Alerts This Week
Warning Icon 1 631
Alerts This Week
Warning Icon 1 631

Fedora 39: FEDORA-2023-9425bb0115 High: Chromium Use After Free

fedora
Calendar Grey November 23, 2023
Dist Fedora Esm H88
Important news for Fedora 39 users: The latest Chromium release addresses significant security vulnerabilities, thereby improving overall web navigation.
update to 119.0.6045.159, upstream security release - High CVE-2023-5997, use after free in Garbage Collection - High CVE-2023-6112, use after free in Navigation ---- Fix bz#22...

Summary

Chromium is an open-source web browser, powered by WebKit (Blink).

Update Information:

update to 119.0.6045.159, upstream security release - High CVE-2023-5997, use after free in Garbage Collection - High CVE-2023-6112, use after free in Navigation ---- Fix bz#2240127, audio/video decode issue in chromium

Topics%20covered

Topics Covered

security advisory high severity Fedora security fix chromium use after free

Change Log

* Sun Nov 19 2023 Than Ngo - 119.0.6045.159-2 - fix ffmpeg conflicts * Wed Nov 15 2023 Than Ngo - 119.0.6045.159-1 - update to 119.0.6045.159, upstream security release High CVE-2023-5997, use after free in Garbage Collection High CVE-2023-6112, use after free in Navigation - add Requires/Conflicts for ABI break in fmpeg-free 6.0.1 - drop first_dts patch, reintroduce first_dts patch in ffmpeg-free-6.0.1 - fixed python3 syntaxWarning: invalid escape sequenc - skip clang's patches for epel8 that now gets clang-16 update * Mon Nov 13 2023 Than Ngo - 119.0.6045.123-2 - fixed bz#2240127, Some h.264 mp4s do not play

References


[ 1 ] Bug #2240127 - Some h.264 mp4s do not play on fedora chromium, while they do on other chromium packages (i.e. rpm build from source, flatpak) https://bugzilla.redhat.com/show_bug.cgi?id=2240127 [ 2 ] Bug #2246427 - Using this package, the only way to stay relatively current with security patches is to use the rawhide build. All other builds, including from testing, are consistently behind. https://bugzilla.redhat.com/show_bug.cgi?id=2246427 [ 3 ] Bug #2250169 - Missing security patches from 119.0.6045.159 https://bugzilla.redhat.com/show_bug.cgi?id=2250169 [ 4 ] Bug #2250775 - CVE-2023-6112 chromium: chromium-browser: Use after free in Navigation [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2250775 [ 5 ] Bug #2250777 - CVE-2023-5997 chromium: chromium-browser: use-after-free in Garbage Collection [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2250777

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-9425bb0115' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html

Name: chromium
Product: Fedora 39
Version: 119.0.6045.159
Release: 2.fc39
URL: https://www.chromium.org/Home/
Summary: A WebKit (Blink) powered web browser that Google doesn't want you to use

Topics%20covered

Topics Covered

security advisory high severity Fedora security fix chromium use after free

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here