Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Fedora 40: Update FEDORA-2024-0a4a65f805 for Chromium Critical Issues

fedora
Calendar Grey September 14, 2024
Dist Fedora Esm H88
Important security notice issued for Fedora 40 involving updates for chromium that tackle urgent vulnerabilities alongside suggested remediation steps.
update to 128.0.6613.137 * High CVE-2024-8636: Heap buffer overflow in Skia * High CVE-2024-8637: Use after free in Media Router * High CVE-2024-8638: Type Confusion in V8 * Hi...

Summary

Chromium is an open-source web browser, powered by WebKit (Blink).

Update Information:

update to 128.0.6613.137 * High CVE-2024-8636: Heap buffer overflow in Skia * High CVE-2024-8637: Use after free in Media Router * High CVE-2024-8638: Type Confusion in V8 * High CVE-2024-8639: Use after free in Autofill

Topics%20covered

Topics Covered

security advisory Fedora DoS heap overflow browser update type confusion media router

Change Log

* Wed Sep 11 2024 Than Ngo - 128.0.6613.137-1 - update to 128.0.6613.137 * High CVE-2024-8636: Heap buffer overflow in Skia * High CVE-2024-8637: Use after free in Media Router * High CVE-2024-8638: Type Confusion in V8 * High CVE-2024-8639: Use after free in Autofill

References


[ 1 ] Bug #2311182 - CVE-2024-45590 chromium: Denial of Service Vulnerability in body-parser [epel-8] https://bugzilla.redhat.com/show_bug.cgi?id=2311182 [ 2 ] Bug #2311196 - CVE-2024-45590 chromium: Denial of Service Vulnerability in body-parser [fedora-39] https://bugzilla.redhat.com/show_bug.cgi?id=2311196 [ 3 ] Bug #2311225 - CVE-2024-45590 chromium: Denial of Service Vulnerability in body-parser [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2311225 [ 4 ] Bug #2311373 - CVE-2024-43796 chromium: Improper Input Handling in Express Redirects [epel-8] https://bugzilla.redhat.com/show_bug.cgi?id=2311373 [ 5 ] Bug #2311378 - CVE-2024-43796 chromium: Improper Input Handling in Express Redirects [fedora-39] https://bugzilla.redhat.com/show_bug.cgi?id=2311378 [ 6 ] Bug #2311393 - CVE-2024-43796 chromium: Improper Input Handling in Express Redirects [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2311...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-0a4a65f805' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: chromium
Product: Fedora 40
Version: 128.0.6613.137
Release: 1.fc40
URL: http://www.chromium.org/Home
Summary: A WebKit (Blink) powered web browser that Google doesn't want you to use

Topics%20covered

Topics Covered

security advisory Fedora DoS heap overflow browser update type confusion media router

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here