Fedora 31: chromium FEDORA-2020-f6271d7afa

    Date19 Mar 2020
    146
    Posted ByLinuxSecurity Advisories
    Update to 80.0.3987.132. Lots of security fixes here. VAAPI re-enabled by default except on NVIDIA. List of CVEs fixed (since last update): * CVE-2019-20446 * CVE-2020-6381 * CVE-2020-6382 * CVE-2020-6383 * CVE-2020-6384 * CVE-2020-6385 * CVE-2020-6386 * CVE-2020-6387 * CVE-2020-6388 * CVE-2020-6389 * CVE-2020-6390 * CVE-2020-6391 * CVE-2020-6392 *
    --------------------------------------------------------------------------------
    Fedora Update Notification
    FEDORA-2020-f6271d7afa
    2020-03-20 01:47:20.658105
    --------------------------------------------------------------------------------
    
    Name        : chromium
    Product     : Fedora 31
    Version     : 80.0.3987.132
    Release     : 1.fc31
    URL         : https://www.chromium.org/Home
    Summary     : A WebKit (Blink) powered web browser
    Description :
    Chromium is an open-source web browser, powered by WebKit (Blink).
    
    --------------------------------------------------------------------------------
    Update Information:
    
    Update to 80.0.3987.132. Lots of security fixes here. VAAPI re-enabled by
    default except on NVIDIA.  List of CVEs fixed (since last update):  *
    CVE-2019-20446 * CVE-2020-6381  * CVE-2020-6382  * CVE-2020-6383  *
    CVE-2020-6384 * CVE-2020-6385  * CVE-2020-6386 * CVE-2020-6387  * CVE-2020-6388
    * CVE-2020-6389 * CVE-2020-6390  * CVE-2020-6391 * CVE-2020-6392  *
    CVE-2020-6393 * CVE-2020-6394 * CVE-2020-6395 * CVE-2020-6396  * CVE-2020-6397
    * CVE-2020-6398 * CVE-2020-6399  * CVE-2020-6400  * CVE-2020-6401  *
    CVE-2020-6402  * CVE-2020-6403  * CVE-2020-6404  * CVE-2020-6405  *
    CVE-2020-6406  * CVE-2020-6407 * CVE-2020-6408  * CVE-2020-6409  * CVE-2020-6410
    * CVE-2020-6411  * CVE-2020-6412  * CVE-2020-6413  * CVE-2020-6414  *
    CVE-2020-6415  * CVE-2020-6416  * CVE-2020-6417 * CVE-2020-6418 * CVE-2020-6420
    --------------------------------------------------------------------------------
    ChangeLog:
    
    * Thu Feb 27 2020 Tom Callaway  - 80.0.3987.132-1
    - update to 80.0.3987.132
    - disable C++17 changes (this means f32+ will no longer build, but it segfaulted immediately)
    * Thu Feb 27 2020 Tom Callaway  - 80.0.3987.122-1
    - update to 80.0.3987.122
    * Mon Feb 17 2020 Tom Callaway  - 80.0.3987.106-1
    - update to 80.0.3987.106
    * Wed Feb  5 2020 Tom Callaway  - 80.0.3987.87-1
    - update to 80.0.3987.87
    * Tue Jan 28 2020 Fedora Release Engineering  - 79.0.3945.130-2
    - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
    * Fri Jan 17 2020 Tom Callaway  - 79.0.3945.130-1
    - update to 79.0.3945.130
    * Thu Jan  9 2020 Tom Callaway  - 79.0.3945.117-1
    - update to 79.0.3945.117
    * Tue Dec 17 2019 Tom Callaway  - 79.0.3945.88-1
    - update to 79.0.3945.88
    * Tue Dec 10 2019 Tom Callaway  - 79.0.3945.79-1
    - update to 79.0.3945.79
    * Wed Dec  4 2019 Tom Callaway  - 79.0.3945.56-2
    - fix lib provides filtering
    * Tue Dec  3 2019 Tom Callaway  - 79.0.3945.56-1
    - update to current beta (rawhide only)
    - switch to upstream patch for clock_nanosleep fix
    * Mon Nov 25 2019 Tom Callaway  - 78.0.3904.108-1
    - update to 78.0.3904.108
    * Sun Nov 17 2019 Tom Callaway  - 78.0.3904.97-2
    - allow clock_nanosleep through seccomp (bz #1773289)
    * Thu Nov  7 2019 Tom Callaway  - 78.0.3904.97-1
    - update to 78.0.3904.97
    * Fri Nov  1 2019 Tom Callaway  - 78.0.3904.87-1
    - update to 78.0.3904.87
    - apply most of the freeworld changes in PR 23/24/25
    * Wed Oct 23 2019 Tom Callaway  - 78.0.3904.80-1
    - update to 78.0.3904.80
    * Wed Oct 16 2019 Tom Callaway  - 77.0.3865.120-4
    - upstream fix for zlib symbol exports with gcc
    * Wed Oct 16 2019 Tom Callaway  - 77.0.3865.120-3
    - silence outdated build noise (bz1745745)
    * Tue Oct 15 2019 Tom Callaway  - 77.0.3865.120-2
    - fix node handling for EPEL-8
    * Mon Oct 14 2019 Tomas Popela  - 77.0.3865.120-1
    - Update to 77.0.3865.120
    * Thu Oct 10 2019 Tom Callaway  - 77.0.3865.90-4
    - enable aarch64 for EPEL-8
    * Wed Oct  9 2019 Tom Callaway  - 77.0.3865.90-3
    - spec cleanups and changes to make EPEL8 try to build
    --------------------------------------------------------------------------------
    References:
    
      [ 1 ] Bug #1811073 - CVE-2020-6420 chromium-browser: Insufficient policy enforcement in media
            https://bugzilla.redhat.com/show_bug.cgi?id=1811073
      [ 2 ] Bug #1807499 - CVE-2020-6384 chromium-browser: Use after free in WebAudio
            https://bugzilla.redhat.com/show_bug.cgi?id=1807499
      [ 3 ] Bug #1807381 - CVE-2020-6407 chromium-browser: Out of bounds memory access in streams
            https://bugzilla.redhat.com/show_bug.cgi?id=1807381
      [ 4 ] Bug #1807341 - chromium-browser: Out of bounds memory access in streams
            https://bugzilla.redhat.com/show_bug.cgi?id=1807341
      [ 5 ] Bug #1801182 - CVE-2020-6406 chromium-browser: Use after free in audio
            https://bugzilla.redhat.com/show_bug.cgi?id=1801182
      [ 6 ] Bug #1797608 - CVE-2019-20446 librsvg: Resource exhaustion via crafted SVG file with nested patterns
            https://bugzilla.redhat.com/show_bug.cgi?id=1797608
      [ 7 ] Bug #1801193 - CVE-2020-6417 chromium-browser: Inappropriate implementation in installer
            https://bugzilla.redhat.com/show_bug.cgi?id=1801193
      [ 8 ] Bug #1801192 - CVE-2020-6416 chromium-browser: Insufficient data validation in streams
            https://bugzilla.redhat.com/show_bug.cgi?id=1801192
      [ 9 ] Bug #1801191 - CVE-2020-6415 chromium-browser: Inappropriate implementation in JavaScript
            https://bugzilla.redhat.com/show_bug.cgi?id=1801191
      [ 10 ] Bug #1801190 - CVE-2020-6414 chromium-browser: Insufficient policy enforcement in Safe Browsing
            https://bugzilla.redhat.com/show_bug.cgi?id=1801190
      [ 11 ] Bug #1801189 - CVE-2020-6413 chromium-browser: Inappropriate implementation in Blink
            https://bugzilla.redhat.com/show_bug.cgi?id=1801189
      [ 12 ] Bug #1801188 - CVE-2020-6412 chromium-browser: Insufficient validation of untrusted input in Omnibox
            https://bugzilla.redhat.com/show_bug.cgi?id=1801188
      [ 13 ] Bug #1801179 - CVE-2020-6403 chromium-browser: Incorrect security UI in Omnibox
            https://bugzilla.redhat.com/show_bug.cgi?id=1801179
      [ 14 ] Bug #1801186 - CVE-2020-6410 chromium-browser: Insufficient policy enforcement in navigation
            https://bugzilla.redhat.com/show_bug.cgi?id=1801186
      [ 15 ] Bug #1801187 - CVE-2020-6411 chromium-browser: Insufficient validation of untrusted input in Omnibox
            https://bugzilla.redhat.com/show_bug.cgi?id=1801187
      [ 16 ] Bug #1801185 - CVE-2020-6409 chromium-browser: Inappropriate implementation in Omnibox
            https://bugzilla.redhat.com/show_bug.cgi?id=1801185
      [ 17 ] Bug #1801177 - CVE-2020-6401 chromium-browser: Insufficient validation of untrusted input in Omnibox
            https://bugzilla.redhat.com/show_bug.cgi?id=1801177
      [ 18 ] Bug #1801178 - CVE-2020-6402 chromium-browser: Insufficient policy enforcement in downloads
            https://bugzilla.redhat.com/show_bug.cgi?id=1801178
      [ 19 ] Bug #1801184 - CVE-2020-6408 chromium-browser: Insufficient policy enforcement in CORS
            https://bugzilla.redhat.com/show_bug.cgi?id=1801184
      [ 20 ] Bug #1801173 - CVE-2020-6397 chromium-browser: Incorrect security UI in sharing
            https://bugzilla.redhat.com/show_bug.cgi?id=1801173
      [ 21 ] Bug #1801181 - CVE-2020-6405 sqlite: Out-of-bounds read in SELECT with ON/USING clause
            https://bugzilla.redhat.com/show_bug.cgi?id=1801181
      [ 22 ] Bug #1801180 - CVE-2020-6404 chromium-browser: Inappropriate implementation in Blink
            https://bugzilla.redhat.com/show_bug.cgi?id=1801180
      [ 23 ] Bug #1801176 - CVE-2020-6400 chromium-browser: Inappropriate implementation in CORS
            https://bugzilla.redhat.com/show_bug.cgi?id=1801176
      [ 24 ] Bug #1801175 - CVE-2020-6399 chromium-browser: Insufficient policy enforcement in AppCache
            https://bugzilla.redhat.com/show_bug.cgi?id=1801175
      [ 25 ] Bug #1801174 - CVE-2020-6398 chromium-browser: Uninitialized use in PDFium
            https://bugzilla.redhat.com/show_bug.cgi?id=1801174
      [ 26 ] Bug #1801172 - CVE-2020-6396 chromium-browser: Inappropriate implementation in Skia
            https://bugzilla.redhat.com/show_bug.cgi?id=1801172
      [ 27 ] Bug #1801171 - CVE-2020-6395 chromium-browser: Out of bounds read in JavaScript
            https://bugzilla.redhat.com/show_bug.cgi?id=1801171
      [ 28 ] Bug #1801170 - CVE-2020-6394 chromium-browser: Insufficient policy enforcement in Blink
            https://bugzilla.redhat.com/show_bug.cgi?id=1801170
      [ 29 ] Bug #1801169 - CVE-2020-6393 chromium-browser: Insufficient policy enforcement in Blink
            https://bugzilla.redhat.com/show_bug.cgi?id=1801169
      [ 30 ] Bug #1801168 - CVE-2020-6392 chromium-browser: Insufficient policy enforcement in extensions
            https://bugzilla.redhat.com/show_bug.cgi?id=1801168
      [ 31 ] Bug #1801167 - CVE-2020-6391 chromium-browser: Insufficient validation of untrusted input in Blink
            https://bugzilla.redhat.com/show_bug.cgi?id=1801167
      [ 32 ] Bug #1801163 - CVE-2020-6387 chromium-browser: Out of bounds write in WebRTC
            https://bugzilla.redhat.com/show_bug.cgi?id=1801163
      [ 33 ] Bug #1801164 - CVE-2020-6388 chromium-browser: Out of bounds memory access in WebAudio
            https://bugzilla.redhat.com/show_bug.cgi?id=1801164
      [ 34 ] Bug #1801165 - CVE-2020-6389 chromium-browser: Out of bounds write in WebRTC
            https://bugzilla.redhat.com/show_bug.cgi?id=1801165
      [ 35 ] Bug #1801162 - CVE-2020-6385 chromium-browser: Insufficient policy enforcement in storage
            https://bugzilla.redhat.com/show_bug.cgi?id=1801162
      [ 36 ] Bug #1801166 - CVE-2020-6390 chromium-browser: Out of bounds memory access in streams
            https://bugzilla.redhat.com/show_bug.cgi?id=1801166
      [ 37 ] Bug #1801160 - CVE-2020-6381 chromium-browser: Integer overflow in JavaScript
            https://bugzilla.redhat.com/show_bug.cgi?id=1801160
      [ 38 ] Bug #1801161 - CVE-2020-6382 chromium-browser: Type Confusion in JavaScript
            https://bugzilla.redhat.com/show_bug.cgi?id=1801161
      [ 39 ] Bug #1807343 - CVE-2020-6418 chromium-browser: Type confusion in V8
            https://bugzilla.redhat.com/show_bug.cgi?id=1807343
      [ 40 ] Bug #1807349 - CVE-2020-10531 ICU: Integer overflow in UnicodeString::doAppend()
            https://bugzilla.redhat.com/show_bug.cgi?id=1807349
      [ 41 ] Bug #1807498 - CVE-2020-6383 chromium-browser: Type confusion in V8
            https://bugzilla.redhat.com/show_bug.cgi?id=1807498
      [ 42 ] Bug #1807500 - CVE-2020-6386 chromium-browser: Use after free in speech
            https://bugzilla.redhat.com/show_bug.cgi?id=1807500
    --------------------------------------------------------------------------------
    
    This update can be installed with the "dnf" update program. Use
    su -c 'dnf upgrade --advisory FEDORA-2020-f6271d7afa' at the command
    line. For more information, refer to the dnf documentation available at
    https://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
    
    All packages are signed with the Fedora Project GPG key. More details on the
    GPG keys used by the Fedora Project can be found at
    https://fedoraproject.org/keys
    --------------------------------------------------------------------------------
    _______________________________________________
    package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it.
    To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it.
    Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
    List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
    List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it.
    

    LinuxSecurity Poll

    What do you think of the LinuxSecurity Privacy news articles?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/25-what-do-you-think-of-the-linuxsecurity-privacy-news-articles?task=poll.vote&format=json
    25
    radio
    [{"id":"90","title":"Love them!","votes":"48","type":"x","order":"1","pct":88.89,"resources":[]},{"id":"91","title":"I'm indifferent","votes":"4","type":"x","order":"2","pct":7.41,"resources":[]},{"id":"92","title":"Not interested in this topic","votes":"2","type":"x","order":"3","pct":3.7,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.