Back
    Linux Security
    Linux Security
    Linux Security

    Fedora 32: chromium 2020-3e005ce2e0

    Date 23 Nov 2020
    Category Fedora Linux Distribution - Security Advisories
    1818
    Posted By LinuxSecurity Advisories
    Update to 87.0.4280.66. Fixes bugs and security holes. Yay! CVE-2020-16012 CVE-2020-16018 CVE-2020-16019 CVE-2020-16020 CVE-2020-16021 CVE-2020-16022 CVE-2020-16015 CVE-2020-16014 CVE-2020-16023 CVE-2020-16024 CVE-2020-16025 CVE-2020-16026 CVE-2020-16027 CVE-2020-16028 CVE-2020-16029 CVE-2020-16030 CVE-2020-16031 CVE-2020-16032 CVE-2020-16033 CVE-2020-16034 CVE-2020-16035 
    --------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2020-3e005ce2e0
2020-11-24 01:22:18.445344
--------------------------------------------------------------------------------

Name        : chromium
Product     : Fedora 32
Version     : 87.0.4280.66
Release     : 1.fc32
URL         : https://www.chromium.org/Home
Summary     : A WebKit (Blink) powered web browser
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).

--------------------------------------------------------------------------------
Update Information:

Update to 87.0.4280.66. Fixes bugs and security holes. Yay!  CVE-2020-16012
CVE-2020-16018 CVE-2020-16019 CVE-2020-16020 CVE-2020-16021 CVE-2020-16022
CVE-2020-16015  CVE-2020-16014 CVE-2020-16023 CVE-2020-16024 CVE-2020-16025
CVE-2020-16026 CVE-2020-16027 CVE-2020-16028  CVE-2020-16029 CVE-2020-16030
CVE-2020-16031 CVE-2020-16032 CVE-2020-16033 CVE-2020-16034 CVE-2020-16035
CVE-2020-16036  ----  Update to 86.0.4240.198. Fixes the following security
issues:  CVE-2020-16013  CVE-2020-16016 CVE-2020-16017  ----  Update to
86.0.4240.183.  Fixes the following security issues: CVE-2020-16004
CVE-2020-16005 CVE-2020-16006 CVE-2020-16008 CVE-2020-16009  Also disables the
very verbose output going to stdout.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Nov 18 2020 Tom Callaway  - 87.0.4280.66-1
- update to 87.0.4280.66
* Thu Nov 12 2020 Jeff Law  - 86.0.4240.198-1
- Fix missing #inclues for gcc-11
- Fix bogus volatile caught by gcc-11
* Thu Nov 12 2020 Tom Callaway  - 86.0.4240.198-1
- update to 86.0.4240.198
* Tue Nov 10 2020 Tom Callaway  - 86.0.4240.193-1
- update to 86.0.4240.193
* Wed Nov  4 2020 Tom Callaway  - 86.0.4240.183-1
- update to 86.0.4240.183
* Mon Nov  2 2020 Tom Callaway  - 86.0.4240.111-2
- fix conditional typo that was causing console logging to be turned on
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1894197 - CVE-2020-16004 chromium-browser: Use after free in user interface
        https://bugzilla.redhat.com/show_bug.cgi?id=1894197
  [ 2 ] Bug #1894198 - CVE-2020-16005 chromium-browser: Insufficient policy enforcement in ANGLE
        https://bugzilla.redhat.com/show_bug.cgi?id=1894198
  [ 3 ] Bug #1894199 - CVE-2020-16006 chromium-browser: Inappropriate implementation in V8
        https://bugzilla.redhat.com/show_bug.cgi?id=1894199
  [ 4 ] Bug #1894201 - CVE-2020-16008 chromium-browser: Stack buffer overflow in WebRTC
        https://bugzilla.redhat.com/show_bug.cgi?id=1894201
  [ 5 ] Bug #1894202 - CVE-2020-16009 chromium-browser: Inappropriate implementation in V8
        https://bugzilla.redhat.com/show_bug.cgi?id=1894202
  [ 6 ] Bug #1896641 - CVE-2020-16016 chromium-browser: Inappropriate implementation in base
        https://bugzilla.redhat.com/show_bug.cgi?id=1896641
  [ 7 ] Bug #1897206 - CVE-2020-16013 chromium-browser: Inappropriate implementation in V8
        https://bugzilla.redhat.com/show_bug.cgi?id=1897206
  [ 8 ] Bug #1897207 - CVE-2020-16017 chromium-browser: Use after free in site isolation
        https://bugzilla.redhat.com/show_bug.cgi?id=1897207
  [ 9 ] Bug #1899222 - CVE-2020-16018 chromium-browser: Use after free in payments
        https://bugzilla.redhat.com/show_bug.cgi?id=1899222
  [ 10 ] Bug #1899223 - CVE-2020-16019 chromium-browser: Inappropriate implementation in filesystem
        https://bugzilla.redhat.com/show_bug.cgi?id=1899223
  [ 11 ] Bug #1899224 - CVE-2020-16020 chromium-browser: Inappropriate implementation in cryptohome
        https://bugzilla.redhat.com/show_bug.cgi?id=1899224
  [ 12 ] Bug #1899225 - CVE-2020-16021 chromium-browser: Race in ImageBurner
        https://bugzilla.redhat.com/show_bug.cgi?id=1899225
  [ 13 ] Bug #1899226 - CVE-2020-16022 chromium-browser: Insufficient policy enforcement in networking
        https://bugzilla.redhat.com/show_bug.cgi?id=1899226
  [ 14 ] Bug #1899227 - CVE-2020-16015 chromium-browser: Insufficient data validation in WASM
        https://bugzilla.redhat.com/show_bug.cgi?id=1899227
  [ 15 ] Bug #1899228 - CVE-2020-16014 chromium-browser: Use after free in PPAPI
        https://bugzilla.redhat.com/show_bug.cgi?id=1899228
  [ 16 ] Bug #1899229 - CVE-2020-16023 chromium-browser: Use after free in WebCodecs
        https://bugzilla.redhat.com/show_bug.cgi?id=1899229
  [ 17 ] Bug #1899230 - CVE-2020-16024 chromium-browser: Heap buffer overflow in UI
        https://bugzilla.redhat.com/show_bug.cgi?id=1899230
  [ 18 ] Bug #1899231 - CVE-2020-16025 chromium-browser: Heap buffer overflow in clipboard
        https://bugzilla.redhat.com/show_bug.cgi?id=1899231
  [ 19 ] Bug #1899232 - CVE-2020-16026 chromium-browser: Use after free in WebRTC
        https://bugzilla.redhat.com/show_bug.cgi?id=1899232
  [ 20 ] Bug #1899233 - CVE-2020-16027 chromium-browser: Insufficient policy enforcement in developer tools
        https://bugzilla.redhat.com/show_bug.cgi?id=1899233
  [ 21 ] Bug #1899234 - CVE-2020-16028 chromium-browser: Heap buffer overflow in WebRTC
        https://bugzilla.redhat.com/show_bug.cgi?id=1899234
  [ 22 ] Bug #1899235 - CVE-2020-16029 chromium-browser: Inappropriate implementation in PDFium
        https://bugzilla.redhat.com/show_bug.cgi?id=1899235
  [ 23 ] Bug #1899237 - CVE-2020-16030 chromium-browser: Insufficient data validation in Blink
        https://bugzilla.redhat.com/show_bug.cgi?id=1899237
  [ 24 ] Bug #1899239 - CVE-2019-8075 flash-plugin: Same origin policy bypass leading to information disclosure
        https://bugzilla.redhat.com/show_bug.cgi?id=1899239
  [ 25 ] Bug #1899240 - CVE-2020-16031 chromium-browser: Incorrect security UI in tab preview
        https://bugzilla.redhat.com/show_bug.cgi?id=1899240
  [ 26 ] Bug #1899241 - CVE-2020-16032 chromium-browser: Incorrect security UI in sharing
        https://bugzilla.redhat.com/show_bug.cgi?id=1899241
  [ 27 ] Bug #1899242 - CVE-2020-16033 chromium-browser: Incorrect security UI in WebUSB
        https://bugzilla.redhat.com/show_bug.cgi?id=1899242
  [ 28 ] Bug #1899243 - CVE-2020-16034 chromium-browser: Inappropriate implementation in WebRTC
        https://bugzilla.redhat.com/show_bug.cgi?id=1899243
  [ 29 ] Bug #1899244 - CVE-2020-16035 chromium-browser: Insufficient data validation in cros-disks
        https://bugzilla.redhat.com/show_bug.cgi?id=1899244
  [ 30 ] Bug #1899245 - CVE-2020-16036 chromium-browser: Inappropriate implementation in cookies
        https://bugzilla.redhat.com/show_bug.cgi?id=1899245
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2020-3e005ce2e0' at the command
line. For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it.
To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it.
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it.

    Get the Latest News & Insights

    Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox

    Related News

    SolarWinds defense: How to stop similar attacks
    SolarWinds defense: How to stop similar attacks
    CloudLinux readies CentOS Linux replacement: AlmaLinux
    CloudLinux readies CentOS Linux replacement: AlmaLinux
    This Decade's Most Significant Security Vulnerabilities at a Glance
    This Decade's Most Significant Security Vulnerabilities at a Glance
    What must be done to bring Linux to the Apple M1 chip
    What must be done to bring Linux to the Apple M1 chip

    Advisories

    Debian LTS: DLA-2527-1: snapd security update
    Date 17 Jan 2021 @ 22:20
    Fedora 33: glibc 2021-6feb090c97
    Date 17 Jan 2021 @ 15:35
    openSUSE: 2021:0101-1 moderate: php7
    Date 17 Jan 2021 @ 14:18
    openSUSE: 2021:0102-1 moderate: openldap2
    Date 17 Jan 2021 @ 14:16

    LinuxSecurity Poll

    'Tis the season of giving! How have you given back to the open-source community?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/49-tis-the-season-of-giving-how-have-you-given-back-to-the-open-source-community?task=poll.vote&format=json
    49
    radio
    [{"id":"171","title":"I've contributed to the development of an open-source project.","votes":"8","type":"x","order":"1","pct":27.59,"resources":[]},{"id":"172","title":"I've reviewed open-source code for security bugs.","votes":"6","type":"x","order":"2","pct":20.69,"resources":[]},{"id":"173","title":"I've made a donation to an open-source project.","votes":"15","type":"x","order":"3","pct":51.72,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    VIEW MORE POLLS

    bottom 200
    Phishing Is The #1 Cybersecurity Threat Businesses Face

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy. 

    Our Cookie Policy