Fedora 32: chromium 2020-a1f140614b
Summary
Chromium is an open-source web browser, powered by WebKit (Blink).
Update to Chromium 85.0.4183.83. Bugs fixed, security holes patched, and
features added. Hold on to your butts. List of CVEs resolved with this update:
CVE-2020-6532 CVE-2020-6537 CVE-2020-6538 CVE-2020-6539 CVE-2020-6540
CVE-2020-6541 CVE-2020-6542 CVE-2020-6543 CVE-2020-6544 CVE-2020-6545
CVE-2020-6546 CVE-2020-6547 CVE-2020-6548 CVE-2020-6549 CVE-2020-6550
CVE-2020-6551 CVE-2020-6552 CVE-2020-6553 CVE-2020-6554 CVE-2020-6555
CVE-2020-6556 CVE-2020-6559 CVE-2020-6560 CVE-2020-6561 CVE-2020-6562
CVE-2020-6563 CVE-2020-6564 CVE-2020-6565 CVE-2020-6566 CVE-2020-6567
CVE-2020-6568 CVE-2020-6569 CVE-2020-6570 CVE-2020-6571
* Wed Aug 26 2020 Tom Callaway
- update to 85.0.4183.83
* Thu Aug 20 2020 Tom Callaway
- update to 84.0.4147.135
- conditionalize build_clear_key_cdm
- disable build_clear_key_cdm on F33+ aarch64 until binutils bug is fixed
- properly install libclearkeycdm.so everywhere else (whoops)
* Mon Aug 17 2020 Tom Callaway
- force fix_textrels fix in ffmpeg for i686 (even without lld)
* Mon Aug 10 2020 Tom Callaway
- update to 84.0.4147.125
* Sat Aug 1 2020 Fedora Release Engineering
- Second attempt - Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Fri Jul 31 2020 Tom Callaway
- update to 84.0.4147.105
* Mon Jul 27 2020 Fedora Release Engineering
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
[ 1 ] Bug #1861464 - CVE-2020-6537 chromium-browser: Type Confusion in V8
https://bugzilla.redhat.com/show_bug.cgi?id=1861464
[ 2 ] Bug #1861465 - CVE-2020-6538 chromium-browser: Inappropriate implementation in WebView
https://bugzilla.redhat.com/show_bug.cgi?id=1861465
[ 3 ] Bug #1861466 - CVE-2020-6532 chromium-browser: Use after free in SCTP
https://bugzilla.redhat.com/show_bug.cgi?id=1861466
[ 4 ] Bug #1861467 - CVE-2020-6539 chromium-browser: Use after free in CSS
https://bugzilla.redhat.com/show_bug.cgi?id=1861467
[ 5 ] Bug #1861468 - CVE-2020-6540 chromium-browser: Heap buffer overflow in Skia
https://bugzilla.redhat.com/show_bug.cgi?id=1861468
[ 6 ] Bug #1861469 - CVE-2020-6541 chromium-browser: Use after free in WebUSB
https://bugzilla.redhat.com/show_bug.cgi?id=1861469
[ 7 ] Bug #1867939 - CVE-2020-6542 chromium-browser: Use after free in ANGLE
https://bugzilla.redhat.com/show_bug.cgi?id=1867939
[ 8 ] Bug #1867940 - CVE-2020-6543 chromium-browser: Use after free in task scheduling
https://bugzilla.redhat.com/show_bug.cgi?id=1867940
[ 9 ] Bug #1867941 - CVE-2020-6544 chromium-browser: Use after free in media
https://bugzilla.redhat.com/show_bug.cgi?id=1867941
[ 10 ] Bug #1867942 - CVE-2020-6545 chromium-browser: Use after free in audio
https://bugzilla.redhat.com/show_bug.cgi?id=1867942
[ 11 ] Bug #1867943 - CVE-2020-6546 chromium-browser: Inappropriate implementation in installer
https://bugzilla.redhat.com/show_bug.cgi?id=1867943
[ 12 ] Bug #1867944 - CVE-2020-6547 chromium-browser: Incorrect security UI in media
https://bugzilla.redhat.com/show_bug.cgi?id=1867944
[ 13 ] Bug #1867945 - CVE-2020-6548 chromium-browser: Heap buffer overflow in Skia
https://bugzilla.redhat.com/show_bug.cgi?id=1867945
[ 14 ] Bug #1867946 - CVE-2020-6549 chromium-browser: Use after free in media
https://bugzilla.redhat.com/show_bug.cgi?id=1867946
[ 15 ] Bug #1867947 - CVE-2020-6550 chromium-browser: Use after free in IndexedDB
https://bugzilla.redhat.com/show_bug.cgi?id=1867947
[ 16 ] Bug #1867948 - CVE-2020-6551 chromium-browser: Use after free in WebXR
https://bugzilla.redhat.com/show_bug.cgi?id=1867948
[ 17 ] Bug #1867949 - CVE-2020-6552 chromium-browser: Use after free in Blink
https://bugzilla.redhat.com/show_bug.cgi?id=1867949
[ 18 ] Bug #1867950 - CVE-2020-6553 chromium-browser: Use after free in offline mode
https://bugzilla.redhat.com/show_bug.cgi?id=1867950
[ 19 ] Bug #1867951 - CVE-2020-6554 chromium-browser: Use after free in extensions
https://bugzilla.redhat.com/show_bug.cgi?id=1867951
[ 20 ] Bug #1867952 - CVE-2020-6555 chromium-browser: Out of bounds read in WebGL
https://bugzilla.redhat.com/show_bug.cgi?id=1867952
[ 21 ] Bug #1870002 - CVE-2020-6556 chromium-browser: Heap buffer overflow in SwiftShader
https://bugzilla.redhat.com/show_bug.cgi?id=1870002
[ 22 ] Bug #1872945 - CVE-2020-6559 chromium-browser: Use after free in presentation API
https://bugzilla.redhat.com/show_bug.cgi?id=1872945
[ 23 ] Bug #1872946 - CVE-2020-6560 chromium-browser: Insufficient policy enforcement in autofill
https://bugzilla.redhat.com/show_bug.cgi?id=1872946
[ 24 ] Bug #1872947 - CVE-2020-6561 chromium-browser: Inappropriate implementation in Content Security Policy
https://bugzilla.redhat.com/show_bug.cgi?id=1872947
[ 25 ] Bug #1872948 - CVE-2020-6562 chromium-browser: Insufficient policy enforcement in Blink
https://bugzilla.redhat.com/show_bug.cgi?id=1872948
[ 26 ] Bug #1872949 - CVE-2020-6563 chromium-browser: Insufficient policy enforcement in intent handling
https://bugzilla.redhat.com/show_bug.cgi?id=1872949
[ 27 ] Bug #1872950 - CVE-2020-6564 chromium-browser: Incorrect security UI in permissions
https://bugzilla.redhat.com/show_bug.cgi?id=1872950
[ 28 ] Bug #1872951 - CVE-2020-6565 chromium-browser: Incorrect security UI in Omnibox
https://bugzilla.redhat.com/show_bug.cgi?id=1872951
[ 29 ] Bug #1872952 - CVE-2020-6566 chromium-browser: Insufficient policy enforcement in media
https://bugzilla.redhat.com/show_bug.cgi?id=1872952
[ 30 ] Bug #1872953 - CVE-2020-6567 chromium-browser: Insufficient validation of untrusted input in command line handling
https://bugzilla.redhat.com/show_bug.cgi?id=1872953
[ 31 ] Bug #1872955 - CVE-2020-6568 chromium-browser: Insufficient policy enforcement in intent handling
https://bugzilla.redhat.com/show_bug.cgi?id=1872955
[ 32 ] Bug #1872956 - CVE-2020-6569 chromium-browser: Integer overflow in WebUSB
https://bugzilla.redhat.com/show_bug.cgi?id=1872956
[ 33 ] Bug #1872957 - CVE-2020-6570 chromium-browser: Side-channel information leakage in WebRTC
https://bugzilla.redhat.com/show_bug.cgi?id=1872957
su -c 'dnf upgrade --advisory FEDORA-2020-a1f140614b' at the command
line. For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/security/
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/
FEDORA-2020-a1f140614b 2020-09-04 15:16:42.556695 Product : Fedora 32 Version : 85.0.4183.83 Release : 1.fc32 URL : https://www.chromium.org/Home/ Summary : A WebKit (Blink) powered web browser Description : Chromium is an open-source web browser, powered by WebKit (Blink). Update to Chromium 85.0.4183.83. Bugs fixed, security holes patched, and features added. Hold on to your butts. List of CVEs resolved with this update: CVE-2020-6532 CVE-2020-6537 CVE-2020-6538 CVE-2020-6539 CVE-2020-6540 CVE-2020-6541 CVE-2020-6542 CVE-2020-6543 CVE-2020-6544 CVE-2020-6545 CVE-2020-6546 CVE-2020-6547 CVE-2020-6548 CVE-2020-6549 CVE-2020-6550 CVE-2020-6551 CVE-2020-6552 CVE-2020-6553 CVE-2020-6554 CVE-2020-6555 CVE-2020-6556 CVE-2020-6559 CVE-2020-6560 CVE-2020-6561 CVE-2020-6562 CVE-2020-6563 CVE-2020-6564 CVE-2020-6565 CVE-2020-6566 CVE-2020-6567 CVE-2020-6568 CVE-2020-6569 CVE-2020-6570 CVE-2020-6571 * Wed Aug 26 2020 Tom Callaway - 85.0.4183.83-1 - update to 85.0.4183.83 * Thu Aug 20 2020 Tom Callaway - 84.0.4147.135-1 - update to 84.0.4147.135 - conditionalize build_clear_key_cdm - disable build_clear_key_cdm on F33+ aarch64 until binutils bug is fixed - properly install libclearkeycdm.so everywhere else (whoops) * Mon Aug 17 2020 Tom Callaway - 84.0.4147.125-2 - force fix_textrels fix in ffmpeg for i686 (even without lld) * Mon Aug 10 2020 Tom Callaway - 84.0.4147.125-1 - update to 84.0.4147.125 * Sat Aug 1 2020 Fedora Release Engineering - 84.0.4147.105-2 - Second attempt - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild * Fri Jul 31 2020 Tom Callaway - 84.0.4147.105-1 - update to 84.0.4147.105 * Mon Jul 27 2020 Fedora Release Engineering - 84.0.4147.89-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild [ 1 ] Bug #1861464 - CVE-2020-6537 chromium-browser: Type Confusion in V8 https://bugzilla.redhat.com/show_bug.cgi?id=1861464 [ 2 ] Bug #1861465 - CVE-2020-6538 chromium-browser: Inappropriate implementation in WebView https://bugzilla.redhat.com/show_bug.cgi?id=1861465 [ 3 ] Bug #1861466 - CVE-2020-6532 chromium-browser: Use after free in SCTP https://bugzilla.redhat.com/show_bug.cgi?id=1861466 [ 4 ] Bug #1861467 - CVE-2020-6539 chromium-browser: Use after free in CSS https://bugzilla.redhat.com/show_bug.cgi?id=1861467 [ 5 ] Bug #1861468 - CVE-2020-6540 chromium-browser: Heap buffer overflow in Skia https://bugzilla.redhat.com/show_bug.cgi?id=1861468 [ 6 ] Bug #1861469 - CVE-2020-6541 chromium-browser: Use after free in WebUSB https://bugzilla.redhat.com/show_bug.cgi?id=1861469 [ 7 ] Bug #1867939 - CVE-2020-6542 chromium-browser: Use after free in ANGLE https://bugzilla.redhat.com/show_bug.cgi?id=1867939 [ 8 ] Bug #1867940 - CVE-2020-6543 chromium-browser: Use after free in task scheduling https://bugzilla.redhat.com/show_bug.cgi?id=1867940 [ 9 ] Bug #1867941 - CVE-2020-6544 chromium-browser: Use after free in media https://bugzilla.redhat.com/show_bug.cgi?id=1867941 [ 10 ] Bug #1867942 - CVE-2020-6545 chromium-browser: Use after free in audio https://bugzilla.redhat.com/show_bug.cgi?id=1867942 [ 11 ] Bug #1867943 - CVE-2020-6546 chromium-browser: Inappropriate implementation in installer https://bugzilla.redhat.com/show_bug.cgi?id=1867943 [ 12 ] Bug #1867944 - CVE-2020-6547 chromium-browser: Incorrect security UI in media https://bugzilla.redhat.com/show_bug.cgi?id=1867944 [ 13 ] Bug #1867945 - CVE-2020-6548 chromium-browser: Heap buffer overflow in Skia https://bugzilla.redhat.com/show_bug.cgi?id=1867945 [ 14 ] Bug #1867946 - CVE-2020-6549 chromium-browser: Use after free in media https://bugzilla.redhat.com/show_bug.cgi?id=1867946 [ 15 ] Bug #1867947 - CVE-2020-6550 chromium-browser: Use after free in IndexedDB https://bugzilla.redhat.com/show_bug.cgi?id=1867947 [ 16 ] Bug #1867948 - CVE-2020-6551 chromium-browser: Use after free in WebXR https://bugzilla.redhat.com/show_bug.cgi?id=1867948 [ 17 ] Bug #1867949 - CVE-2020-6552 chromium-browser: Use after free in Blink https://bugzilla.redhat.com/show_bug.cgi?id=1867949 [ 18 ] Bug #1867950 - CVE-2020-6553 chromium-browser: Use after free in offline mode https://bugzilla.redhat.com/show_bug.cgi?id=1867950 [ 19 ] Bug #1867951 - CVE-2020-6554 chromium-browser: Use after free in extensions https://bugzilla.redhat.com/show_bug.cgi?id=1867951 [ 20 ] Bug #1867952 - CVE-2020-6555 chromium-browser: Out of bounds read in WebGL https://bugzilla.redhat.com/show_bug.cgi?id=1867952 [ 21 ] Bug #1870002 - CVE-2020-6556 chromium-browser: Heap buffer overflow in SwiftShader https://bugzilla.redhat.com/show_bug.cgi?id=1870002 [ 22 ] Bug #1872945 - CVE-2020-6559 chromium-browser: Use after free in presentation API https://bugzilla.redhat.com/show_bug.cgi?id=1872945 [ 23 ] Bug #1872946 - CVE-2020-6560 chromium-browser: Insufficient policy enforcement in autofill https://bugzilla.redhat.com/show_bug.cgi?id=1872946 [ 24 ] Bug #1872947 - CVE-2020-6561 chromium-browser: Inappropriate implementation in Content Security Policy https://bugzilla.redhat.com/show_bug.cgi?id=1872947 [ 25 ] Bug #1872948 - CVE-2020-6562 chromium-browser: Insufficient policy enforcement in Blink https://bugzilla.redhat.com/show_bug.cgi?id=1872948 [ 26 ] Bug #1872949 - CVE-2020-6563 chromium-browser: Insufficient policy enforcement in intent handling https://bugzilla.redhat.com/show_bug.cgi?id=1872949 [ 27 ] Bug #1872950 - CVE-2020-6564 chromium-browser: Incorrect security UI in permissions https://bugzilla.redhat.com/show_bug.cgi?id=1872950 [ 28 ] Bug #1872951 - CVE-2020-6565 chromium-browser: Incorrect security UI in Omnibox https://bugzilla.redhat.com/show_bug.cgi?id=1872951 [ 29 ] Bug #1872952 - CVE-2020-6566 chromium-browser: Insufficient policy enforcement in media https://bugzilla.redhat.com/show_bug.cgi?id=1872952 [ 30 ] Bug #1872953 - CVE-2020-6567 chromium-browser: Insufficient validation of untrusted input in command line handling https://bugzilla.redhat.com/show_bug.cgi?id=1872953 [ 31 ] Bug #1872955 - CVE-2020-6568 chromium-browser: Insufficient policy enforcement in intent handling https://bugzilla.redhat.com/show_bug.cgi?id=1872955 [ 32 ] Bug #1872956 - CVE-2020-6569 chromium-browser: Integer overflow in WebUSB https://bugzilla.redhat.com/show_bug.cgi?id=1872956 [ 33 ] Bug #1872957 - CVE-2020-6570 chromium-browser: Side-channel information leakage in WebRTC https://bugzilla.redhat.com/show_bug.cgi?id=1872957 su -c 'dnf upgrade --advisory FEDORA-2020-a1f140614b' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/
Change Log
References