Fedora 30: FEDORA-2019-05a780936d Critical: Chromium Buffer Overflow

fedora

March 29, 2019

Update to 73.0.3683.75

Summary

Chromium is an open-source web browser, powered by WebKit (Blink).

Update to 73.0.3683.75. Fixes large bucket of CVEs. CVE-2019-5754 CVE-2019-5782

CVE-2019-5755 CVE-2019-5756 CVE-2019-5757 CVE-2019-5758 CVE-2019-5759

CVE-2019-5760 CVE-2019-5761 CVE-2019-5762 CVE-2019-5763 CVE-2019-5764

CVE-2019-5765 CVE-2019-5766 CVE-2019-5767 CVE-2019-5768 CVE-2019-5769

CVE-2019-5770 CVE-2019-5771 CVE-2019-5772 CVE-2019-5773 CVE-2019-5774

CVE-2019-5775 CVE-2019-5776 CVE-2019-5777 CVE-2019-5778 CVE-2019-5779

CVE-2019-5780 CVE-2019-5781 CVE-2019-5784 CVE-2019-5786 CVE-2019-5787

CVE-2019-5788 CVE-2019-5789 CVE-2019-5790 CVE-2019-5791 CVE-2019-5792

CVE-2019-5793 CVE-2019-5794 CVE-2019-5795 CVE-2019-5796 CVE-2019-5797

CVE-2019-5798 CVE-2019-5799 CVE-2019-5800 CVE-2019-5802 CVE-2019-5803

[ 1 ] Bug #1688206 - CVE-2019-5804 chromium-browser: Command line command injection on Windows

https://bugzilla.redhat.com/show_bug.cgi?id=1688206

[ 2 ] Bug #1688205 - CVE-2019-5803 chromium-browser: CSP bypass with Javascript URLs'

https://bugzilla.redhat.com/show_bug.cgi?id=1688205

[ 3 ] Bug #1688204 - CVE-2019-5802 chromium-browser: Security UI spoofing

https://bugzilla.redhat.com/show_bug.cgi?id=1688204

[ 4 ] Bug #1688203 - CVE-2019-5801 chromium-browser: Incorrect Omnibox display on iOS

https://bugzilla.redhat.com/show_bug.cgi?id=1688203

[ 5 ] Bug #1688202 - CVE-2019-5800 chromium-browser: CSP bypass with blob URL

https://bugzilla.redhat.com/show_bug.cgi?id=1688202

[ 6 ] Bug #1688201 - CVE-2019-5799 chromium-browser: CSP bypass with blob URL

https://bugzilla.redhat.com/show_bug.cgi?id=1688201

[ 7 ] Bug #1688200 - CVE-2019-5798 chromium-browser: Out of bounds read in Skia

https://bugzilla.redhat.com/show_bug.cgi?id=1688200

[ 8 ] Bug #1688199 - CVE-2019-5797 chromium-browser: Race condition in DOMStorage

https://bugzilla.redhat.com/show_bug.cgi?id=1688199

[ 9 ] Bug #1688198 - CVE-2019-5796 chromium-browser: Race condition in Extensions

https://bugzilla.redhat.com/show_bug.cgi?id=1688198

[ 10 ] Bug #1688197 - CVE-2019-5795 chromium-browser: Integer overflow in PDFium

https://bugzilla.redhat.com/show_bug.cgi?id=1688197

[ 11 ] Bug #1688196 - CVE-2019-5794 chromium-browser: Security UI spoofing

https://bugzilla.redhat.com/show_bug.cgi?id=1688196

[ 12 ] Bug #1688195 - CVE-2019-5793 chromium-browser: Excessive permissions for private API in Extensions

https://bugzilla.redhat.com/show_bug.cgi?id=1688195

[ 13 ] Bug #1688194 - CVE-2019-5792 chromium-browser: Integer overflow in PDFium

https://bugzilla.redhat.com/show_bug.cgi?id=1688194

[ 14 ] Bug #1688193 - CVE-2019-5791 chromium-browser: Type confusion in V8

https://bugzilla.redhat.com/show_bug.cgi?id=1688193

[ 15 ] Bug #1688192 - CVE-2019-5790 chromium-browser: Heap buffer overflow in V8

https://bugzilla.redhat.com/show_bug.cgi?id=1688192

[ 16 ] Bug #1688191 - CVE-2019-5789 chromium-browser: Use after free in WebMIDI

https://bugzilla.redhat.com/show_bug.cgi?id=1688191

[ 17 ] Bug #1688190 - CVE-2019-5788 chromium-browser: Use after free in FileAPI

https://bugzilla.redhat.com/show_bug.cgi?id=1688190

[ 18 ] Bug #1688189 - CVE-2019-5787 chromium-browser: Use after free in Canvas

https://bugzilla.redhat.com/show_bug.cgi?id=1688189

[ 19 ] Bug #1685162 - CVE-2019-5786 chromium-browser: Use-after-free in FileReader

https://bugzilla.redhat.com/show_bug.cgi?id=1685162

[ 20 ] Bug #1676527 - CVE-2019-5784 chromium-browser: Inappropriate implementation in V8

https://bugzilla.redhat.com/show_bug.cgi?id=1676527

[ 21 ] Bug #1670764 - CVE-2019-5780 chromium-browser: Insufficient policy enforcement

https://bugzilla.redhat.com/show_bug.cgi?id=1670764

[ 22 ] Bug #1670763 - CVE-2019-5779 chromium-browser: Insufficient policy enforcement in ServiceWorker

https://bugzilla.redhat.com/show_bug.cgi?id=1670763

[ 23 ] Bug #1670762 - CVE-2019-5778 chromium-browser: Insufficient policy enforcement in Extensions

https://bugzilla.redhat.com/show_bug.cgi?id=1670762

[ 24 ] Bug #1670761 - CVE-2019-5777 chromium-browser: Insufficient policy enforcement in Omnibox

https://bugzilla.redhat.com/show_bug.cgi?id=1670761

[ 25 ] Bug #1670760 - CVE-2019-5776 chromium-browser: Insufficient policy enforcement in Omnibox

https://bugzilla.redhat.com/show_bug.cgi?id=1670760

[ 26 ] Bug #1670759 - CVE-2019-5775 chromium-browser: Insufficient policy enforcement in Omnibox

https://bugzilla.redhat.com/show_bug.cgi?id=1670759

[ 27 ] Bug #1670758 - CVE-2019-5774 chromium-browser: Insufficient validation of untrusted input in SafeBrowsing

https://bugzilla.redhat.com/show_bug.cgi?id=1670758

[ 28 ] Bug #1670757 - CVE-2019-5773 chromium-browser: Insufficient data validation in IndexedDB

https://bugzilla.redhat.com/show_bug.cgi?id=1670757

[ 29 ] Bug #1670756 - CVE-2019-5772 chromium-browser: Use after free in PDFium

https://bugzilla.redhat.com/show_bug.cgi?id=1670756

[ 30 ] Bug #1670755 - CVE-2019-5771 chromium-browser: Heap buffer overflow in SwiftShader

https://bugzilla.redhat.com/show_bug.cgi?id=1670755

[ 31 ] Bug #1670754 - CVE-2019-5770 chromium-browser: Heap buffer overflow in WebGL

https://bugzilla.redhat.com/show_bug.cgi?id=1670754

[ 32 ] Bug #1670753 - CVE-2019-5769 chromium-browser: Insufficient validation of untrusted input in Blink

https://bugzilla.redhat.com/show_bug.cgi?id=1670753

[ 33 ] Bug #1670752 - CVE-2019-5768 chromium-browser: Insufficient policy enforcement in DevTools

https://bugzilla.redhat.com/show_bug.cgi?id=1670752

[ 34 ] Bug #1670751 - CVE-2019-5767 chromium-browser: Incorrect security UI in WebAPKs

https://bugzilla.redhat.com/show_bug.cgi?id=1670751

[ 35 ] Bug #1670750 - CVE-2019-5766 chromium-browser: Insufficient policy enforcement in Canvas

https://bugzilla.redhat.com/show_bug.cgi?id=1670750

[ 36 ] Bug #1670749 - CVE-2019-5765 chromium-browser: Insufficient policy enforcement in the browser

https://bugzilla.redhat.com/show_bug.cgi?id=1670749

[ 37 ] Bug #1670748 - CVE-2019-5764 chromium-browser: Use after free in WebRTC

https://bugzilla.redhat.com/show_bug.cgi?id=1670748

[ 38 ] Bug #1670747 - CVE-2019-5763 chromium-browser: Insufficient validation of untrusted input in V8

https://bugzilla.redhat.com/show_bug.cgi?id=1670747

[ 39 ] Bug #1670746 - CVE-2019-5762 chromium-browser: Use after free in PDFium

https://bugzilla.redhat.com/show_bug.cgi?id=1670746

[ 40 ] Bug #1670745 - CVE-2019-5761 chromium-browser: Use after free in SwiftShader

https://bugzilla.redhat.com/show_bug.cgi?id=1670745

[ 41 ] Bug #1670744 - CVE-2019-5760 chromium-browser: Use after free in WebRTC

https://bugzilla.redhat.com/show_bug.cgi?id=1670744

[ 42 ] Bug #1670743 - CVE-2019-5759 chromium-browser: Use after free in HTML select elements

https://bugzilla.redhat.com/show_bug.cgi?id=1670743

[ 43 ] Bug #1670742 - CVE-2019-5758 chromium-browser: Use after free in Blink

https://bugzilla.redhat.com/show_bug.cgi?id=1670742

[ 44 ] Bug #1670741 - CVE-2019-5757 chromium-browser: Type Confusion in SVG

https://bugzilla.redhat.com/show_bug.cgi?id=1670741

[ 45 ] Bug #1670740 - CVE-2019-5756 chromium-browser: Use after free in PDFium

https://bugzilla.redhat.com/show_bug.cgi?id=1670740

[ 46 ] Bug #1670739 - CVE-2019-5755 chromium-browser: Inappropriate implementation in V8

https://bugzilla.redhat.com/show_bug.cgi?id=1670739

[ 47 ] Bug #1670738 - CVE-2019-5782 chromium-browser: Inappropriate implementation in V8

https://bugzilla.redhat.com/show_bug.cgi?id=1670738

[ 48 ] Bug #1670737 - CVE-2019-5754 chromium-browser: Inappropriate implementation in QUIC Networking

https://bugzilla.redhat.com/show_bug.cgi?id=1670737

su -c 'dnf upgrade --advisory FEDORA-2019-05a780936d' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Topics Covered

security advisory security update fedora buffer overflow critical browser patch chromium

Change Log

References

Update Instructions

Severity

critical

Lowest

Low

Medium

High

Critical

Product: Fedora 30

Version: 73.0.3683.75

Release: 2.fc30

URL: https://www.chromium.org/Home/

Summary: A WebKit (Blink) powered web browser

Topics Covered

security advisory security update fedora buffer overflow critical browser patch chromium

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

Fedora 30: FEDORA-2019-05a780936d Critical: Chromium Buffer Overflow

Summary

Topics Covered

Change Log

References

Update Instructions

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

Fedora 30: FEDORA-2019-05a780936d Critical: Chromium Buffer Overflow

Summary

Topics Covered

Change Log

References

Update Instructions

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!