Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Fedora 38: FEDORA-2023-3bfb63f6d2 Critical: Browser Heap Overflow Issues

fedora
Calendar Grey September 18, 2023
Dist Fedora Esm H88
Fedora 38 has rolled out an update for Chromium addressing several critical problems, such as heap buffer overflows and vulnerabilities associated with use-after-free scenarios.
update to 117.0.5938.62

Summary

Chromium is an open-source web browser, powered by WebKit (Blink).

Update Information:

update to 117.0.5938.62. Fixes following security issues: CVE-2023-4900 CVE-2023-4901 CVE-2023-4902 CVE-2023-4903 CVE-2023-4904 CVE-2023-4905 CVE-2023-4906 CVE-2023-4907 CVE-2023-4908 CVE-2023-4909 ---- update to 116.0.5845.187. Fixes following security issue: CVE-2023-4863 ---- update to 116.0.5845.179. Fixes following security issues: CVE-2023-4427 CVE-2023-4428 CVE-2023-4429 CVE-2023-4430 CVE-2023-4431 CVE-2023-4572 CVE-2023-4761 CVE-2023-4762 CVE-2023-4763 CVE-2023-4764

Topics%20covered

Topics Covered

security advisory Fedora heap overflow software flaws browser update chromium use after free

Change Log

* Wed Sep 13 2023 Than Ngo - 117.0.5938.62-1 - update to 117.0.5938.62 * Tue Sep 12 2023 Than Ngo - 116.0.5845.187-1 - update to 116.0.5845.187 * Fri Sep 8 2023 Than Ngo - 116.0.5845.179-1 - update to 116.0.5845.179

References


[ 1 ] Bug #2234749 - CVE-2023-4427 CVE-2023-4428 CVE-2023-4429 CVE-2023-4430 CVE-2023-4431 chromium: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2234749 [ 2 ] Bug #2234750 - CVE-2023-4427 CVE-2023-4428 CVE-2023-4429 CVE-2023-4430 CVE-2023-4431 chromium: various flaws [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2234750 [ 3 ] Bug #2235800 - CVE-2023-4572 chromium: chromium-browser: Use after free in MediaStream [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2235800 [ 4 ] Bug #2235801 - CVE-2023-4572 chromium: chromium-browser: Use after free in MediaStream [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2235801 [ 5 ] Bug #2236152 - CVE-2021-29390 chromium: libjpeg-turbo: heap-buffer-overflow vulnerability in decompress_smooth_data in jdcoefct.c [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2236152 [ 6 ] Bug #2237509 - CVE-2023-4761 CVE-2023-4762 CVE-2023-4763 C...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-3bfb63f6d2' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html

Severity
critical
Lowest
Low
Medium
High
Critical

Name: chromium
Product: Fedora 38
Version: 117.0.5938.62
Release: 1.fc38
URL: https://www.chromium.org/Home/
Summary: A WebKit (Blink) powered web browser that Google doesn't want you to use

Topics%20covered

Topics Covered

security advisory Fedora heap overflow software flaws browser update chromium use after free

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here