Fedora 35: FEDORA-2022-d1a15f9cdb Critical: Chromium Update Issues

Chromium is an open-source web browser, powered by WebKit (Blink).

Update Chromium to 99.0.4844.51. Fixes, well, a LOT of security bugs. Sorry

about that. CVE-2021-22570 CVE-2022-0096 CVE-2022-0097 CVE-2022-0098

CVE-2022-0099 CVE-2022-0100 CVE-2022-0101 CVE-2022-0102 CVE-2022-0103

CVE-2022-0104 CVE-2022-0105 CVE-2022-0106 CVE-2022-0107 CVE-2022-0108

CVE-2022-0109 CVE-2022-0110 CVE-2022-0111 CVE-2022-0112 CVE-2022-0113

CVE-2022-0114 CVE-2022-0115 CVE-2022-0116 CVE-2022-0117 CVE-2022-0118

CVE-2022-0120 CVE-2022-0789 CVE-2022-0790 CVE-2022-0791 CVE-2022-0792

CVE-2022-0793 CVE-2022-0794 CVE-2022-0795 CVE-2022-0796 CVE-2022-0797

CVE-2022-0798 CVE-2022-0799 CVE-2022-0800 CVE-2022-0801 CVE-2022-0802

CVE-2022-0803 CVE-2022-0804 CVE-2022-0805 CVE-2022-0806 CVE-2022-0807

CVE-2022-0808 CVE-2022-0809

* Sat Mar 5 2022 Tom Callaway - 99.0.4844.5-1

- update to 99.0.4844.5

* Fri Feb 25 2022 Tom Callaway - 98.0.4758.102-1

- update to 98.0.4758.102

- fix build issue with subzero and gcc12

* Tue Feb 8 2022 Tom Callaway - 98.0.4758.80-1

- update to 98.0.4758.80

* Sat Feb 5 2022 Jiri Vanek - 96.0.4664.110-9

- Rebuilt for java-17-openjdk as system jdk

* Wed Jan 19 2022 Fedora Release Engineering - 96.0.4664.110-8

- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild

* Wed Jan 5 2022 Tom Callaway - 96.0.4664.110-7

- i hate regex. trying again

* Tue Jan 4 2022 Tom Callaway - 96.0.4664.110-6

- always filter provides, was previously inside conditional for shared builds

* Mon Jan 3 2022 Tom Callaway - 96.0.4664.110-5

- fix provides filtering to be more inclusive (and work properly)

* Thu Dec 30 2021 Tom Callaway - 96.0.4664.110-4

- package up more swiftshader/angle stuff

- move swiftshader files to -common so headless can use them

[ 1 ] Bug #2037457 - CVE-2022-0096 chromium-browser: Use after free in Storage

https://bugzilla.redhat.com/show_bug.cgi?id=2037457

[ 2 ] Bug #2037458 - CVE-2022-0097 chromium-browser: Inappropriate implementation in DevTools

https://bugzilla.redhat.com/show_bug.cgi?id=2037458

[ 3 ] Bug #2037459 - CVE-2022-0098 chromium-browser: Use after free in Screen Capture

https://bugzilla.redhat.com/show_bug.cgi?id=2037459

[ 4 ] Bug #2037460 - CVE-2022-0099 chromium-browser: Use after free in Sign-in

https://bugzilla.redhat.com/show_bug.cgi?id=2037460

[ 5 ] Bug #2037461 - CVE-2022-0100 chromium-browser: Heap buffer overflow in Media streams API

https://bugzilla.redhat.com/show_bug.cgi?id=2037461

[ 6 ] Bug #2037462 - CVE-2022-0101 chromium-browser: Heap buffer overflow in Bookmarks

https://bugzilla.redhat.com/show_bug.cgi?id=2037462

[ 7 ] Bug #2037463 - CVE-2022-0102 chromium-browser: Type Confusion in V8

https://bugzilla.redhat.com/show_bug.cgi?id=2037463

[ 8 ] Bug #2037464 - CVE-2022-0103 chromium-browser: Use after free in SwiftShader

https://bugzilla.redhat.com/show_bug.cgi?id=2037464

[ 9 ] Bug #2037465 - CVE-2022-0104 chromium-browser: Heap buffer overflow in ANGLE

https://bugzilla.redhat.com/show_bug.cgi?id=2037465

[ 10 ] Bug #2037466 - CVE-2022-0105 chromium-browser: Use after free in PDF

https://bugzilla.redhat.com/show_bug.cgi?id=2037466

[ 11 ] Bug #2037467 - CVE-2022-0106 chromium-browser: Use after free in Autofill

https://bugzilla.redhat.com/show_bug.cgi?id=2037467

[ 12 ] Bug #2037468 - CVE-2022-0107 chromium-browser: Use after free in File Manager API

https://bugzilla.redhat.com/show_bug.cgi?id=2037468

[ 13 ] Bug #2037469 - CVE-2022-0108 chromium-browser: Inappropriate implementation in Navigation

https://bugzilla.redhat.com/show_bug.cgi?id=2037469

[ 14 ] Bug #2037470 - CVE-2022-0109 chromium-browser: Inappropriate implementation in Autofill

https://bugzilla.redhat.com/show_bug.cgi?id=2037470

[ 15 ] Bug #2037471 - CVE-2022-0110 chromium-browser: Incorrect security UI in Autofill

https://bugzilla.redhat.com/show_bug.cgi?id=2037471

[ 16 ] Bug #2037472 - CVE-2022-0111 chromium-browser: Inappropriate implementation in Navigation

https://bugzilla.redhat.com/show_bug.cgi?id=2037472

[ 17 ] Bug #2037473 - CVE-2022-0112 chromium-browser: Incorrect security UI in Browser UI

https://bugzilla.redhat.com/show_bug.cgi?id=2037473

[ 18 ] Bug #2037474 - CVE-2022-0113 chromium-browser: Inappropriate implementation in Blink

https://bugzilla.redhat.com/show_bug.cgi?id=2037474

[ 19 ] Bug #2037475 - CVE-2022-0114 chromium-browser: Out of bounds memory access in Web Serial

https://bugzilla.redhat.com/show_bug.cgi?id=2037475

[ 20 ] Bug #2037476 - CVE-2022-0115 chromium-browser: Uninitialized Use in File API

https://bugzilla.redhat.com/show_bug.cgi?id=2037476

[ 21 ] Bug #2037477 - CVE-2022-0116 chromium-browser: Inappropriate implementation in Compositing

https://bugzilla.redhat.com/show_bug.cgi?id=2037477

[ 22 ] Bug #2037478 - CVE-2022-0117 chromium-browser: Policy bypass in Service Workers

https://bugzilla.redhat.com/show_bug.cgi?id=2037478

[ 23 ] Bug #2037479 - CVE-2022-0118 chromium-browser: Inappropriate implementation in WebShare

https://bugzilla.redhat.com/show_bug.cgi?id=2037479

[ 24 ] Bug #2037480 - CVE-2022-0120 chromium-browser: Inappropriate implementation in Passwords

https://bugzilla.redhat.com/show_bug.cgi?id=2037480

[ 25 ] Bug #2049429 - CVE-2021-22570 protobuf: Incorrect parsing of nullchar in the proto symbol leads to Nullptr dereference

https://bugzilla.redhat.com/show_bug.cgi?id=2049429

[ 26 ] Bug #2059898 - CVE-2022-0789 chromium-browser: Heap buffer overflow in ANGLE

https://bugzilla.redhat.com/show_bug.cgi?id=2059898

[ 27 ] Bug #2059900 - CVE-2022-0791 chromium-browser: Use after free in Omnibox

https://bugzilla.redhat.com/show_bug.cgi?id=2059900

[ 28 ] Bug #2059901 - CVE-2022-0792 chromium-browser: Out of bounds read in ANGLE

https://bugzilla.redhat.com/show_bug.cgi?id=2059901

[ 29 ] Bug #2059902 - CVE-2022-0793 chromium-browser: Use after free in Views

https://bugzilla.redhat.com/show_bug.cgi?id=2059902

[ 30 ] Bug #2059905 - CVE-2022-0796 chromium-browser: Use after free in Media

https://bugzilla.redhat.com/show_bug.cgi?id=2059905

[ 31 ] Bug #2059910 - CVE-2022-0801 chromium-browser: Inappropriate implementation in HTML parser

https://bugzilla.redhat.com/show_bug.cgi?id=2059910

[ 32 ] Bug #2059911 - CVE-2022-0802 chromium-browser: Inappropriate implementation in Full screen mode

https://bugzilla.redhat.com/show_bug.cgi?id=2059911

[ 33 ] Bug #2059912 - CVE-2022-0803 chromium-browser: Inappropriate implementation in Permissions

https://bugzilla.redhat.com/show_bug.cgi?id=2059912

[ 34 ] Bug #2059913 - CVE-2022-0804 chromium-browser: Inappropriate implementation in Full screen mode

https://bugzilla.redhat.com/show_bug.cgi?id=2059913

[ 35 ] Bug #2059914 - CVE-2022-0805 chromium-browser: Use after free in Browser Switcher

https://bugzilla.redhat.com/show_bug.cgi?id=2059914

[ 36 ] Bug #2059915 - CVE-2022-0806 chromium-browser: Data leak in Canvas

https://bugzilla.redhat.com/show_bug.cgi?id=2059915

[ 37 ] Bug #2059916 - CVE-2022-0807 chromium-browser: Inappropriate implementation in Autofill

https://bugzilla.redhat.com/show_bug.cgi?id=2059916

su -c 'dnf upgrade --advisory FEDORA-2022-d1a15f9cdb' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure