Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Fedora 32: FEDORA-2020-17149a4f3d Moderate: Multiple Chromium Issues

fedora
Calendar Grey March 27, 2020
Dist Fedora Esm H88
The latest Chromium update for Fedora tackles various security concerns, specifically targeting vulnerabilities found in audio processing and WebGL.
Update to 80.0.3987.149

Summary

Chromium is an open-source web browser, powered by WebKit (Blink).

Update to 80.0.3987.149. Upstream says it fixes "13" security issues, but only

lists these CVEs: * CVE-2020-6422: Use after free in WebGL * CVE-2020-6424: Use

after free in media * CVE-2020-6425: Insufficient policy enforcement in

extensions. * CVE-2020-6426: Inappropriate implementation in V8 *

CVE-2020-6427: Use after free in audio * CVE-2020-6428: Use after free in audio

* CVE-2020-6429: Use after free in audio. * CVE-2019-20503: Out of bounds read

in usersctplib. * CVE-2020-6449: Use after free in audio

* Wed Mar 18 2020 Tom Callaway - 80.0.3987.149-1

- update to 80.0.3987.149

* Thu Feb 27 2020 Tom Callaway - 80.0.3987.132-1

- update to 80.0.3987.132

- disable C++17 changes (this means f32+ will no longer build, but it segfaulted immediately)

* Thu Feb 27 2020 Tom Callaway - 80.0.3987.122-1

- update to 80.0.3987.122

* Mon Feb 17 2020 Tom Callaway - 80.0.3987.106-1

- update to 80.0.3987.106

* Wed Feb 5 2020 Tom Callaway - 80.0.3987.87-1

- update to 80.0.3987.87

* Tue Jan 28 2020 Fedora Release Engineering - 79.0.3945.130-2

- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild

[ 1 ] Bug #1815241 - CVE-2020-6424 chromium-browser: Use after free in media

https://bugzilla.redhat.com/show_bug.cgi?id=1815241

[ 2 ] Bug #1815242 - CVE-2020-6425 chromium-browser: Insufficient policy enforcement in extensions

https://bugzilla.redhat.com/show_bug.cgi?id=1815242

[ 3 ] Bug #1815243 - CVE-2020-6426 chromium-browser: Inappropriate implementation in V8

https://bugzilla.redhat.com/show_bug.cgi?id=1815243

[ 4 ] Bug #1815244 - CVE-2020-6427 chromium-browser: Use after free in audio

https://bugzilla.redhat.com/show_bug.cgi?id=1815244

[ 5 ] Bug #1815245 - CVE-2020-6428 chromium-browser: Use after free in audio

https://bugzilla.redhat.com/show_bug.cgi?id=1815245

[ 6 ] Bug #1815247 - CVE-2020-6429 chromium-browser: Use after free in audio

https://bugzilla.redhat.com/show_bug.cgi?id=1815247

[ 7 ] Bug #1815248 - CVE-2020-6449 chromium-browser: Use after free in audio

https://bugzilla.redhat.com/show_bug.cgi?id=1815248

[ 8 ] Bug #1815259 - CVE-2020-6422 chromium-browser: Use after free in WebGL

https://bugzilla.redhat.com/show_bug.cgi?id=1815259

su -c 'dnf upgrade --advisory FEDORA-2020-17149a4f3d' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Topics%20covered

Topics Covered

security advisory fedora update browser policy enforcement webgl audio

Change Log

References

Update Instructions

Product: Fedora 32
Version: 80.0.3987.149
Release: 1.fc32
URL: https://www.chromium.org/Home/
Summary: A WebKit (Blink) powered web browser

Topics%20covered

Topics Covered

security advisory fedora update browser policy enforcement webgl audio

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here