Fedora 36: chromium 2022-1d3d5a0341 | LinuxSecurity.com
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2022-1d3d5a0341
2022-07-28 01:26:41.098825
--------------------------------------------------------------------------------

Name        : chromium
Product     : Fedora 36
Version     : 103.0.5060.114
Release     : 1.fc36
URL         : https://www.chromium.org/Home
Summary     : A WebKit (Blink) powered web browser that Google doesn't want you to use
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).

--------------------------------------------------------------------------------
Update Information:

Update to 103.0.5060.114. Fixes:  CVE-2022-2156 CVE-2022-2157 CVE-2022-2158
CVE-2022-2160 CVE-2022-2161 CVE-2022-2162 CVE-2022-2163 CVE-2022-2164
CVE-2022-2165 CVE-2022-2294 CVE-2022-2295 CVE-2022-2296
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jul 13 2022 Tom Callaway  - 103.0.5060.114-1
- update to 103.0.5060.114
* Wed Jun 22 2022 Tom Callaway  - 103.0.5060.53-1
- update to 103.0.5060.53
* Thu Jun 16 2022 Tom Callaway  - 102.0.5005.115-2
- fix minizip Requires for EL9
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2099947 - CVE-2022-2156 chromium-browser: Use after free in Base
        https://bugzilla.redhat.com/show_bug.cgi?id=2099947
  [ 2 ] Bug #2099948 - CVE-2022-2157 chromium-browser: Use after free in Interest groups
        https://bugzilla.redhat.com/show_bug.cgi?id=2099948
  [ 3 ] Bug #2099949 - CVE-2022-2158 chromium-browser: Type Confusion in V8
        https://bugzilla.redhat.com/show_bug.cgi?id=2099949
  [ 4 ] Bug #2099950 - CVE-2022-2160 chromium-browser: Insufficient policy enforcement in DevTools
        https://bugzilla.redhat.com/show_bug.cgi?id=2099950
  [ 5 ] Bug #2099951 - CVE-2022-2161 chromium-browser: Use after free in WebApp Provider
        https://bugzilla.redhat.com/show_bug.cgi?id=2099951
  [ 6 ] Bug #2099952 - CVE-2022-2162 chromium-browser: Insufficient policy enforcement in File System API
        https://bugzilla.redhat.com/show_bug.cgi?id=2099952
  [ 7 ] Bug #2099953 - CVE-2022-2163 chromium-browser: Use after free in Cast UI and Toolbar
        https://bugzilla.redhat.com/show_bug.cgi?id=2099953
  [ 8 ] Bug #2099954 - CVE-2022-2164 chromium-browser: Inappropriate implementation in Extensions API
        https://bugzilla.redhat.com/show_bug.cgi?id=2099954
  [ 9 ] Bug #2099955 - CVE-2022-2165 chromium-browser: Insufficient data validation in URL formatting
        https://bugzilla.redhat.com/show_bug.cgi?id=2099955
  [ 10 ] Bug #2103854 - CVE-2022-2294 chromium-browser: Heap buffer overflow in WebRTC
        https://bugzilla.redhat.com/show_bug.cgi?id=2103854
  [ 11 ] Bug #2103855 - CVE-2022-2295 chromium-browser: Type Confusion in V8
        https://bugzilla.redhat.com/show_bug.cgi?id=2103855
  [ 12 ] Bug #2103856 - CVE-2022-2296 chromium-browser: Use after free in Chrome OS Shell
        https://bugzilla.redhat.com/show_bug.cgi?id=2103856
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2022-1d3d5a0341' at the command
line. For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure

Fedora 36: chromium 2022-1d3d5a0341

July 27, 2022
Update to 103.0.5060.114

Summary

Chromium is an open-source web browser, powered by WebKit (Blink).

Update Information:

Update to 103.0.5060.114. Fixes: CVE-2022-2156 CVE-2022-2157 CVE-2022-2158 CVE-2022-2160 CVE-2022-2161 CVE-2022-2162 CVE-2022-2163 CVE-2022-2164 CVE-2022-2165 CVE-2022-2294 CVE-2022-2295 CVE-2022-2296

Change Log

* Wed Jul 13 2022 Tom Callaway - 103.0.5060.114-1 - update to 103.0.5060.114 * Wed Jun 22 2022 Tom Callaway - 103.0.5060.53-1 - update to 103.0.5060.53 * Thu Jun 16 2022 Tom Callaway - 102.0.5005.115-2 - fix minizip Requires for EL9

References

[ 1 ] Bug #2099947 - CVE-2022-2156 chromium-browser: Use after free in Base https://bugzilla.redhat.com/show_bug.cgi?id=2099947 [ 2 ] Bug #2099948 - CVE-2022-2157 chromium-browser: Use after free in Interest groups https://bugzilla.redhat.com/show_bug.cgi?id=2099948 [ 3 ] Bug #2099949 - CVE-2022-2158 chromium-browser: Type Confusion in V8 https://bugzilla.redhat.com/show_bug.cgi?id=2099949 [ 4 ] Bug #2099950 - CVE-2022-2160 chromium-browser: Insufficient policy enforcement in DevTools https://bugzilla.redhat.com/show_bug.cgi?id=2099950 [ 5 ] Bug #2099951 - CVE-2022-2161 chromium-browser: Use after free in WebApp Provider https://bugzilla.redhat.com/show_bug.cgi?id=2099951 [ 6 ] Bug #2099952 - CVE-2022-2162 chromium-browser: Insufficient policy enforcement in File System API https://bugzilla.redhat.com/show_bug.cgi?id=2099952 [ 7 ] Bug #2099953 - CVE-2022-2163 chromium-browser: Use after free in Cast UI and Toolbar https://bugzilla.redhat.com/show_bug.cgi?id=2099953 [ 8 ] Bug #2099954 - CVE-2022-2164 chromium-browser: Inappropriate implementation in Extensions API https://bugzilla.redhat.com/show_bug.cgi?id=2099954 [ 9 ] Bug #2099955 - CVE-2022-2165 chromium-browser: Insufficient data validation in URL formatting https://bugzilla.redhat.com/show_bug.cgi?id=2099955 [ 10 ] Bug #2103854 - CVE-2022-2294 chromium-browser: Heap buffer overflow in WebRTC https://bugzilla.redhat.com/show_bug.cgi?id=2103854 [ 11 ] Bug #2103855 - CVE-2022-2295 chromium-browser: Type Confusion in V8 https://bugzilla.redhat.com/show_bug.cgi?id=2103855 [ 12 ] Bug #2103856 - CVE-2022-2296 chromium-browser: Use after free in Chrome OS Shell https://bugzilla.redhat.com/show_bug.cgi?id=2103856

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-1d3d5a0341' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
Name : chromium
Product : Fedora 36
Version : 103.0.5060.114
Release : 1.fc36
URL : https://www.chromium.org/Home
Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.