Back
    Linux Security
    Linux Security
    Linux Security

    Fedora 32: chromium 2021-d9faeff8eb

    Date 22 Jan 2021
    Category Fedora Linux Distribution - Security Advisories
    217
    Posted By LinuxSecurity Advisories
    Update to 87.0.4280.141. Fixes: CVE-2021-21106 CVE-2021-21107 CVE-2021-21108 CVE-2021-21109 CVE-2021-21110 CVE-2021-21111 CVE-2021-21112 CVE-2021-21113 CVE-2020-16043 CVE-2021-21114 CVE-2020-15995 CVE-2021-21115 CVE-2021-21116 
    --------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2021-d9faeff8eb
2021-01-23 01:29:49.091278
--------------------------------------------------------------------------------

Name        : chromium
Product     : Fedora 32
Version     : 87.0.4280.141
Release     : 1.fc32
URL         : https://www.chromium.org/Home
Summary     : A WebKit (Blink) powered web browser
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).

--------------------------------------------------------------------------------
Update Information:

Update to 87.0.4280.141. Fixes:  CVE-2021-21106 CVE-2021-21107 CVE-2021-21108
CVE-2021-21109 CVE-2021-21110 CVE-2021-21111 CVE-2021-21112  CVE-2021-21113
CVE-2020-16043 CVE-2021-21114 CVE-2020-15995 CVE-2021-21115 CVE-2021-21116
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jan 13 2021 Tom Callaway  - 87.0.4280.141-1
- update to 87.0.4280.141
* Wed Dec 30 2020 Tom Callaway  - 87.0.4280.88-2
- rebuild against new gcc (rawhide)
* Thu Dec 17 2020 Tom Callaway  - 87.0.4280.88-1.1
- add two patches for missing headers to build with gcc 11
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1913624 - CVE-2021-21106 chromium-browser: Use after free in autofill
        https://bugzilla.redhat.com/show_bug.cgi?id=1913624
  [ 2 ] Bug #1913625 - CVE-2021-21107 chromium-browser: Use after free in drag and drop
        https://bugzilla.redhat.com/show_bug.cgi?id=1913625
  [ 3 ] Bug #1913626 - CVE-2021-21108 chromium-browser: Use after free in media
        https://bugzilla.redhat.com/show_bug.cgi?id=1913626
  [ 4 ] Bug #1913627 - CVE-2021-21109 chromium-browser: Use after free in payments
        https://bugzilla.redhat.com/show_bug.cgi?id=1913627
  [ 5 ] Bug #1913629 - CVE-2021-21110 chromium-browser: Use after free in safe browsing
        https://bugzilla.redhat.com/show_bug.cgi?id=1913629
  [ 6 ] Bug #1913630 - CVE-2021-21111 chromium-browser: Insufficient policy enforcement in WebUI
        https://bugzilla.redhat.com/show_bug.cgi?id=1913630
  [ 7 ] Bug #1913631 - CVE-2021-21112 chromium-browser: Use after free in Blink
        https://bugzilla.redhat.com/show_bug.cgi?id=1913631
  [ 8 ] Bug #1913632 - CVE-2021-21113 chromium-browser: Heap buffer overflow in Skia
        https://bugzilla.redhat.com/show_bug.cgi?id=1913632
  [ 9 ] Bug #1913633 - CVE-2020-16043 chromium-browser: Insufficient data validation in networking
        https://bugzilla.redhat.com/show_bug.cgi?id=1913633
  [ 10 ] Bug #1913634 - CVE-2021-21114 chromium-browser: Use after free in audio
        https://bugzilla.redhat.com/show_bug.cgi?id=1913634
  [ 11 ] Bug #1913635 - CVE-2020-15995 chromium-browser: Out of bounds write in V8
        https://bugzilla.redhat.com/show_bug.cgi?id=1913635
  [ 12 ] Bug #1913636 - CVE-2021-21115 chromium-browser: Use after free in safe browsing
        https://bugzilla.redhat.com/show_bug.cgi?id=1913636
  [ 13 ] Bug #1913637 - CVE-2021-21116 chromium-browser: Heap buffer overflow in audio
        https://bugzilla.redhat.com/show_bug.cgi?id=1913637
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2021-d9faeff8eb' at the command
line. For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it.
To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it.
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it.

    Get the Latest News & Insights

    Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox

    Related News

    Microsoft: We've open-sourced this tool we used to hunt for code by SolarWinds hackers
    Microsoft: We've open-sourced this tool we used to hunt for code by SolarWinds hackers
    Sysdig Donates Module to CNCF to Improve Linux Security
    Sysdig Donates Module to CNCF to Improve Linux Security
    LS Hmepg 337x500 2 Esm W120
    'We're finding bugs way faster than we can fix them': Google sponsors 2 full-time devs to improve Linux security
    Top Linux distro tells users: Stop using out of date versions, update your software now
    Top Linux distro tells users: Stop using out of date versions, update your software now

    Advisories

    Debian: DSA-4864-1: python-aiohttp security update
    Date 26 Feb 2021 @ 22:32
    SUSE: 2021:58-1 suse/sle15 Security Update
    Date 26 Feb 2021 @ 22:05
    openSUSE: 2021:0349-1 important: python-cryptography
    Date 26 Feb 2021 @ 14:17
    Fedora 33: kernel 2021-7143aca8cb
    Date 26 Feb 2021 @ 13:55

    LinuxSecurity Poll

    'Tis the season of giving! How have you given back to the open-source community?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/49-tis-the-season-of-giving-how-have-you-given-back-to-the-open-source-community?task=poll.vote&format=json
    49
    radio
    [{"id":"171","title":"I've contributed to the development of an open-source project.","votes":"22","type":"x","order":"1","pct":34.92,"resources":[]},{"id":"172","title":"I've reviewed open-source code for security bugs.","votes":"13","type":"x","order":"2","pct":20.63,"resources":[]},{"id":"173","title":"I've made a donation to an open-source project.","votes":"28","type":"x","order":"3","pct":44.44,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    VIEW MORE POLLS

    bottom 200
    Phishing Is The #1 Cybersecurity Threat Businesses Face

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy. 

    Our Cookie Policy