Fedora 32: chromium 2021-141d8640ce | LinuxSecurity.com

Advisories

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2021-141d8640ce
2021-04-07 15:25:36.031794
--------------------------------------------------------------------------------

Name        : chromium
Product     : Fedora 32
Version     : 89.0.4389.90
Release     : 3.fc32
URL         : https://www.chromium.org/Home
Summary     : A WebKit (Blink) powered web browser that Google doesn't want you to use
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).

--------------------------------------------------------------------------------
Update Information:

Fix issue where chromium would crash upon accessing components/cast_*. Thanks to
Gentoo for the patch.  It also fixes some security issues, because why not:
CVE-2021-21191 CVE-2021-21192 CVE-2021-21193
--------------------------------------------------------------------------------
ChangeLog:

* Thu Mar 25 2021 Tom Callaway  - 89.0.4389.90-3
- apply upstream fix for newer system libva
* Wed Mar 24 2021 Tom Callaway  - 89.0.4389.90-2
- fix crashes with components/cast_*
* Thu Mar 18 2021 Tom Callaway  - 89.0.4389.90-1
- update to 89.0.4389.90
- disable auto-download of widevine binary only blob
* Mon Mar 15 2021 Tom Callaway  - 89.0.4389.82-2
- add support for futex_time64
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1939460 - CVE-2021-21191 chromium-browser: Use after free in WebRTC
        https://bugzilla.redhat.com/show_bug.cgi?id=1939460
  [ 2 ] Bug #1939461 - CVE-2021-21192 chromium-browser: Heap buffer overflow in tab groups
        https://bugzilla.redhat.com/show_bug.cgi?id=1939461
  [ 3 ] Bug #1939462 - CVE-2021-21193 chromium-browser: Use after free in Blink
        https://bugzilla.redhat.com/show_bug.cgi?id=1939462
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2021-141d8640ce' at the command
line. For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure

Fedora 32: chromium 2021-141d8640ce

April 7, 2021
Fix issue where chromium would crash upon accessing components/cast_*

Summary

Chromium is an open-source web browser, powered by WebKit (Blink).

Update Information:

Fix issue where chromium would crash upon accessing components/cast_*. Thanks to Gentoo for the patch. It also fixes some security issues, because why not: CVE-2021-21191 CVE-2021-21192 CVE-2021-21193

Change Log

* Thu Mar 25 2021 Tom Callaway - 89.0.4389.90-3 - apply upstream fix for newer system libva * Wed Mar 24 2021 Tom Callaway - 89.0.4389.90-2 - fix crashes with components/cast_* * Thu Mar 18 2021 Tom Callaway - 89.0.4389.90-1 - update to 89.0.4389.90 - disable auto-download of widevine binary only blob * Mon Mar 15 2021 Tom Callaway - 89.0.4389.82-2 - add support for futex_time64

References

[ 1 ] Bug #1939460 - CVE-2021-21191 chromium-browser: Use after free in WebRTC https://bugzilla.redhat.com/show_bug.cgi?id=1939460 [ 2 ] Bug #1939461 - CVE-2021-21192 chromium-browser: Heap buffer overflow in tab groups https://bugzilla.redhat.com/show_bug.cgi?id=1939461 [ 3 ] Bug #1939462 - CVE-2021-21193 chromium-browser: Use after free in Blink https://bugzilla.redhat.com/show_bug.cgi?id=1939462

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2021-141d8640ce' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
Name : chromium
Product : Fedora 32
Version : 89.0.4389.90
Release : 3.fc32
URL : https://www.chromium.org/Home
Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.