13755 CVE-2019-13756 CVE-2019-13757
    CVE-2019-13758 CVE-2019-13759 CVE-2019-13761 CVE-2019-13762 CVE-2019-13763
    --------------------------------------------------------------------------------
    ChangeLog:
    
    * Thu Jan  9 2020 Tom Callaway  - 79.0.3945.117-1
    - update to 79.0.3945.117
    * Tue Dec 17 2019 Tom Callaway  - 79.0.3945.88-1
    - update to 79.0.3945.88
    * Tue Dec 10 2019 Tom Callaway  - 79.0.3945.79-1
    - update to 79.0.3945.79
    * Wed Dec  4 2019 Tom Callaway  - 79.0.3945.56-2
    - fix lib provides filtering
    * Tue Dec  3 2019 Tom Callaway  - 79.0.3945.56-1
    - update to current beta (rawhide only)
    - switch to upstream patch for clock_nanosleep fix
    * Mon Nov 25 2019 Tom Callaway  - 78.0.3904.108-1
    - update to 78.0.3904.108
    * Sun Nov 17 2019 Tom Callaway  - 78.0.3904.97-2
    - allow clock_nanosleep through seccomp (bz #1773289)
    * Thu Nov  7 2019 Tom Callaway  - 78.0.3904.97-1
    - update to 78.0.3904.97
    * Fri Nov  1 2019 Tom Callaway  - 78.0.3904.87-1
    - update to 78.0.3904.87
    - apply most of the freeworld changes in PR 23/24/25
    * Wed Oct 23 2019 Tom Callaway  - 78.0.3904.80-1
    - update to 78.0.3904.80
    * Wed Oct 16 2019 Tom Callaway  - 77.0.3865.120-4
    - upstream fix for zlib symbol exports with gcc
    * Wed Oct 16 2019 Tom Callaway  - 77.0.3865.120-3
    - silence outdated build noise (bz1745745)
    * Tue Oct 15 2019 Tom Callaway  - 77.0.3865.120-2
    - fix node handling for EPEL-8
    * Mon Oct 14 2019 Tomas Popela  - 77.0.3865.120-1
    - Update to 77.0.3865.120
    * Thu Oct 10 2019 Tom Callaway  - 77.0.3865.90-4
    - enable aarch64 for EPEL-8
    * Wed Oct  9 2019 Tom Callaway  - 77.0.3865.90-3
    - spec cleanups and changes to make EPEL8 try to build
    * Mon Sep 23 2019 Tomas Popela  - 77.0.3865.90-2
    - Fix the icon
    - Remove quite a few of downstream patches
    - Fix the crashes by backporting an upstream bug
    - Resolves: rhbz#1754179
    * Thu Sep 19 2019 Tomas Popela  - 77.0.3865.90-1
    - Update to 77.0.3865.90
    * Mon Sep 16 2019 Tomas Popela  - 77.0.3865.75-2
    - Update the list of private libraries
    * Fri Sep 13 2019 Tomas Popela  - 77.0.3865.75-1
    - Update to 77.0.3865.75
    * Tue Sep  3 2019 Tomas Popela  - 76.0.3809.132-2
    - Backport patch to fix certificate transparency
    * Tue Aug 27 2019 Tomas Popela  - 76.0.3809.132-1
    - Update to 76.0.3809.132
    * Tue Aug 13 2019 Tomas Popela  - 76.0.3809.100-1
    - Update to 76.0.3809.100
    * Wed Jul 24 2019 Fedora Release Engineering  - 75.0.3770.100-4
    - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
    * Tue Jul  2 2019 Tom Callaway  - 75.0.3770.100-3
    - apply upstream fix to resolve issue where it is dangerous to post a
      task with a RenderProcessHost pointer because the RenderProcessHost
      can go away before the task is run (causing a segfault).
    * Tue Jun 25 2019 Tom Callaway  - 75.0.3770.100-2
    - fix v8 compile with gcc
    * Thu Jun 20 2019 Tom Callaway  - 75.0.3770.100-1
    - update to 75.0.3770.100
    * Fri Jun 14 2019 Tom Callaway  - 75.0.3770.90-1
    - update to 75.0.3770.90
    * Wed Jun  5 2019 Tom Callaway  - 75.0.3770.80-1
    - update to 75.0.3770.80
    - disable vaapi (via conditional), too broken
    * Fri May 31 2019 Tom Callaway  - 74.0.3729.169-1
    - update to 74.0.3729.169
    * Thu Apr 11 2019 Tom Callaway  - 73.0.3683.103-1
    - update to 73.0.3683.103
    - add CLONE_VFORK logic to seccomp filter for linux to handle glibc 2.29 change
    --------------------------------------------------------------------------------
    References:
    
      [ 1 ] Bug #1784989 - CVE-2019-13767 chromium-browser: Use after free in media picker
            https://bugzilla.redhat.com/show_bug.cgi?id=1784989
      [ 2 ] Bug #1782008 - CVE-2019-13763 chromium-browser: Insufficient policy enforcement in payments
            https://bugzilla.redhat.com/show_bug.cgi?id=1782008
      [ 3 ] Bug #1782007 - CVE-2019-13762 chromium-browser: Insufficient policy enforcement in downloads
            https://bugzilla.redhat.com/show_bug.cgi?id=1782007
      [ 4 ] Bug #1782006 - CVE-2019-13761 chromium-browser: Incorrect security UI in Omnibox
            https://bugzilla.redhat.com/show_bug.cgi?id=1782006
      [ 5 ] Bug #1782005 - CVE-2019-13759 chromium-browser: Incorrect security UI in interstitials
            https://bugzilla.redhat.com/show_bug.cgi?id=1782005
      [ 6 ] Bug #1782004 - CVE-2019-13757 chromium-browser: Incorrect security UI in Omnibox
            https://bugzilla.redhat.com/show_bug.cgi?id=1782004
      [ 7 ] Bug #1782000 - CVE-2019-13753 sqlite: fts3: incorrectly removed corruption check
            https://bugzilla.redhat.com/show_bug.cgi?id=1782000
      [ 8 ] Bug #1782003 - CVE-2019-13756 chromium-browser: Incorrect security UI in printing
            https://bugzilla.redhat.com/show_bug.cgi?id=1782003
      [ 9 ] Bug #1782002 - CVE-2019-13755 chromium-browser: Insufficient policy enforcement in extensions
            https://bugzilla.redhat.com/show_bug.cgi?id=1782002
      [ 10 ] Bug #1782001 - CVE-2019-13754 chromium-browser: Insufficient policy enforcement in extensions
            https://bugzilla.redhat.com/show_bug.cgi?id=1782001
      [ 11 ] Bug #1781998 - CVE-2019-13751 sqlite: fts3: improve detection of corrupted records
            https://bugzilla.redhat.com/show_bug.cgi?id=1781998
      [ 12 ] Bug #1781999 - CVE-2019-13752 sqlite: fts3: improve shadow table corruption detection
            https://bugzilla.redhat.com/show_bug.cgi?id=1781999
      [ 13 ] Bug #1781995 - CVE-2019-13749 chromium-browser: Incorrect security UI in Omnibox
            https://bugzilla.redhat.com/show_bug.cgi?id=1781995
      [ 14 ] Bug #1781993 - CVE-2019-13747 chromium-browser: Uninitialized Use in rendering
            https://bugzilla.redhat.com/show_bug.cgi?id=1781993
      [ 15 ] Bug #1781997 - CVE-2019-13750 sqlite: dropping of shadow tables not restricted in defensive mode
            https://bugzilla.redhat.com/show_bug.cgi?id=1781997
      [ 16 ] Bug #1781992 - CVE-2019-13746 chromium-browser: Insufficient policy enforcement in Omnibox
            https://bugzilla.redhat.com/show_bug.cgi?id=1781992
      [ 17 ] Bug #1781994 - CVE-2019-13748 chromium-browser: Insufficient policy enforcement in developer tools
            https://bugzilla.redhat.com/show_bug.cgi?id=1781994
      [ 18 ] Bug #1781991 - CVE-2019-13745 chromium-browser: Insufficient policy enforcement in audio
            https://bugzilla.redhat.com/show_bug.cgi?id=1781991
      [ 19 ] Bug #1781990 - CVE-2019-13743 chromium-browser: Incorrect security UI in external protocol handling
            https://bugzilla.redhat.com/show_bug.cgi?id=1781990
      [ 20 ] Bug #1781987 - CVE-2019-13740 chromium-browser: Incorrect security UI in sharing
            https://bugzilla.redhat.com/show_bug.cgi?id=1781987
      [ 21 ] Bug #1781989 - CVE-2019-13742 chromium-browser: Incorrect security UI in Omnibox
            https://bugzilla.redhat.com/show_bug.cgi?id=1781989
      [ 22 ] Bug #1781988 - CVE-2019-13741 chromium-browser: Insufficient validation of untrusted input in Blink
            https://bugzilla.redhat.com/show_bug.cgi?id=1781988
      [ 23 ] Bug #1781986 - CVE-2019-13739 chromium-browser: Incorrect security UI in Omnibox
            https://bugzilla.redhat.com/show_bug.cgi?id=1781986
      [ 24 ] Bug #1781985 - CVE-2019-13738 chromium-browser: Insufficient policy enforcement in navigation
            https://bugzilla.redhat.com/show_bug.cgi?id=1781985
      [ 25 ] Bug #1781983 - CVE-2019-13736 chromium-browser: Integer overflow in PDFium
            https://bugzilla.redhat.com/show_bug.cgi?id=1781983
      [ 26 ] Bug #1781984 - CVE-2019-13737 chromium-browser: Insufficient policy enforcement in autocomplete
            https://bugzilla.redhat.com/show_bug.cgi?id=1781984
      [ 27 ] Bug #1781980 - CVE-2019-13734 sqlite: fts3: improve shadow table corruption detection
            https://bugzilla.redhat.com/show_bug.cgi?id=1781980
      [ 28 ] Bug #1781982 - CVE-2019-13764 chromium-browser: Type Confusion in V8
            https://bugzilla.redhat.com/show_bug.cgi?id=1781982
      [ 29 ] Bug #1781981 - CVE-2019-13735 chromium-browser: Out of bounds write in V8
            https://bugzilla.redhat.com/show_bug.cgi?id=1781981
      [ 30 ] Bug #1781979 - CVE-2019-13732 chromium-browser: Use after free in WebAudio
            https://bugzilla.redhat.com/show_bug.cgi?id=1781979
      [ 31 ] Bug #1781978 - CVE-2019-13730 chromium-browser: Type Confusion in V8
            https://bugzilla.redhat.com/show_bug.cgi?id=1781978
      [ 32 ] Bug #1781974 - CVE-2019-13726 chromium-browser: Heap buffer overflow in password manager
            https://bugzilla.redhat.com/show_bug.cgi?id=1781974
      [ 33 ] Bug #1781975 - CVE-2019-13727 chromium-browser: Insufficient policy enforcement in WebSockets
            https://bugzilla.redhat.com/show_bug.cgi?id=1781975
      [ 34 ] Bug #1781976 - CVE-2019-13728 chromium-browser: Out of bounds write in V8
            https://bugzilla.redhat.com/show_bug.cgi?id=1781976
      [ 35 ] Bug #1781977 - CVE-2019-13729 chromium-browser: Use after free in WebSockets
            https://bugzilla.redhat.com/show_bug.cgi?id=1781977
      [ 36 ] Bug #1781973 - CVE-2019-13725 chromium-browser: Use after free in Bluetooth
            https://bugzilla.redhat.com/show_bug.cgi?id=1781973
      [ 37 ] Bug #1782021 - CVE-2019-13744 chromium-browser: Insufficient policy enforcement in cookies
            https://bugzilla.redhat.com/show_bug.cgi?id=1782021
      [ 38 ] Bug #1782017 - CVE-2019-13758 chromium-browser: Insufficient policy enforcement in navigation
            https://bugzilla.redhat.com/show_bug.cgi?id=1782017
    --------------------------------------------------------------------------------
    
    This update can be installed with the "dnf" update program. Use
    su -c 'dnf upgrade --advisory FEDORA-2020-4355ea258e' at the command
    line. For more information, refer to the dnf documentation available at
    https://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
    
    All packages are signed with the Fedora Project GPG key. More details on the
    GPG keys used by the Fedora Project can be found at
    https://fedoraproject.org/keys
    --------------------------------------------------------------------------------
    _______________________________________________
    package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it.
    To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it.
    Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
    List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
    List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it.
    

    LinuxSecurity Poll

    If you are using full-disk encryption: are you concerned about the resulting performance hit?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).
    /main-polls/34-if-you-are-using-full-disk-encryption-are-you-concerned-about-the-resulting-performance-hit?task=poll.vote&format=json
    34
    radio
    [{"id":"120","title":"Yes","votes":"13","type":"x","order":"1","pct":65,"resources":[]},{"id":"121","title":"No ","votes":"7","type":"x","order":"2","pct":35,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
    bottom 200

    Advisories

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.