Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Fedora 36: FEDORA-2023-c1741c9724 Critical: Chromium Type Confusion

fedora
Calendar Grey April 21, 2023
Dist Fedora Esm H88
Upgrade to Chromium 112.0.5615.121 for Fedora addresses significant vulnerabilities improving web browser security.
update to 112.0.5615.121

Summary

Chromium is an open-source web browser, powered by WebKit (Blink).

update to 112.0.5615.121. Fixes the following security issues: CVE-2023-2004

CVE-2023-2133 CVE-2023-2134 CVE-2023-2135 CVE-2023-2136 CVE-2023-2137

CVE-2023-2033

* Mon Apr 17 2023 Than Ngo - 112.0.5615.121-2

- fix vaapi issue on xwayland

- fix the build order, chrome_feed_response_metadata.pb.h file not found

- fix compiler flags and typo

* Sat Apr 15 2023 Than Ngo - 112.0.5615.121-1

- update to 112.0.5615.121

[ 1 ] Bug #2186431 - CVE-2023-2004 chromium: freetype: integer overflowin in tt_hvadvance_adjust() in src/truetype/ttgxvar.c [epel-all]

https://bugzilla.redhat.com/show_bug.cgi?id=2186431

[ 2 ] Bug #2186878 - CVE-2023-2033 chromium: chromium-browser: Type Confusion in V8 [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=2186878

[ 3 ] Bug #2186879 - CVE-2023-2033 chromium: chromium-browser: Type Confusion in V8 [epel-all]

https://bugzilla.redhat.com/show_bug.cgi?id=2186879

[ 4 ] Bug #2186982 - [chromium] GPU process crashes on AMD

https://bugzilla.redhat.com/show_bug.cgi?id=2186982

[ 5 ] Bug #2187064 - Crash in chromium

https://bugzilla.redhat.com/show_bug.cgi?id=2187064

[ 6 ] Bug #2187346 - Lost ability to apply visual effects

https://bugzilla.redhat.com/show_bug.cgi?id=2187346

[ 7 ] Bug #2187772 - Hardware acceleration for chromium is not available, even when forcing it

https://bugzilla.redhat.com/show_bug.cgi?id=2187772

[ 8 ] Bug #2187900 - CVE-2023-2133 CVE-2023-2134 CVE-2023-2135 CVE-2023-2136 CVE-2023-2137 chromium: various flaws [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=2187900

[ 9 ] Bug #2187901 - CVE-2023-2133 CVE-2023-2134 CVE-2023-2135 CVE-2023-2136 CVE-2023-2137 chromium: various flaws [epel-all]

https://bugzilla.redhat.com/show_bug.cgi?id=2187901

su -c 'dnf upgrade --advisory FEDORA-2023-c1741c9724' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Do not reply to spam, report it:

Topics%20covered

Topics Covered

security advisory critical Fedora security fix integer overflow Chromium Type Confusion

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 36
Version: 112.0.5615.121
Release: 2.fc36
URL: https://www.chromium.org/Home/
Summary: A WebKit (Blink) powered web browser that Google doesn't want you to use

Topics%20covered

Topics Covered

security advisory critical Fedora security fix integer overflow Chromium Type Confusion

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here