Fedora 32: chromium FEDORA-2020-17149a4f3d

    Date 27 Mar 2020
    202
    Posted By LinuxSecurity Advisories
    Update to 80.0.3987.149. Upstream says it fixes "13" security issues, but only lists these CVEs: * CVE-2020-6422: Use after free in WebGL * CVE-2020-6424: Use after free in media * CVE-2020-6425: Insufficient policy enforcement in extensions. * CVE-2020-6426: Inappropriate implementation in V8 * CVE-2020-6427: Use after free in audio * CVE-2020-6428: Use after free in audio
    --------------------------------------------------------------------------------
    Fedora Update Notification
    FEDORA-2020-17149a4f3d
    2020-03-27 07:58:57.670570
    --------------------------------------------------------------------------------
    
    Name        : chromium
    Product     : Fedora 32
    Version     : 80.0.3987.149
    Release     : 1.fc32
    URL         : https://www.chromium.org/Home
    Summary     : A WebKit (Blink) powered web browser
    Description :
    Chromium is an open-source web browser, powered by WebKit (Blink).
    
    --------------------------------------------------------------------------------
    Update Information:
    
    Update to 80.0.3987.149. Upstream says it fixes "13" security issues, but only
    lists these CVEs:  * CVE-2020-6422: Use after free in WebGL * CVE-2020-6424: Use
    after free in media * CVE-2020-6425: Insufficient policy enforcement in
    extensions.  * CVE-2020-6426: Inappropriate implementation in V8 *
    CVE-2020-6427: Use after free in audio * CVE-2020-6428: Use after free in audio
    * CVE-2020-6429: Use after free in audio. * CVE-2019-20503: Out of bounds read
    in usersctplib. * CVE-2020-6449: Use after free in audio
    --------------------------------------------------------------------------------
    ChangeLog:
    
    * Wed Mar 18 2020 Tom Callaway  - 80.0.3987.149-1
    - update to 80.0.3987.149
    * Thu Feb 27 2020 Tom Callaway  - 80.0.3987.132-1
    - update to 80.0.3987.132
    - disable C++17 changes (this means f32+ will no longer build, but it segfaulted immediately)
    * Thu Feb 27 2020 Tom Callaway  - 80.0.3987.122-1
    - update to 80.0.3987.122
    * Mon Feb 17 2020 Tom Callaway  - 80.0.3987.106-1
    - update to 80.0.3987.106
    * Wed Feb  5 2020 Tom Callaway  - 80.0.3987.87-1
    - update to 80.0.3987.87
    * Tue Jan 28 2020 Fedora Release Engineering  - 79.0.3945.130-2
    - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
    --------------------------------------------------------------------------------
    References:
    
      [ 1 ] Bug #1815241 - CVE-2020-6424 chromium-browser: Use after free in media
            https://bugzilla.redhat.com/show_bug.cgi?id=1815241
      [ 2 ] Bug #1815242 - CVE-2020-6425 chromium-browser: Insufficient policy enforcement in extensions
            https://bugzilla.redhat.com/show_bug.cgi?id=1815242
      [ 3 ] Bug #1815243 - CVE-2020-6426 chromium-browser: Inappropriate implementation in V8
            https://bugzilla.redhat.com/show_bug.cgi?id=1815243
      [ 4 ] Bug #1815244 - CVE-2020-6427 chromium-browser: Use after free in audio
            https://bugzilla.redhat.com/show_bug.cgi?id=1815244
      [ 5 ] Bug #1815245 - CVE-2020-6428 chromium-browser: Use after free in audio
            https://bugzilla.redhat.com/show_bug.cgi?id=1815245
      [ 6 ] Bug #1815247 - CVE-2020-6429 chromium-browser: Use after free in audio
            https://bugzilla.redhat.com/show_bug.cgi?id=1815247
      [ 7 ] Bug #1815248 - CVE-2020-6449 chromium-browser: Use after free in audio
            https://bugzilla.redhat.com/show_bug.cgi?id=1815248
      [ 8 ] Bug #1815259 - CVE-2020-6422 chromium-browser: Use after free in WebGL
            https://bugzilla.redhat.com/show_bug.cgi?id=1815259
    --------------------------------------------------------------------------------
    
    This update can be installed with the "dnf" update program. Use
    su -c 'dnf upgrade --advisory FEDORA-2020-17149a4f3d' at the command
    line. For more information, refer to the dnf documentation available at
    https://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
    
    All packages are signed with the Fedora Project GPG key. More details on the
    GPG keys used by the Fedora Project can be found at
    https://fedoraproject.org/keys
    --------------------------------------------------------------------------------
    _______________________________________________
    package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it.
    To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it.
    Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
    List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
    List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it.
    

    LinuxSecurity Poll

    What do you think of the LinuxSecurity Privacy news articles?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/25-what-do-you-think-of-the-linuxsecurity-privacy-news-articles?task=poll.vote&format=json
    25
    radio
    [{"id":"90","title":"Love them!","votes":"94","type":"x","order":"1","pct":79.66,"resources":[]},{"id":"91","title":"I'm indifferent","votes":"18","type":"x","order":"2","pct":15.25,"resources":[]},{"id":"92","title":"Not interested in this topic","votes":"6","type":"x","order":"3","pct":5.08,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.