Alerts This Week
Warning Icon 1 923
Alerts This Week
Warning Icon 1 923

Debian 12: 2023-0c12bc8454 Urgent: Firefox Vulnerability Patch

fedora
Calendar Grey November 3, 2023
Dist Fedora Esm H88
Significant enhancement for Chromium in Fedora 39 addresses multiple concerns such as memory corruption and flawed operations.
update to 118.0.5993.117

Summary

Chromium is an open-source web browser, powered by WebKit (Blink).

Update Information:

update to 118.0.5993.117. Security release for CVE-2023-5472 ---- Update to 118.0.5993.88 ---- Update to 118.0.5993.70. Include following security fixes: - CVE-2023-5218: Use after free in Site Isolation. - CVE-2023-5487: Inappropriate implementation in Fullscreen. - CVE-2023-5484: Inappropriate implementation in Navigation. - CVE-2023-5475: Inappropriate implementation in DevTools. - CVE-2023-5483: Inappropriate implementation in Intents. - CVE-2023-5481: Inappropriate implementation in Downloads. - CVE-2023-5476: Use after free in Blink History. - CVE-2023-5474: Heap buffer overflow in PDF. - CVE-2023-5479: Inappropriate implementation in Extensions API. - CVE-2023-5485: Inappropriate implementation in Autofill. - CVE-2023-5478: Inappropriate implementation in Autofill. - CVE-2023-5477: Inappropriate implementation in Installer. - CVE-2023-5486: Inappropriate implementation in Input. - CVE-2023-5473: Use after fre...

Topics%20covered

Topics Covered

security advisory fedora critical software update security fix web browser chromium

Change Log

* Wed Oct 25 2023 Than Ngo - 118.0.5993.117-1 - update to 118.0.5993.117 * Wed Oct 18 2023 Than Ngo - 118.0.5993.88-1 - update to 118.0.5993.88 - cleanup the package dependencies * Mon Oct 16 2023 Than Ngo - 118.0.5993.70-2 - fix tab crash with SIGTRAP when using system ffmpeg * Wed Oct 11 2023 Than Ngo - 118.0.5993.70-1 - update to 118.0.5993.70 - CVE-2023-5218: Use after free in Site Isolation. - CVE-2023-5487: Inappropriate implementation in Fullscreen. - CVE-2023-5484: Inappropriate implementation in Navigation. - CVE-2023-5475: Inappropriate implementation in DevTools. - CVE-2023-5483: Inappropriate implementation in Intents. - CVE-2023-5481: Inappropriate implementation in Downloads. - CVE-2023-5476: Use after free in Blink History. - CVE-2023-5474: Heap buffer overflow in PDF. - CVE-2023-5479: Inappropriate implementation in Extensions API. - CVE-2023-5485: Inappropriate implementation in Autofill. - CVE-2023-5478: Inappropriate implementation in Autofill. - CVE-2023-5477: Inappropriate implementation in Installer. - CVE-2023-5486: Inappropriate implementation in Input. - CVE-2023-5473: Use after free in Cast. * Sat Oct 7 2023 Than Ngo - 118.0.5993.54-1 - update to 118.0.5993.54 - drop use_gnome_keyring as it's removed by upstream * Thu Oct 5 2023 Than Ngo - 117.0.5938.149-1 - update to 117.0.5938.149 - fix CVE-2023-5346: Type Confusion in V8

References


[ 1 ] Bug #2242073 - CVE-2023-5346 chromium: chromium-browser: Type Confusion in V8 [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2242073 [ 2 ] Bug #2242074 - CVE-2023-5346 chromium: chromium-browser: Type Confusion in V8 [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2242074 [ 3 ] Bug #2246173 - CVE-2023-5472 chromium: chromium-browser: Use after free in Profiles [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2246173 [ 4 ] Bug #2246174 - CVE-2023-5472 chromium: chromium-browser: Use after free in Profiles [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2246174 [ 5 ] Bug #2246427 - Using this package, the only way to stay relatively current with security patches is to use the rawhide build. All other builds, including from testing, are consistently behind. https://bugzilla.redhat.com/show_bug.cgi?id=2246427

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-0b39dc9302' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html

Severity
critical
Lowest
Low
Medium
High
Critical

Name: chromium
Product: Fedora 39
Version: 118.0.5993.117
Release: 1.fc39
URL: https://www.chromium.org/Home/
Summary: A WebKit (Blink) powered web browser that Google doesn't want you to use

Topics%20covered

Topics Covered

security advisory fedora critical software update security fix web browser chromium

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here