Login
Newsletter
Werbung

Sicherheit: Mehrere Probleme in chromium
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in chromium
ID: FEDORA-2020-0e7f1b663b
Distribution: Fedora
Plattformen: Fedora 30
Datum: So, 3. Mai 2020, 09:13
Referenzen: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6431
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6438
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6437
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6440
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6432
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6423
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6430
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6458
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6433
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6436
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6446
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6456
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6442
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6434
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6455
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6444
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6441
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6460
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6439
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6459
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6445
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6435
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6443
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6448
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6457
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6454
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6447
Applikationen: Chromium

Originalnachricht

-------------------------------------------------------------------------------
-
Fedora Update Notification
FEDORA-2020-0e7f1b663b
2020-05-03 04:40:20.140369
-------------------------------------------------------------------------------
-

Name : chromium
Product : Fedora 30
Version : 81.0.4044.122
Release : 1.fc30
URL : http://www.chromium.org/Home
Summary : A WebKit (Blink) powered web browser
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).

-------------------------------------------------------------------------------
-
Update Information:

Another day, another chromium update. This one fixes: CVE-2020-6458
CVE-2020-6459 CVE-2020-6460 ---- Fix dependency issue introduced when
switching from a "shared" build to a "static" build. ---- A
new major version
of Chromium without any security bugs! Just kidding. Here's the CVE list:
CVE-2020-6454 CVE-2020-6423 CVE-2020-6455 CVE-2020-6430 CVE-2020-6456
CVE-2020-6431 CVE-2020-6433 CVE-2020-6434 CVE-2020-6435 CVE-2020-6436
CVE-2020-6437 CVE-2020-6438 CVE-2020-6439 CVE-2020-6440 CVE-2020-6441
CVE-2020-6442 CVE-2020-6443 CVE-2020-6444 CVE-2020-6445 CVE-2020-6446
CVE-2020-6447 CVE-2020-6448 CVE-2020-6432 CVE-2020-6457 Oh, and this build
switches over to a static build, so the chromium-libs and chromium-libs-media
subpackages are now obsolete, but it should be slightly better for performance.
-------------------------------------------------------------------------------
-
ChangeLog:

* Thu Apr 23 2020 Tom Callaway <spot@fedoraproject.org> - 81.0.4044.122-1
- update to 81.0.4044.122
* Tue Apr 21 2020 Tom Callaway <spot@fedoraproject.org> - 81.0.4044.113-2
- add explicit Requires: chromium-common
* Thu Apr 16 2020 Tom Callaway <spot@fedoraproject.org> - 81.0.4044.113-1
- update to 81.0.4044.113
* Mon Apr 13 2020 Tom Callaway <spot@fedoraproject.org> - 81.0.4044.92-1
- update to 81.0.4044.92
- squelch the selinux output in the post scriptlet
- add Provides/Obsoletes in case we're build with shared set to 0
- add ulimit -n 4096 (needed for static builds, probably not harmful for shared
builds either)
- do static build
-------------------------------------------------------------------------------
-
References:

[ 1 ] Bug #1822604 - CVE-2020-6454 chromium-browser: Use after free in
extensions
https://bugzilla.redhat.com/show_bug.cgi?id=1822604
[ 2 ] Bug #1822605 - CVE-2020-6423 chromium-browser: Use after free in audio
https://bugzilla.redhat.com/show_bug.cgi?id=1822605
[ 3 ] Bug #1822606 - CVE-2020-6455 chromium-browser: Out of bounds read in
WebSQL
https://bugzilla.redhat.com/show_bug.cgi?id=1822606
[ 4 ] Bug #1822607 - CVE-2020-6430 chromium-browser: Type Confusion in V8
https://bugzilla.redhat.com/show_bug.cgi?id=1822607
[ 5 ] Bug #1822608 - CVE-2020-6456 chromium-browser: Insufficient validation
of untrusted input in clipboard
https://bugzilla.redhat.com/show_bug.cgi?id=1822608
[ 6 ] Bug #1822609 - CVE-2020-6431 chromium-browser: Insufficient policy
enforcement in full screen
https://bugzilla.redhat.com/show_bug.cgi?id=1822609
[ 7 ] Bug #1822610 - CVE-2020-6433 chromium-browser: Insufficient policy
enforcement in extensions
https://bugzilla.redhat.com/show_bug.cgi?id=1822610
[ 8 ] Bug #1822611 - CVE-2020-6434 chromium-browser: Use after free in
devtools
https://bugzilla.redhat.com/show_bug.cgi?id=1822611
[ 9 ] Bug #1822612 - CVE-2020-6435 chromium-browser: Insufficient policy
enforcement in extensions
https://bugzilla.redhat.com/show_bug.cgi?id=1822612
[ 10 ] Bug #1822613 - CVE-2020-6436 chromium-browser: Use after free in
window management
https://bugzilla.redhat.com/show_bug.cgi?id=1822613
[ 11 ] Bug #1822614 - CVE-2020-6437 chromium-browser: Inappropriate
implementation in WebView
https://bugzilla.redhat.com/show_bug.cgi?id=1822614
[ 12 ] Bug #1822615 - CVE-2020-6438 chromium-browser: Insufficient policy
enforcement in extensions
https://bugzilla.redhat.com/show_bug.cgi?id=1822615
[ 13 ] Bug #1822616 - CVE-2020-6439 chromium-browser: Insufficient policy
enforcement in navigations
https://bugzilla.redhat.com/show_bug.cgi?id=1822616
[ 14 ] Bug #1822617 - CVE-2020-6440 chromium-browser: Inappropriate
implementation in extensions
https://bugzilla.redhat.com/show_bug.cgi?id=1822617
[ 15 ] Bug #1822618 - CVE-2020-6441 chromium-browser: Insufficient policy
enforcement in omnibox
https://bugzilla.redhat.com/show_bug.cgi?id=1822618
[ 16 ] Bug #1822619 - CVE-2020-6442 chromium-browser: Inappropriate
implementation in cache
https://bugzilla.redhat.com/show_bug.cgi?id=1822619
[ 17 ] Bug #1822620 - CVE-2020-6443 chromium-browser: Insufficient data
validation in developer tools
https://bugzilla.redhat.com/show_bug.cgi?id=1822620
[ 18 ] Bug #1822621 - CVE-2020-6444 chromium-browser: Uninitialized use in
WebRTC
https://bugzilla.redhat.com/show_bug.cgi?id=1822621
[ 19 ] Bug #1822622 - CVE-2020-6445 chromium-browser: Insufficient policy
enforcement in trusted types
https://bugzilla.redhat.com/show_bug.cgi?id=1822622
[ 20 ] Bug #1822623 - CVE-2020-6446 chromium-browser: Insufficient policy
enforcement in trusted types
https://bugzilla.redhat.com/show_bug.cgi?id=1822623
[ 21 ] Bug #1822624 - CVE-2020-6447 chromium-browser: Inappropriate
implementation in developer tools
https://bugzilla.redhat.com/show_bug.cgi?id=1822624
[ 22 ] Bug #1822625 - CVE-2020-6448 chromium-browser: Use after free in V8
https://bugzilla.redhat.com/show_bug.cgi?id=1822625
[ 23 ] Bug #1824949 - CVE-2020-6457 chromium-browser: Use after free in
speech recognizer
https://bugzilla.redhat.com/show_bug.cgi?id=1824949
[ 24 ] Bug #1827379 - CVE-2020-6459 chromium-browser: Use after free in
payments
https://bugzilla.redhat.com/show_bug.cgi?id=1827379
[ 25 ] Bug #1827380 - CVE-2020-6460 chromium-browser: Insufficient data
validation in URL formatting
https://bugzilla.redhat.com/show_bug.cgi?id=1827380
[ 26 ] Bug #1827381 - CVE-2020-6458 chromium-browser: Out of bounds read and
write in PDFium
https://bugzilla.redhat.com/show_bug.cgi?id=1827381
-------------------------------------------------------------------------------
-

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2020-0e7f1b663b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung