Discover Government News

--------------------------------------------------------------------------------Fedora Update Notification
FEDORA-2020-4355ea258e
2020-01-19 01:00:16.266048
--------------------------------------------------------------------------------Name        : chromium
Product     : Fedora 30
Version     : 79.0.3945.117
Release     : 1.fc30
URL         : https://www.chromium.org/Home/
Summary     : A WebKit (Blink) powered web browser
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).

--------------------------------------------------------------------------------Update Information:

Update to 79.0.3945.117. Fixes CVE-2020-6377.  ----  Security fix for
CVE-2019-13767.  ----  Update to Chromium 79. Fixes the usual giant pile of bugs
and security issues. This time, the list is:  CVE-2019-13725 CVE-2019-13726
CVE-2019-13727 CVE-2019-13728 CVE-2019-13729 CVE-2019-13730 CVE-2019-13732
CVE-2019-13734 CVE-2019-13735 CVE-2019-13764 CVE-2019-13736 CVE-2019-13737
CVE-2019-13738 CVE-2019-13739 CVE-2019-13740 CVE-2019-13741 CVE-2019-13742
CVE-2019-13743 CVE-2019-13744 CVE-2019-13745 CVE-2019-13746 CVE-2019-13747
CVE-2019-13748 CVE-2019-13749 CVE-2019-13750 CVE-2019-13751 CVE-2019-13752
CVE-2019-13753 CVE-2019-13754 CVE-2019-13755 CVE-2019-13756 CVE-2019-13757
CVE-2019-13758 CVE-2019-13759 CVE-2019-13761 CVE-2019-13762 CVE-2019-13763
--------------------------------------------------------------------------------ChangeLog:

* Thu Jan  9 2020 Tom Callaway  - 79.0.3945.117-1
- update to 79.0.3945.117
* Tue Dec 17 2019 Tom Callaway  - 79.0.3945.88-1
- update to 79.0.3945.88
* Tue Dec 10 2019 Tom Callaway  - 79.0.3945.79-1
- update to 79.0.3945.79
* Wed Dec  4 2019 Tom Callaway  - 79.0.3945.56-2
- fix lib provides filtering
* Tue Dec  3 2019 Tom Callaway  - 79.0.3945.56-1
- update to current beta (rawhide only)
- switch to upstream patch for clock_nanosleep fix
* Mon Nov 25 2019 Tom Callaway  - 78.0.3904.108-1
- update to 78.0.3904.108
* Sun Nov 17 2019 Tom Callaway  - 78.0.3904.97-2
- allow clock_nanosleep through seccomp (bz #1773289)
* Thu Nov  7 2019 Tom Callaway  - 78.0.3904.97-1
- update to 78.0.3904.97
* Fri Nov  1 2019 Tom Callaway  - 78.0.3904.87-1
- update to 78.0.3904.87
- apply most of the freeworld changes in PR 23/24/25
* Wed Oct 23 2019 Tom Callaway  - 78.0.3904.80-1
- update to 78.0.3904.80
* Wed Oct 16 2019 Tom Callaway  - 77.0.3865.120-4
- upstream fix for zlib symbol exports with gcc
* Wed Oct 16 2019 Tom Callaway  - 77.0.3865.120-3
- silence outdated build noise (bz1745745)
* Tue Oct 15 2019 Tom Callaway  - 77.0.3865.120-2
- fix node handling for EPEL-8
* Mon Oct 14 2019 Tomas Popela  - 77.0.3865.120-1
- Update to 77.0.3865.120
* Thu Oct 10 2019 Tom Callaway  - 77.0.3865.90-4
- enable aarch64 for EPEL-8
* Wed Oct  9 2019 Tom Callaway  - 77.0.3865.90-3
- spec cleanups and changes to make EPEL8 try to build
* Mon Sep 23 2019 Tomas Popela  - 77.0.3865.90-2
- Fix the icon
- Remove quite a few of downstream patches
- Fix the crashes by backporting an upstream bug
- Resolves: rhbz#1754179
* Thu Sep 19 2019 Tomas Popela  - 77.0.3865.90-1
- Update to 77.0.3865.90
* Mon Sep 16 2019 Tomas Popela  - 77.0.3865.75-2
- Update the list of private libraries
* Fri Sep 13 2019 Tomas Popela  - 77.0.3865.75-1
- Update to 77.0.3865.75
* Tue Sep  3 2019 Tomas Popela  - 76.0.3809.132-2
- Backport patch to fix certificate transparency
* Tue Aug 27 2019 Tomas Popela  - 76.0.3809.132-1
- Update to 76.0.3809.132
* Tue Aug 13 2019 Tomas Popela  - 76.0.3809.100-1
- Update to 76.0.3809.100
* Wed Jul 24 2019 Fedora Release Engineering  - 75.0.3770.100-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Tue Jul  2 2019 Tom Callaway  - 75.0.3770.100-3
- apply upstream fix to resolve issue where it is dangerous to post a
  task with a RenderProcessHost pointer because the RenderProcessHost
  can go away before the task is run (causing a segfault).
* Tue Jun 25 2019 Tom Callaway  - 75.0.3770.100-2
- fix v8 compile with gcc
* Thu Jun 20 2019 Tom Callaway  - 75.0.3770.100-1
- update to 75.0.3770.100
* Fri Jun 14 2019 Tom Callaway  - 75.0.3770.90-1
- update to 75.0.3770.90
* Wed Jun  5 2019 Tom Callaway  - 75.0.3770.80-1
- update to 75.0.3770.80
- disable vaapi (via conditional), too broken
* Fri May 31 2019 Tom Callaway  - 74.0.3729.169-1
- update to 74.0.3729.169
* Thu Apr 11 2019 Tom Callaway  - 73.0.3683.103-1
- update to 73.0.3683.103
- add CLONE_VFORK logic to seccomp filter for linux to handle glibc 2.29 change
--------------------------------------------------------------------------------References:

  [ 1 ] Bug #1784989 - CVE-2019-13767 chromium-browser: Use after free in media picker
        https://bugzilla.redhat.com/show_bug.cgi?id=1784989
  [ 2 ] Bug #1782008 - CVE-2019-13763 chromium-browser: Insufficient policy enforcement in payments
        https://bugzilla.redhat.com/show_bug.cgi?id=1782008
  [ 3 ] Bug #1782007 - CVE-2019-13762 chromium-browser: Insufficient policy enforcement in downloads
        https://bugzilla.redhat.com/show_bug.cgi?id=1782007
  [ 4 ] Bug #1782006 - CVE-2019-13761 chromium-browser: Incorrect security UI in Omnibox
        https://bugzilla.redhat.com/show_bug.cgi?id=1782006
  [ 5 ] Bug #1782005 - CVE-2019-13759 chromium-browser: Incorrect security UI in interstitials
        https://bugzilla.redhat.com/show_bug.cgi?id=1782005
  [ 6 ] Bug #1782004 - CVE-2019-13757 chromium-browser: Incorrect security UI in Omnibox
        https://bugzilla.redhat.com/show_bug.cgi?id=1782004
  [ 7 ] Bug #1782000 - CVE-2019-13753 sqlite: fts3: incorrectly removed corruption check
        https://bugzilla.redhat.com/show_bug.cgi?id=1782000
  [ 8 ] Bug #1782003 - CVE-2019-13756 chromium-browser: Incorrect security UI in printing
        https://bugzilla.redhat.com/show_bug.cgi?id=1782003
  [ 9 ] Bug #1782002 - CVE-2019-13755 chromium-browser: Insufficient policy enforcement in extensions
        https://bugzilla.redhat.com/show_bug.cgi?id=1782002
  [ 10 ] Bug #1782001 - CVE-2019-13754 chromium-browser: Insufficient policy enforcement in extensions
        https://bugzilla.redhat.com/show_bug.cgi?id=1782001
  [ 11 ] Bug #1781998 - CVE-2019-13751 sqlite: fts3: improve detection of corrupted records
        https://bugzilla.redhat.com/show_bug.cgi?id=1781998
  [ 12 ] Bug #1781999 - CVE-2019-13752 sqlite: fts3: improve shadow table corruption detection
        https://bugzilla.redhat.com/show_bug.cgi?id=1781999
  [ 13 ] Bug #1781995 - CVE-2019-13749 chromium-browser: Incorrect security UI in Omnibox
        https://bugzilla.redhat.com/show_bug.cgi?id=1781995
  [ 14 ] Bug #1781993 - CVE-2019-13747 chromium-browser: Uninitialized Use in rendering
        https://bugzilla.redhat.com/show_bug.cgi?id=1781993
  [ 15 ] Bug #1781997 - CVE-2019-13750 sqlite: dropping of shadow tables not restricted in defensive mode
        https://bugzilla.redhat.com/show_bug.cgi?id=1781997
  [ 16 ] Bug #1781992 - CVE-2019-13746 chromium-browser: Insufficient policy enforcement in Omnibox
        https://bugzilla.redhat.com/show_bug.cgi?id=1781992
  [ 17 ] Bug #1781994 - CVE-2019-13748 chromium-browser: Insufficient policy enforcement in developer tools
        https://bugzilla.redhat.com/show_bug.cgi?id=1781994
  [ 18 ] Bug #1781991 - CVE-2019-13745 chromium-browser: Insufficient policy enforcement in audio
        https://bugzilla.redhat.com/show_bug.cgi?id=1781991
  [ 19 ] Bug #1781990 - CVE-2019-13743 chromium-browser: Incorrect security UI in external protocol handling
        https://bugzilla.redhat.com/show_bug.cgi?id=1781990
  [ 20 ] Bug #1781987 - CVE-2019-13740 chromium-browser: Incorrect security UI in sharing
        https://bugzilla.redhat.com/show_bug.cgi?id=1781987
  [ 21 ] Bug #1781989 - CVE-2019-13742 chromium-browser: Incorrect security UI in Omnibox
        https://bugzilla.redhat.com/show_bug.cgi?id=1781989
  [ 22 ] Bug #1781988 - CVE-2019-13741 chromium-browser: Insufficient validation of untrusted input in Blink
        https://bugzilla.redhat.com/show_bug.cgi?id=1781988
  [ 23 ] Bug #1781986 - CVE-2019-13739 chromium-browser: Incorrect security UI in Omnibox
        https://bugzilla.redhat.com/show_bug.cgi?id=1781986
  [ 24 ] Bug #1781985 - CVE-2019-13738 chromium-browser: Insufficient policy enforcement in navigation
        https://bugzilla.redhat.com/show_bug.cgi?id=1781985
  [ 25 ] Bug #1781983 - CVE-2019-13736 chromium-browser: Integer overflow in PDFium
        https://bugzilla.redhat.com/show_bug.cgi?id=1781983
  [ 26 ] Bug #1781984 - CVE-2019-13737 chromium-browser: Insufficient policy enforcement in autocomplete
        https://bugzilla.redhat.com/show_bug.cgi?id=1781984
  [ 27 ] Bug #1781980 - CVE-2019-13734 sqlite: fts3: improve shadow table corruption detection
        https://bugzilla.redhat.com/show_bug.cgi?id=1781980
  [ 28 ] Bug #1781982 - CVE-2019-13764 chromium-browser: Type Confusion in V8
        https://bugzilla.redhat.com/show_bug.cgi?id=1781982
  [ 29 ] Bug #1781981 - CVE-2019-13735 chromium-browser: Out of bounds write in V8
        https://bugzilla.redhat.com/show_bug.cgi?id=1781981
  [ 30 ] Bug #1781979 - CVE-2019-13732 chromium-browser: Use after free in WebAudio
        https://bugzilla.redhat.com/show_bug.cgi?id=1781979
  [ 31 ] Bug #1781978 - CVE-2019-13730 chromium-browser: Type Confusion in V8
        https://bugzilla.redhat.com/show_bug.cgi?id=1781978
  [ 32 ] Bug #1781974 - CVE-2019-13726 chromium-browser: Heap buffer overflow in password manager
        https://bugzilla.redhat.com/show_bug.cgi?id=1781974
  [ 33 ] Bug #1781975 - CVE-2019-13727 chromium-browser: Insufficient policy enforcement in WebSockets
        https://bugzilla.redhat.com/show_bug.cgi?id=1781975
  [ 34 ] Bug #1781976 - CVE-2019-13728 chromium-browser: Out of bounds write in V8
        https://bugzilla.redhat.com/show_bug.cgi?id=1781976
  [ 35 ] Bug #1781977 - CVE-2019-13729 chromium-browser: Use after free in WebSockets
        https://bugzilla.redhat.com/show_bug.cgi?id=1781977
  [ 36 ] Bug #1781973 - CVE-2019-13725 chromium-browser: Use after free in Bluetooth
        https://bugzilla.redhat.com/show_bug.cgi?id=1781973
  [ 37 ] Bug #1782021 - CVE-2019-13744 chromium-browser: Insufficient policy enforcement in cookies
        https://bugzilla.redhat.com/show_bug.cgi?id=1782021
  [ 38 ] Bug #1782017 - CVE-2019-13758 chromium-browser: Insufficient policy enforcement in navigation
        https://bugzilla.redhat.com/show_bug.cgi?id=1782017
--------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2020-4355ea258e' at the command
line. For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/security/
--------------------------------------------------------------------------------_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org

Fedora 30: chromium FEDORA-2020-4355ea258e

January 18, 2020
Update to 79.0.3945.117

Summary

Chromium is an open-source web browser, powered by WebKit (Blink).

Update to 79.0.3945.117. Fixes CVE-2020-6377. ---- Security fix for

CVE-2019-13767. ---- Update to Chromium 79. Fixes the usual giant pile of bugs

and security issues. This time, the list is: CVE-2019-13725 CVE-2019-13726

CVE-2019-13727 CVE-2019-13728 CVE-2019-13729 CVE-2019-13730 CVE-2019-13732

CVE-2019-13734 CVE-2019-13735 CVE-2019-13764 CVE-2019-13736 CVE-2019-13737

CVE-2019-13738 CVE-2019-13739 CVE-2019-13740 CVE-2019-13741 CVE-2019-13742

CVE-2019-13743 CVE-2019-13744 CVE-2019-13745 CVE-2019-13746 CVE-2019-13747

CVE-2019-13748 CVE-2019-13749 CVE-2019-13750 CVE-2019-13751 CVE-2019-13752

CVE-2019-13753 CVE-2019-13754 CVE-2019-13755 CVE-2019-13756 CVE-2019-13757

CVE-2019-13758 CVE-2019-13759 CVE-2019-13761 CVE-2019-13762 CVE-2019-13763

* Thu Jan 9 2020 Tom Callaway - 79.0.3945.117-1

- update to 79.0.3945.117

* Tue Dec 17 2019 Tom Callaway - 79.0.3945.88-1

- update to 79.0.3945.88

* Tue Dec 10 2019 Tom Callaway - 79.0.3945.79-1

- update to 79.0.3945.79

* Wed Dec 4 2019 Tom Callaway - 79.0.3945.56-2

- fix lib provides filtering

* Tue Dec 3 2019 Tom Callaway - 79.0.3945.56-1

- update to current beta (rawhide only)

- switch to upstream patch for clock_nanosleep fix

* Mon Nov 25 2019 Tom Callaway - 78.0.3904.108-1

- update to 78.0.3904.108

* Sun Nov 17 2019 Tom Callaway - 78.0.3904.97-2

- allow clock_nanosleep through seccomp (bz #1773289)

* Thu Nov 7 2019 Tom Callaway - 78.0.3904.97-1

- update to 78.0.3904.97

* Fri Nov 1 2019 Tom Callaway - 78.0.3904.87-1

- update to 78.0.3904.87

- apply most of the freeworld changes in PR 23/24/25

* Wed Oct 23 2019 Tom Callaway - 78.0.3904.80-1

- update to 78.0.3904.80

* Wed Oct 16 2019 Tom Callaway - 77.0.3865.120-4

- upstream fix for zlib symbol exports with gcc

* Wed Oct 16 2019 Tom Callaway - 77.0.3865.120-3

- silence outdated build noise (bz1745745)

* Tue Oct 15 2019 Tom Callaway - 77.0.3865.120-2

- fix node handling for EPEL-8

* Mon Oct 14 2019 Tomas Popela - 77.0.3865.120-1

- Update to 77.0.3865.120

* Thu Oct 10 2019 Tom Callaway - 77.0.3865.90-4

- enable aarch64 for EPEL-8

* Wed Oct 9 2019 Tom Callaway - 77.0.3865.90-3

- spec cleanups and changes to make EPEL8 try to build

* Mon Sep 23 2019 Tomas Popela - 77.0.3865.90-2

- Fix the icon

- Remove quite a few of downstream patches

- Fix the crashes by backporting an upstream bug

- Resolves: rhbz#1754179

* Thu Sep 19 2019 Tomas Popela - 77.0.3865.90-1

- Update to 77.0.3865.90

* Mon Sep 16 2019 Tomas Popela - 77.0.3865.75-2

- Update the list of private libraries

* Fri Sep 13 2019 Tomas Popela - 77.0.3865.75-1

- Update to 77.0.3865.75

* Tue Sep 3 2019 Tomas Popela - 76.0.3809.132-2

- Backport patch to fix certificate transparency

* Tue Aug 27 2019 Tomas Popela - 76.0.3809.132-1

- Update to 76.0.3809.132

* Tue Aug 13 2019 Tomas Popela - 76.0.3809.100-1

- Update to 76.0.3809.100

* Wed Jul 24 2019 Fedora Release Engineering - 75.0.3770.100-4

- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild

* Tue Jul 2 2019 Tom Callaway - 75.0.3770.100-3

- apply upstream fix to resolve issue where it is dangerous to post a

task with a RenderProcessHost pointer because the RenderProcessHost

can go away before the task is run (causing a segfault).

* Tue Jun 25 2019 Tom Callaway - 75.0.3770.100-2

- fix v8 compile with gcc

* Thu Jun 20 2019 Tom Callaway - 75.0.3770.100-1

- update to 75.0.3770.100

* Fri Jun 14 2019 Tom Callaway - 75.0.3770.90-1

- update to 75.0.3770.90

* Wed Jun 5 2019 Tom Callaway - 75.0.3770.80-1

- update to 75.0.3770.80

- disable vaapi (via conditional), too broken

* Fri May 31 2019 Tom Callaway - 74.0.3729.169-1

- update to 74.0.3729.169

* Thu Apr 11 2019 Tom Callaway - 73.0.3683.103-1

- update to 73.0.3683.103

- add CLONE_VFORK logic to seccomp filter for linux to handle glibc 2.29 change

[ 1 ] Bug #1784989 - CVE-2019-13767 chromium-browser: Use after free in media picker

https://bugzilla.redhat.com/show_bug.cgi?id=1784989

[ 2 ] Bug #1782008 - CVE-2019-13763 chromium-browser: Insufficient policy enforcement in payments

https://bugzilla.redhat.com/show_bug.cgi?id=1782008

[ 3 ] Bug #1782007 - CVE-2019-13762 chromium-browser: Insufficient policy enforcement in downloads

https://bugzilla.redhat.com/show_bug.cgi?id=1782007

[ 4 ] Bug #1782006 - CVE-2019-13761 chromium-browser: Incorrect security UI in Omnibox

https://bugzilla.redhat.com/show_bug.cgi?id=1782006

[ 5 ] Bug #1782005 - CVE-2019-13759 chromium-browser: Incorrect security UI in interstitials

https://bugzilla.redhat.com/show_bug.cgi?id=1782005

[ 6 ] Bug #1782004 - CVE-2019-13757 chromium-browser: Incorrect security UI in Omnibox

https://bugzilla.redhat.com/show_bug.cgi?id=1782004

[ 7 ] Bug #1782000 - CVE-2019-13753 sqlite: fts3: incorrectly removed corruption check

https://bugzilla.redhat.com/show_bug.cgi?id=1782000

[ 8 ] Bug #1782003 - CVE-2019-13756 chromium-browser: Incorrect security UI in printing

https://bugzilla.redhat.com/show_bug.cgi?id=1782003

[ 9 ] Bug #1782002 - CVE-2019-13755 chromium-browser: Insufficient policy enforcement in extensions

https://bugzilla.redhat.com/show_bug.cgi?id=1782002

[ 10 ] Bug #1782001 - CVE-2019-13754 chromium-browser: Insufficient policy enforcement in extensions

https://bugzilla.redhat.com/show_bug.cgi?id=1782001

[ 11 ] Bug #1781998 - CVE-2019-13751 sqlite: fts3: improve detection of corrupted records

https://bugzilla.redhat.com/show_bug.cgi?id=1781998

[ 12 ] Bug #1781999 - CVE-2019-13752 sqlite: fts3: improve shadow table corruption detection

https://bugzilla.redhat.com/show_bug.cgi?id=1781999

[ 13 ] Bug #1781995 - CVE-2019-13749 chromium-browser: Incorrect security UI in Omnibox

https://bugzilla.redhat.com/show_bug.cgi?id=1781995

[ 14 ] Bug #1781993 - CVE-2019-13747 chromium-browser: Uninitialized Use in rendering

https://bugzilla.redhat.com/show_bug.cgi?id=1781993

[ 15 ] Bug #1781997 - CVE-2019-13750 sqlite: dropping of shadow tables not restricted in defensive mode

https://bugzilla.redhat.com/show_bug.cgi?id=1781997

[ 16 ] Bug #1781992 - CVE-2019-13746 chromium-browser: Insufficient policy enforcement in Omnibox

https://bugzilla.redhat.com/show_bug.cgi?id=1781992

[ 17 ] Bug #1781994 - CVE-2019-13748 chromium-browser: Insufficient policy enforcement in developer tools

https://bugzilla.redhat.com/show_bug.cgi?id=1781994

[ 18 ] Bug #1781991 - CVE-2019-13745 chromium-browser: Insufficient policy enforcement in audio

https://bugzilla.redhat.com/show_bug.cgi?id=1781991

[ 19 ] Bug #1781990 - CVE-2019-13743 chromium-browser: Incorrect security UI in external protocol handling

https://bugzilla.redhat.com/show_bug.cgi?id=1781990

[ 20 ] Bug #1781987 - CVE-2019-13740 chromium-browser: Incorrect security UI in sharing

https://bugzilla.redhat.com/show_bug.cgi?id=1781987

[ 21 ] Bug #1781989 - CVE-2019-13742 chromium-browser: Incorrect security UI in Omnibox

https://bugzilla.redhat.com/show_bug.cgi?id=1781989

[ 22 ] Bug #1781988 - CVE-2019-13741 chromium-browser: Insufficient validation of untrusted input in Blink

https://bugzilla.redhat.com/show_bug.cgi?id=1781988

[ 23 ] Bug #1781986 - CVE-2019-13739 chromium-browser: Incorrect security UI in Omnibox

https://bugzilla.redhat.com/show_bug.cgi?id=1781986

[ 24 ] Bug #1781985 - CVE-2019-13738 chromium-browser: Insufficient policy enforcement in navigation

https://bugzilla.redhat.com/show_bug.cgi?id=1781985

[ 25 ] Bug #1781983 - CVE-2019-13736 chromium-browser: Integer overflow in PDFium

https://bugzilla.redhat.com/show_bug.cgi?id=1781983

[ 26 ] Bug #1781984 - CVE-2019-13737 chromium-browser: Insufficient policy enforcement in autocomplete

https://bugzilla.redhat.com/show_bug.cgi?id=1781984

[ 27 ] Bug #1781980 - CVE-2019-13734 sqlite: fts3: improve shadow table corruption detection

https://bugzilla.redhat.com/show_bug.cgi?id=1781980

[ 28 ] Bug #1781982 - CVE-2019-13764 chromium-browser: Type Confusion in V8

https://bugzilla.redhat.com/show_bug.cgi?id=1781982

[ 29 ] Bug #1781981 - CVE-2019-13735 chromium-browser: Out of bounds write in V8

https://bugzilla.redhat.com/show_bug.cgi?id=1781981

[ 30 ] Bug #1781979 - CVE-2019-13732 chromium-browser: Use after free in WebAudio

https://bugzilla.redhat.com/show_bug.cgi?id=1781979

[ 31 ] Bug #1781978 - CVE-2019-13730 chromium-browser: Type Confusion in V8

https://bugzilla.redhat.com/show_bug.cgi?id=1781978

[ 32 ] Bug #1781974 - CVE-2019-13726 chromium-browser: Heap buffer overflow in password manager

https://bugzilla.redhat.com/show_bug.cgi?id=1781974

[ 33 ] Bug #1781975 - CVE-2019-13727 chromium-browser: Insufficient policy enforcement in WebSockets

https://bugzilla.redhat.com/show_bug.cgi?id=1781975

[ 34 ] Bug #1781976 - CVE-2019-13728 chromium-browser: Out of bounds write in V8

https://bugzilla.redhat.com/show_bug.cgi?id=1781976

[ 35 ] Bug #1781977 - CVE-2019-13729 chromium-browser: Use after free in WebSockets

https://bugzilla.redhat.com/show_bug.cgi?id=1781977

[ 36 ] Bug #1781973 - CVE-2019-13725 chromium-browser: Use after free in Bluetooth

https://bugzilla.redhat.com/show_bug.cgi?id=1781973

[ 37 ] Bug #1782021 - CVE-2019-13744 chromium-browser: Insufficient policy enforcement in cookies

https://bugzilla.redhat.com/show_bug.cgi?id=1782021

[ 38 ] Bug #1782017 - CVE-2019-13758 chromium-browser: Insufficient policy enforcement in navigation

https://bugzilla.redhat.com/show_bug.cgi?id=1782017

su -c 'dnf upgrade --advisory FEDORA-2020-4355ea258e' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org

FEDORA-2020-4355ea258e 2020-01-19 01:00:16.266048 Product : Fedora 30 Version : 79.0.3945.117 Release : 1.fc30 URL : https://www.chromium.org/Home/ Summary : A WebKit (Blink) powered web browser Description : Chromium is an open-source web browser, powered by WebKit (Blink). Update to 79.0.3945.117. Fixes CVE-2020-6377. ---- Security fix for CVE-2019-13767. ---- Update to Chromium 79. Fixes the usual giant pile of bugs and security issues. This time, the list is: CVE-2019-13725 CVE-2019-13726 CVE-2019-13727 CVE-2019-13728 CVE-2019-13729 CVE-2019-13730 CVE-2019-13732 CVE-2019-13734 CVE-2019-13735 CVE-2019-13764 CVE-2019-13736 CVE-2019-13737 CVE-2019-13738 CVE-2019-13739 CVE-2019-13740 CVE-2019-13741 CVE-2019-13742 CVE-2019-13743 CVE-2019-13744 CVE-2019-13745 CVE-2019-13746 CVE-2019-13747 CVE-2019-13748 CVE-2019-13749 CVE-2019-13750 CVE-2019-13751 CVE-2019-13752 CVE-2019-13753 CVE-2019-13754 CVE-2019-13755 CVE-2019-13756 CVE-2019-13757 CVE-2019-13758 CVE-2019-13759 CVE-2019-13761 CVE-2019-13762 CVE-2019-13763 * Thu Jan 9 2020 Tom Callaway - 79.0.3945.117-1 - update to 79.0.3945.117 * Tue Dec 17 2019 Tom Callaway - 79.0.3945.88-1 - update to 79.0.3945.88 * Tue Dec 10 2019 Tom Callaway - 79.0.3945.79-1 - update to 79.0.3945.79 * Wed Dec 4 2019 Tom Callaway - 79.0.3945.56-2 - fix lib provides filtering * Tue Dec 3 2019 Tom Callaway - 79.0.3945.56-1 - update to current beta (rawhide only) - switch to upstream patch for clock_nanosleep fix * Mon Nov 25 2019 Tom Callaway - 78.0.3904.108-1 - update to 78.0.3904.108 * Sun Nov 17 2019 Tom Callaway - 78.0.3904.97-2 - allow clock_nanosleep through seccomp (bz #1773289) * Thu Nov 7 2019 Tom Callaway - 78.0.3904.97-1 - update to 78.0.3904.97 * Fri Nov 1 2019 Tom Callaway - 78.0.3904.87-1 - update to 78.0.3904.87 - apply most of the freeworld changes in PR 23/24/25 * Wed Oct 23 2019 Tom Callaway - 78.0.3904.80-1 - update to 78.0.3904.80 * Wed Oct 16 2019 Tom Callaway - 77.0.3865.120-4 - upstream fix for zlib symbol exports with gcc * Wed Oct 16 2019 Tom Callaway - 77.0.3865.120-3 - silence outdated build noise (bz1745745) * Tue Oct 15 2019 Tom Callaway - 77.0.3865.120-2 - fix node handling for EPEL-8 * Mon Oct 14 2019 Tomas Popela - 77.0.3865.120-1 - Update to 77.0.3865.120 * Thu Oct 10 2019 Tom Callaway - 77.0.3865.90-4 - enable aarch64 for EPEL-8 * Wed Oct 9 2019 Tom Callaway - 77.0.3865.90-3 - spec cleanups and changes to make EPEL8 try to build * Mon Sep 23 2019 Tomas Popela - 77.0.3865.90-2 - Fix the icon - Remove quite a few of downstream patches - Fix the crashes by backporting an upstream bug - Resolves: rhbz#1754179 * Thu Sep 19 2019 Tomas Popela - 77.0.3865.90-1 - Update to 77.0.3865.90 * Mon Sep 16 2019 Tomas Popela - 77.0.3865.75-2 - Update the list of private libraries * Fri Sep 13 2019 Tomas Popela - 77.0.3865.75-1 - Update to 77.0.3865.75 * Tue Sep 3 2019 Tomas Popela - 76.0.3809.132-2 - Backport patch to fix certificate transparency * Tue Aug 27 2019 Tomas Popela - 76.0.3809.132-1 - Update to 76.0.3809.132 * Tue Aug 13 2019 Tomas Popela - 76.0.3809.100-1 - Update to 76.0.3809.100 * Wed Jul 24 2019 Fedora Release Engineering - 75.0.3770.100-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild * Tue Jul 2 2019 Tom Callaway - 75.0.3770.100-3 - apply upstream fix to resolve issue where it is dangerous to post a task with a RenderProcessHost pointer because the RenderProcessHost can go away before the task is run (causing a segfault). * Tue Jun 25 2019 Tom Callaway - 75.0.3770.100-2 - fix v8 compile with gcc * Thu Jun 20 2019 Tom Callaway - 75.0.3770.100-1 - update to 75.0.3770.100 * Fri Jun 14 2019 Tom Callaway - 75.0.3770.90-1 - update to 75.0.3770.90 * Wed Jun 5 2019 Tom Callaway - 75.0.3770.80-1 - update to 75.0.3770.80 - disable vaapi (via conditional), too broken * Fri May 31 2019 Tom Callaway - 74.0.3729.169-1 - update to 74.0.3729.169 * Thu Apr 11 2019 Tom Callaway - 73.0.3683.103-1 - update to 73.0.3683.103 - add CLONE_VFORK logic to seccomp filter for linux to handle glibc 2.29 change [ 1 ] Bug #1784989 - CVE-2019-13767 chromium-browser: Use after free in media picker https://bugzilla.redhat.com/show_bug.cgi?id=1784989 [ 2 ] Bug #1782008 - CVE-2019-13763 chromium-browser: Insufficient policy enforcement in payments https://bugzilla.redhat.com/show_bug.cgi?id=1782008 [ 3 ] Bug #1782007 - CVE-2019-13762 chromium-browser: Insufficient policy enforcement in downloads https://bugzilla.redhat.com/show_bug.cgi?id=1782007 [ 4 ] Bug #1782006 - CVE-2019-13761 chromium-browser: Incorrect security UI in Omnibox https://bugzilla.redhat.com/show_bug.cgi?id=1782006 [ 5 ] Bug #1782005 - CVE-2019-13759 chromium-browser: Incorrect security UI in interstitials https://bugzilla.redhat.com/show_bug.cgi?id=1782005 [ 6 ] Bug #1782004 - CVE-2019-13757 chromium-browser: Incorrect security UI in Omnibox https://bugzilla.redhat.com/show_bug.cgi?id=1782004 [ 7 ] Bug #1782000 - CVE-2019-13753 sqlite: fts3: incorrectly removed corruption check https://bugzilla.redhat.com/show_bug.cgi?id=1782000 [ 8 ] Bug #1782003 - CVE-2019-13756 chromium-browser: Incorrect security UI in printing https://bugzilla.redhat.com/show_bug.cgi?id=1782003 [ 9 ] Bug #1782002 - CVE-2019-13755 chromium-browser: Insufficient policy enforcement in extensions https://bugzilla.redhat.com/show_bug.cgi?id=1782002 [ 10 ] Bug #1782001 - CVE-2019-13754 chromium-browser: Insufficient policy enforcement in extensions https://bugzilla.redhat.com/show_bug.cgi?id=1782001 [ 11 ] Bug #1781998 - CVE-2019-13751 sqlite: fts3: improve detection of corrupted records https://bugzilla.redhat.com/show_bug.cgi?id=1781998 [ 12 ] Bug #1781999 - CVE-2019-13752 sqlite: fts3: improve shadow table corruption detection https://bugzilla.redhat.com/show_bug.cgi?id=1781999 [ 13 ] Bug #1781995 - CVE-2019-13749 chromium-browser: Incorrect security UI in Omnibox https://bugzilla.redhat.com/show_bug.cgi?id=1781995 [ 14 ] Bug #1781993 - CVE-2019-13747 chromium-browser: Uninitialized Use in rendering https://bugzilla.redhat.com/show_bug.cgi?id=1781993 [ 15 ] Bug #1781997 - CVE-2019-13750 sqlite: dropping of shadow tables not restricted in defensive mode https://bugzilla.redhat.com/show_bug.cgi?id=1781997 [ 16 ] Bug #1781992 - CVE-2019-13746 chromium-browser: Insufficient policy enforcement in Omnibox https://bugzilla.redhat.com/show_bug.cgi?id=1781992 [ 17 ] Bug #1781994 - CVE-2019-13748 chromium-browser: Insufficient policy enforcement in developer tools https://bugzilla.redhat.com/show_bug.cgi?id=1781994 [ 18 ] Bug #1781991 - CVE-2019-13745 chromium-browser: Insufficient policy enforcement in audio https://bugzilla.redhat.com/show_bug.cgi?id=1781991 [ 19 ] Bug #1781990 - CVE-2019-13743 chromium-browser: Incorrect security UI in external protocol handling https://bugzilla.redhat.com/show_bug.cgi?id=1781990 [ 20 ] Bug #1781987 - CVE-2019-13740 chromium-browser: Incorrect security UI in sharing https://bugzilla.redhat.com/show_bug.cgi?id=1781987 [ 21 ] Bug #1781989 - CVE-2019-13742 chromium-browser: Incorrect security UI in Omnibox https://bugzilla.redhat.com/show_bug.cgi?id=1781989 [ 22 ] Bug #1781988 - CVE-2019-13741 chromium-browser: Insufficient validation of untrusted input in Blink https://bugzilla.redhat.com/show_bug.cgi?id=1781988 [ 23 ] Bug #1781986 - CVE-2019-13739 chromium-browser: Incorrect security UI in Omnibox https://bugzilla.redhat.com/show_bug.cgi?id=1781986 [ 24 ] Bug #1781985 - CVE-2019-13738 chromium-browser: Insufficient policy enforcement in navigation https://bugzilla.redhat.com/show_bug.cgi?id=1781985 [ 25 ] Bug #1781983 - CVE-2019-13736 chromium-browser: Integer overflow in PDFium https://bugzilla.redhat.com/show_bug.cgi?id=1781983 [ 26 ] Bug #1781984 - CVE-2019-13737 chromium-browser: Insufficient policy enforcement in autocomplete https://bugzilla.redhat.com/show_bug.cgi?id=1781984 [ 27 ] Bug #1781980 - CVE-2019-13734 sqlite: fts3: improve shadow table corruption detection https://bugzilla.redhat.com/show_bug.cgi?id=1781980 [ 28 ] Bug #1781982 - CVE-2019-13764 chromium-browser: Type Confusion in V8 https://bugzilla.redhat.com/show_bug.cgi?id=1781982 [ 29 ] Bug #1781981 - CVE-2019-13735 chromium-browser: Out of bounds write in V8 https://bugzilla.redhat.com/show_bug.cgi?id=1781981 [ 30 ] Bug #1781979 - CVE-2019-13732 chromium-browser: Use after free in WebAudio https://bugzilla.redhat.com/show_bug.cgi?id=1781979 [ 31 ] Bug #1781978 - CVE-2019-13730 chromium-browser: Type Confusion in V8 https://bugzilla.redhat.com/show_bug.cgi?id=1781978 [ 32 ] Bug #1781974 - CVE-2019-13726 chromium-browser: Heap buffer overflow in password manager https://bugzilla.redhat.com/show_bug.cgi?id=1781974 [ 33 ] Bug #1781975 - CVE-2019-13727 chromium-browser: Insufficient policy enforcement in WebSockets https://bugzilla.redhat.com/show_bug.cgi?id=1781975 [ 34 ] Bug #1781976 - CVE-2019-13728 chromium-browser: Out of bounds write in V8 https://bugzilla.redhat.com/show_bug.cgi?id=1781976 [ 35 ] Bug #1781977 - CVE-2019-13729 chromium-browser: Use after free in WebSockets https://bugzilla.redhat.com/show_bug.cgi?id=1781977 [ 36 ] Bug #1781973 - CVE-2019-13725 chromium-browser: Use after free in Bluetooth https://bugzilla.redhat.com/show_bug.cgi?id=1781973 [ 37 ] Bug #1782021 - CVE-2019-13744 chromium-browser: Insufficient policy enforcement in cookies https://bugzilla.redhat.com/show_bug.cgi?id=1782021 [ 38 ] Bug #1782017 - CVE-2019-13758 chromium-browser: Insufficient policy enforcement in navigation https://bugzilla.redhat.com/show_bug.cgi?id=1782017 su -c 'dnf upgrade --advisory FEDORA-2020-4355ea258e' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org

Change Log

References

Update Instructions

Severity
Product : Fedora 30
Version : 79.0.3945.117
Release : 1.fc30
URL : https://www.chromium.org/Home/
Summary : A WebKit (Blink) powered web browser

Related News