Linux Security
    Linux Security
    Linux Security

    Fedora 32: chromium 2020-08561721ad

    Date 01 Jul 2020
    780
    Posted By LinuxSecurity Advisories
    Update to 83.0.4103.116. Fixes CVE-2020-6509. ---- Black Lives Matter. Saying this does not mean that other lives do not matter. It should not be controversial to say this. If I say Chromium updates matter, it does not mean that other Fedora packages do not matter, it means that a Chromium update is needed to fix this giant pile of severe security vulnerabilities, here, today,
    --------------------------------------------------------------------------------
    Fedora Update Notification
    FEDORA-2020-08561721ad
    2020-07-02 01:11:03.368832
    --------------------------------------------------------------------------------
    
    Name        : chromium
    Product     : Fedora 32
    Version     : 83.0.4103.116
    Release     : 3.fc32
    URL         : https://www.chromium.org/Home
    Summary     : A WebKit (Blink) powered web browser
    Description :
    Chromium is an open-source web browser, powered by WebKit (Blink).
    
    --------------------------------------------------------------------------------
    Update Information:
    
    Update to 83.0.4103.116. Fixes CVE-2020-6509.  ----  Black Lives Matter. Saying
    this does not mean that other lives do not matter. It should not be
    controversial to say this. If I say Chromium updates matter, it does not mean
    that other Fedora packages do not matter, it means that a Chromium update is
    needed to fix this giant pile of severe security vulnerabilities, here, today,
    now:  CVE-2020-6463 CVE-2020-6465 CVE-2020-6466 CVE-2020-6467 CVE-2020-6468
    CVE-2020-6469 CVE-2020-6470 CVE-2020-6471 CVE-2020-6472 CVE-2020-6473
    CVE-2020-6474 CVE-2020-6475 CVE-2020-6476 CVE-2020-6478 CVE-2020-6479
    CVE-2020-6480 CVE-2020-6481 CVE-2020-6482 CVE-2020-6483 CVE-2020-6484
    CVE-2020-6485 CVE-2020-6486 CVE-2020-6487 CVE-2020-6488 CVE-2020-6489
    CVE-2020-6490 CVE-2020-6491 CVE-2020-6505 CVE-2020-6506 CVE-2020-6507  In making
    that analogy, I do not intend to trivialize BLM. In no way do I mean to compare
    the lives of people to a silly web browser update. People are infinitely
    important than software.  But since I'm here to push this software update out, I
    am also choosing to say clearly and unambiguously that Black Lives Matter.
    Open Source proves that many voices, many contributions, together can change the
    world. It depends on it. This is my voice.
    --------------------------------------------------------------------------------
    ChangeLog:
    
    * Sat Jun 27 2020 Tom Callaway  - 83.0.4103.116-3
    - only set ozone on headless
    - enable use_kerberos
    * Tue Jun 23 2020 Tom Callaway  - 83.0.4103.116-2
    - do not force ozone into x11
    * Tue Jun 23 2020 Tom Callaway  - 83.0.4103.116-1
    - update to 83.0.4103.116
    * Thu Jun 18 2020 Tom Callaway  - 83.0.4103.106-1
    - update to 83.0.4103.106
    - remove duplicate ServiceWorker fix
    - add fix to work around gcc bug on aarch64
    - disable python byte compiling (we do not need it)
    * Tue Jun 16 2020 Tom Callaway  - 83.0.4103.97-5
    - add ServiceWorker fix
    * Mon Jun 15 2020 Tom Callaway  - 83.0.4103.97-4
    - use old cups handling on epel7
    - fix skia attribute overrides with gcc
    * Wed Jun 10 2020 Tom Callaway  - 83.0.4103.97-3
    - fix issue on epel7 where linux/kcmp.h does not exist
    * Mon Jun  8 2020 Tom Callaway  - 83.0.4103.97-2
    - more fixes from gentoo
    * Sun Jun  7 2020 Tom Callaway  - 83.0.4103.97-1
    - update to 83.0.4103.97
    * Tue Jun  2 2020 Tom Callaway  - 83.0.4103.61-1
    - update to 83.0.4103.61
    - conditionalize and disable remoting
    --------------------------------------------------------------------------------
    References:
    
      [ 1 ] Bug #1837877 - CVE-2020-6465 chromium-browser: Use after free in reader mode
            https://bugzilla.redhat.com/show_bug.cgi?id=1837877
      [ 2 ] Bug #1837878 - CVE-2020-6466 chromium-browser: Use after free in media
            https://bugzilla.redhat.com/show_bug.cgi?id=1837878
      [ 3 ] Bug #1837879 - CVE-2020-6467 chromium-browser: Use after free in WebRTC
            https://bugzilla.redhat.com/show_bug.cgi?id=1837879
      [ 4 ] Bug #1837880 - CVE-2020-6468 chromium-browser: Type Confusion in V8
            https://bugzilla.redhat.com/show_bug.cgi?id=1837880
      [ 5 ] Bug #1837882 - CVE-2020-6470 chromium-browser: Insufficient validation of untrusted input in clipboard
            https://bugzilla.redhat.com/show_bug.cgi?id=1837882
      [ 6 ] Bug #1837883 - CVE-2020-6471 chromium-browser: Insufficient policy enforcement in developer tools
            https://bugzilla.redhat.com/show_bug.cgi?id=1837883
      [ 7 ] Bug #1837884 - CVE-2020-6472 chromium-browser: Insufficient policy enforcement in developer tools
            https://bugzilla.redhat.com/show_bug.cgi?id=1837884
      [ 8 ] Bug #1837885 - CVE-2020-6473 chromium-browser: Insufficient policy enforcement in Blink
            https://bugzilla.redhat.com/show_bug.cgi?id=1837885
      [ 9 ] Bug #1837886 - CVE-2020-6474 chromium-browser: Use after free in Blink
            https://bugzilla.redhat.com/show_bug.cgi?id=1837886
      [ 10 ] Bug #1837887 - CVE-2020-6475 chromium-browser: Incorrect security UI in full screen
            https://bugzilla.redhat.com/show_bug.cgi?id=1837887
      [ 11 ] Bug #1837888 - CVE-2020-6477 chromium-browser: Inappropriate implementation in installer
            https://bugzilla.redhat.com/show_bug.cgi?id=1837888
      [ 12 ] Bug #1837889 - CVE-2020-6478 chromium-browser: Inappropriate implementation in full screen
            https://bugzilla.redhat.com/show_bug.cgi?id=1837889
      [ 13 ] Bug #1837890 - CVE-2020-6480 chromium-browser: Insufficient policy enforcement in enterprise
            https://bugzilla.redhat.com/show_bug.cgi?id=1837890
      [ 14 ] Bug #1837891 - CVE-2020-6481 chromium-browser: Insufficient policy enforcement in URL formatting
            https://bugzilla.redhat.com/show_bug.cgi?id=1837891
      [ 15 ] Bug #1837892 - CVE-2020-6482 chromium-browser: Insufficient policy enforcement in developer tools
            https://bugzilla.redhat.com/show_bug.cgi?id=1837892
      [ 16 ] Bug #1837893 - CVE-2020-6483 chromium-browser: Insufficient policy enforcement in payments
            https://bugzilla.redhat.com/show_bug.cgi?id=1837893
      [ 17 ] Bug #1837894 - CVE-2020-6484 chromium-browser: Insufficient data validation in ChromeDriver
            https://bugzilla.redhat.com/show_bug.cgi?id=1837894
      [ 18 ] Bug #1837896 - CVE-2020-6485 chromium-browser: Insufficient data validation in media router
            https://bugzilla.redhat.com/show_bug.cgi?id=1837896
      [ 19 ] Bug #1837897 - CVE-2020-6486 chromium-browser: Insufficient policy enforcement in navigations
            https://bugzilla.redhat.com/show_bug.cgi?id=1837897
      [ 20 ] Bug #1837898 - CVE-2020-6487 chromium-browser: Insufficient policy enforcement in downloads
            https://bugzilla.redhat.com/show_bug.cgi?id=1837898
      [ 21 ] Bug #1837899 - CVE-2020-6488 chromium-browser: Insufficient policy enforcement in downloads
            https://bugzilla.redhat.com/show_bug.cgi?id=1837899
      [ 22 ] Bug #1837900 - CVE-2020-6489 chromium-browser: Inappropriate implementation in developer tools
            https://bugzilla.redhat.com/show_bug.cgi?id=1837900
      [ 23 ] Bug #1837901 - CVE-2020-6490 chromium-browser: Insufficient data validation in loader
            https://bugzilla.redhat.com/show_bug.cgi?id=1837901
      [ 24 ] Bug #1837902 - CVE-2020-6491 chromium-browser: Incorrect security UI in site information
            https://bugzilla.redhat.com/show_bug.cgi?id=1837902
      [ 25 ] Bug #1837907 - CVE-2020-6469 chromium-browser: Insufficient policy enforcement in developer tools
            https://bugzilla.redhat.com/show_bug.cgi?id=1837907
      [ 26 ] Bug #1837912 - CVE-2020-6476 chromium-browser: Insufficient policy enforcement in tab strip
            https://bugzilla.redhat.com/show_bug.cgi?id=1837912
      [ 27 ] Bug #1837927 - CVE-2020-6479 chromium-browser: Inappropriate implementation in sharing
            https://bugzilla.redhat.com/show_bug.cgi?id=1837927
      [ 28 ] Bug #1847268 - CVE-2020-6505 chromium-browser: Use after free in speech
            https://bugzilla.redhat.com/show_bug.cgi?id=1847268
      [ 29 ] Bug #1847269 - CVE-2020-6506 chromium-browser: Insufficient policy enforcement in WebView
            https://bugzilla.redhat.com/show_bug.cgi?id=1847269
      [ 30 ] Bug #1847270 - CVE-2020-6507 chromium-browser: Out of bounds write in V8
            https://bugzilla.redhat.com/show_bug.cgi?id=1847270
      [ 31 ] Bug #1849947 - CVE-2020-6509 chromium-browser: Use after free in extensions
            https://bugzilla.redhat.com/show_bug.cgi?id=1849947
    --------------------------------------------------------------------------------
    
    This update can be installed with the "dnf" update program. Use
    su -c 'dnf upgrade --advisory FEDORA-2020-08561721ad' at the command
    line. For more information, refer to the dnf documentation available at
    https://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
    
    All packages are signed with the Fedora Project GPG key. More details on the
    GPG keys used by the Fedora Project can be found at
    https://fedoraproject.org/keys
    --------------------------------------------------------------------------------
    _______________________________________________
    package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it.
    To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it.
    Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
    List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
    List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it.
    

    LinuxSecurity Poll

    I agree with Linus Torvalds - Apple's new M1-powered laptops should run on Linux.

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).
    /main-polls/45-i-agree-with-linus-torvalds-apple-s-new-m1-powered-laptops-should-run-on-linux?task=poll.vote&format=json
    45
    radio
    [{"id":"158","title":"True","votes":"18","type":"x","order":"1","pct":3.5,"resources":[]},{"id":"159","title":"False","votes":"496","type":"x","order":"2","pct":96.5,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.