Fedora 31: FEDORA-2020-da49fbb17c Critical Security Fix for Chromium

Chromium is an open-source web browser, powered by WebKit (Blink).

Are you ready, kids? I said, are you ready? Whoooooo has another update for you

to see? Google Chromium! For browsing and tweeting (but not FTP) Google

Chromium! If improved security be something you wish Google Chromium! Then run

dnf while you flop like a fish! Google Chromium! Google Chromium! Google

Chromium! Google Chromium! Ahem. Sorry*. This update fixes the following

security vulnerabilities: * CVE-2020-6464 * CVE-2020-6461 * CVE-2020-6462

*Not sorry ---- Another day, another chromium update. This one fixes:

CVE-2020-6458 CVE-2020-6459 CVE-2020-6460 ---- Fix dependency issue introduced

when switching from a "shared" build to a "static" build. ---- A new major

version of Chromium without any security bugs! Just kidding. Here's the CVE

list: CVE-2020-6454 CVE-2020-6423 CVE-2020-6455 CVE-2020-6430 CVE-2020-6456

CVE-2020-6431 CVE-2020-6433 CVE-2020-6434 CVE-2020-6435 CVE-2020-6436

CVE-2020-6437 CVE-2020-6438 CVE-2020-6439 CVE-2020-6440 CVE-2020-6441

CVE-2020-6442 CVE-2020-6443 CVE-2020-6444 CVE-2020-6445 CVE-2020-6446

CVE-2020-6447 CVE-2020-6448 CVE-2020-6432 CVE-2020-6457 Oh, and this build

switches over to a static build, so the chromium-libs and chromium-libs-media

subpackages are now obsolete, but it should be slightly better for performance.

* Thu May 7 2020 Tom Callaway - 81.0.4044.138-1

- update to 81.0.4044.138

* Tue May 5 2020 Tom Callaway - 81.0.4044.129-1

- update to 81.0.4044.129

* Thu Apr 23 2020 Tom Callaway - 81.0.4044.122-1

- update to 81.0.4044.122

* Tue Apr 21 2020 Tom Callaway - 81.0.4044.113-2

- add explicit Requires: chromium-common

* Thu Apr 16 2020 Tom Callaway - 81.0.4044.113-1

- update to 81.0.4044.113

* Mon Apr 13 2020 Tom Callaway - 81.0.4044.92-1

- update to 81.0.4044.92

- squelch the selinux output in the post scriptlet

- add Provides/Obsoletes in case we're build with shared set to 0

- add ulimit -n 4096 (needed for static builds, probably not harmful for shared builds either)

- do static build

[ 1 ] Bug #1822604 - CVE-2020-6454 chromium-browser: Use after free in extensions

https://bugzilla.redhat.com/show_bug.cgi?id=1822604

[ 2 ] Bug #1822605 - CVE-2020-6423 chromium-browser: Use after free in audio

https://bugzilla.redhat.com/show_bug.cgi?id=1822605

[ 3 ] Bug #1822606 - CVE-2020-6455 chromium-browser: Out of bounds read in WebSQL

https://bugzilla.redhat.com/show_bug.cgi?id=1822606

[ 4 ] Bug #1822607 - CVE-2020-6430 chromium-browser: Type Confusion in V8

https://bugzilla.redhat.com/show_bug.cgi?id=1822607

[ 5 ] Bug #1822608 - CVE-2020-6456 chromium-browser: Insufficient validation of untrusted input in clipboard

https://bugzilla.redhat.com/show_bug.cgi?id=1822608

[ 6 ] Bug #1822609 - CVE-2020-6431 chromium-browser: Insufficient policy enforcement in full screen

https://bugzilla.redhat.com/show_bug.cgi?id=1822609

[ 7 ] Bug #1822610 - CVE-2020-6433 chromium-browser: Insufficient policy enforcement in extensions

https://bugzilla.redhat.com/show_bug.cgi?id=1822610

[ 8 ] Bug #1822611 - CVE-2020-6434 chromium-browser: Use after free in devtools

https://bugzilla.redhat.com/show_bug.cgi?id=1822611

[ 9 ] Bug #1822612 - CVE-2020-6435 chromium-browser: Insufficient policy enforcement in extensions

https://bugzilla.redhat.com/show_bug.cgi?id=1822612

[ 10 ] Bug #1822613 - CVE-2020-6436 chromium-browser: Use after free in window management

https://bugzilla.redhat.com/show_bug.cgi?id=1822613

[ 11 ] Bug #1822614 - CVE-2020-6437 chromium-browser: Inappropriate implementation in WebView

https://bugzilla.redhat.com/show_bug.cgi?id=1822614

[ 12 ] Bug #1822615 - CVE-2020-6438 chromium-browser: Insufficient policy enforcement in extensions

https://bugzilla.redhat.com/show_bug.cgi?id=1822615

[ 13 ] Bug #1822616 - CVE-2020-6439 chromium-browser: Insufficient policy enforcement in navigations

https://bugzilla.redhat.com/show_bug.cgi?id=1822616

[ 14 ] Bug #1822617 - CVE-2020-6440 chromium-browser: Inappropriate implementation in extensions

https://bugzilla.redhat.com/show_bug.cgi?id=1822617

[ 15 ] Bug #1822618 - CVE-2020-6441 chromium-browser: Insufficient policy enforcement in omnibox

https://bugzilla.redhat.com/show_bug.cgi?id=1822618

[ 16 ] Bug #1822619 - CVE-2020-6442 chromium-browser: Inappropriate implementation in cache

https://bugzilla.redhat.com/show_bug.cgi?id=1822619

[ 17 ] Bug #1822620 - CVE-2020-6443 chromium-browser: Insufficient data validation in developer tools

https://bugzilla.redhat.com/show_bug.cgi?id=1822620

[ 18 ] Bug #1822621 - CVE-2020-6444 chromium-browser: Uninitialized use in WebRTC

https://bugzilla.redhat.com/show_bug.cgi?id=1822621

[ 19 ] Bug #1822622 - CVE-2020-6445 chromium-browser: Insufficient policy enforcement in trusted types

https://bugzilla.redhat.com/show_bug.cgi?id=1822622

[ 20 ] Bug #1822623 - CVE-2020-6446 chromium-browser: Insufficient policy enforcement in trusted types

https://bugzilla.redhat.com/show_bug.cgi?id=1822623

[ 21 ] Bug #1822624 - CVE-2020-6447 chromium-browser: Inappropriate implementation in developer tools

https://bugzilla.redhat.com/show_bug.cgi?id=1822624

[ 22 ] Bug #1822625 - CVE-2020-6448 chromium-browser: Use after free in V8

https://bugzilla.redhat.com/show_bug.cgi?id=1822625

[ 23 ] Bug #1824949 - CVE-2020-6457 chromium-browser: Use after free in speech recognizer

https://bugzilla.redhat.com/show_bug.cgi?id=1824949

[ 24 ] Bug #1827379 - CVE-2020-6459 chromium-browser: Use after free in payments

https://bugzilla.redhat.com/show_bug.cgi?id=1827379

[ 25 ] Bug #1827380 - CVE-2020-6460 chromium-browser: Insufficient data validation in URL formatting

https://bugzilla.redhat.com/show_bug.cgi?id=1827380

[ 26 ] Bug #1827381 - CVE-2020-6458 chromium-browser: Out of bounds read and write in PDFium

https://bugzilla.redhat.com/show_bug.cgi?id=1827381

[ 27 ] Bug #1828859 - CVE-2020-6462 chromium-browser: Use after free in task scheduling

https://bugzilla.redhat.com/show_bug.cgi?id=1828859

[ 28 ] Bug #1828860 - CVE-2020-6461 chromium-browser: Use after free in storage

https://bugzilla.redhat.com/show_bug.cgi?id=1828860

[ 29 ] Bug #1832488 - CVE-2020-6464 chromium-browser: Type Confusion in Blink

https://bugzilla.redhat.com/show_bug.cgi?id=1832488

su -c 'dnf upgrade --advisory FEDORA-2020-da49fbb17c' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/