Login
Newsletter
Werbung

Sicherheit: Mehrere Probleme in chromium
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in chromium
ID: FEDORA-2020-da49fbb17c
Distribution: Fedora
Plattformen: Fedora 31
Datum: So, 17. Mai 2020, 08:02
Referenzen: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6459
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6433
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6448
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6457
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6456
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6431
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6462
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6454
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6445
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6460
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6458
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6461
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6437
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6438
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6435
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6423
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6440
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6434
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6443
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6436
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6464
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6444
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6439
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6442
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6447
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6441
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6430
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6446
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6432
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6455
Applikationen: Chromium

Originalnachricht

-------------------------------------------------------------------------------
-
Fedora Update Notification
FEDORA-2020-da49fbb17c
2020-05-17 03:48:03.467101
-------------------------------------------------------------------------------
-

Name : chromium
Product : Fedora 31
Version : 81.0.4044.138
Release : 1.fc31
URL : http://www.chromium.org/Home
Summary : A WebKit (Blink) powered web browser
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).

-------------------------------------------------------------------------------
-
Update Information:

Are you ready, kids? I said, are you ready? Whoooooo has another update for
you
to see? Google Chromium! For browsing and tweeting (but not FTP) Google
Chromium! If improved security be something you wish Google Chromium! Then run
dnf while you flop like a fish! Google Chromium! Google Chromium! Google
Chromium! Google Chromium! Ahem. Sorry*. This update fixes the following
security vulnerabilities: * CVE-2020-6464 * CVE-2020-6461 * CVE-2020-6462
*Not sorry ---- Another day, another chromium update. This one fixes:
CVE-2020-6458 CVE-2020-6459 CVE-2020-6460 ---- Fix dependency issue
introduced
when switching from a "shared" build to a "static" build. ----
A new major
version of Chromium without any security bugs! Just kidding. Here's the CVE
list: CVE-2020-6454 CVE-2020-6423 CVE-2020-6455 CVE-2020-6430 CVE-2020-6456
CVE-2020-6431 CVE-2020-6433 CVE-2020-6434 CVE-2020-6435 CVE-2020-6436
CVE-2020-6437 CVE-2020-6438 CVE-2020-6439 CVE-2020-6440 CVE-2020-6441
CVE-2020-6442 CVE-2020-6443 CVE-2020-6444 CVE-2020-6445 CVE-2020-6446
CVE-2020-6447 CVE-2020-6448 CVE-2020-6432 CVE-2020-6457 Oh, and this build
switches over to a static build, so the chromium-libs and chromium-libs-media
subpackages are now obsolete, but it should be slightly better for performance.
-------------------------------------------------------------------------------
-
ChangeLog:

* Thu May 7 2020 Tom Callaway <spot@fedoraproject.org> - 81.0.4044.138-1
- update to 81.0.4044.138
* Tue May 5 2020 Tom Callaway <spot@fedoraproject.org> - 81.0.4044.129-1
- update to 81.0.4044.129
* Thu Apr 23 2020 Tom Callaway <spot@fedoraproject.org> - 81.0.4044.122-1
- update to 81.0.4044.122
* Tue Apr 21 2020 Tom Callaway <spot@fedoraproject.org> - 81.0.4044.113-2
- add explicit Requires: chromium-common
* Thu Apr 16 2020 Tom Callaway <spot@fedoraproject.org> - 81.0.4044.113-1
- update to 81.0.4044.113
* Mon Apr 13 2020 Tom Callaway <spot@fedoraproject.org> - 81.0.4044.92-1
- update to 81.0.4044.92
- squelch the selinux output in the post scriptlet
- add Provides/Obsoletes in case we're build with shared set to 0
- add ulimit -n 4096 (needed for static builds, probably not harmful for shared
builds either)
- do static build
-------------------------------------------------------------------------------
-
References:

[ 1 ] Bug #1822604 - CVE-2020-6454 chromium-browser: Use after free in
extensions
https://bugzilla.redhat.com/show_bug.cgi?id=1822604
[ 2 ] Bug #1822605 - CVE-2020-6423 chromium-browser: Use after free in audio
https://bugzilla.redhat.com/show_bug.cgi?id=1822605
[ 3 ] Bug #1822606 - CVE-2020-6455 chromium-browser: Out of bounds read in
WebSQL
https://bugzilla.redhat.com/show_bug.cgi?id=1822606
[ 4 ] Bug #1822607 - CVE-2020-6430 chromium-browser: Type Confusion in V8
https://bugzilla.redhat.com/show_bug.cgi?id=1822607
[ 5 ] Bug #1822608 - CVE-2020-6456 chromium-browser: Insufficient validation
of untrusted input in clipboard
https://bugzilla.redhat.com/show_bug.cgi?id=1822608
[ 6 ] Bug #1822609 - CVE-2020-6431 chromium-browser: Insufficient policy
enforcement in full screen
https://bugzilla.redhat.com/show_bug.cgi?id=1822609
[ 7 ] Bug #1822610 - CVE-2020-6433 chromium-browser: Insufficient policy
enforcement in extensions
https://bugzilla.redhat.com/show_bug.cgi?id=1822610
[ 8 ] Bug #1822611 - CVE-2020-6434 chromium-browser: Use after free in
devtools
https://bugzilla.redhat.com/show_bug.cgi?id=1822611
[ 9 ] Bug #1822612 - CVE-2020-6435 chromium-browser: Insufficient policy
enforcement in extensions
https://bugzilla.redhat.com/show_bug.cgi?id=1822612
[ 10 ] Bug #1822613 - CVE-2020-6436 chromium-browser: Use after free in
window management
https://bugzilla.redhat.com/show_bug.cgi?id=1822613
[ 11 ] Bug #1822614 - CVE-2020-6437 chromium-browser: Inappropriate
implementation in WebView
https://bugzilla.redhat.com/show_bug.cgi?id=1822614
[ 12 ] Bug #1822615 - CVE-2020-6438 chromium-browser: Insufficient policy
enforcement in extensions
https://bugzilla.redhat.com/show_bug.cgi?id=1822615
[ 13 ] Bug #1822616 - CVE-2020-6439 chromium-browser: Insufficient policy
enforcement in navigations
https://bugzilla.redhat.com/show_bug.cgi?id=1822616
[ 14 ] Bug #1822617 - CVE-2020-6440 chromium-browser: Inappropriate
implementation in extensions
https://bugzilla.redhat.com/show_bug.cgi?id=1822617
[ 15 ] Bug #1822618 - CVE-2020-6441 chromium-browser: Insufficient policy
enforcement in omnibox
https://bugzilla.redhat.com/show_bug.cgi?id=1822618
[ 16 ] Bug #1822619 - CVE-2020-6442 chromium-browser: Inappropriate
implementation in cache
https://bugzilla.redhat.com/show_bug.cgi?id=1822619
[ 17 ] Bug #1822620 - CVE-2020-6443 chromium-browser: Insufficient data
validation in developer tools
https://bugzilla.redhat.com/show_bug.cgi?id=1822620
[ 18 ] Bug #1822621 - CVE-2020-6444 chromium-browser: Uninitialized use in
WebRTC
https://bugzilla.redhat.com/show_bug.cgi?id=1822621
[ 19 ] Bug #1822622 - CVE-2020-6445 chromium-browser: Insufficient policy
enforcement in trusted types
https://bugzilla.redhat.com/show_bug.cgi?id=1822622
[ 20 ] Bug #1822623 - CVE-2020-6446 chromium-browser: Insufficient policy
enforcement in trusted types
https://bugzilla.redhat.com/show_bug.cgi?id=1822623
[ 21 ] Bug #1822624 - CVE-2020-6447 chromium-browser: Inappropriate
implementation in developer tools
https://bugzilla.redhat.com/show_bug.cgi?id=1822624
[ 22 ] Bug #1822625 - CVE-2020-6448 chromium-browser: Use after free in V8
https://bugzilla.redhat.com/show_bug.cgi?id=1822625
[ 23 ] Bug #1824949 - CVE-2020-6457 chromium-browser: Use after free in
speech recognizer
https://bugzilla.redhat.com/show_bug.cgi?id=1824949
[ 24 ] Bug #1827379 - CVE-2020-6459 chromium-browser: Use after free in
payments
https://bugzilla.redhat.com/show_bug.cgi?id=1827379
[ 25 ] Bug #1827380 - CVE-2020-6460 chromium-browser: Insufficient data
validation in URL formatting
https://bugzilla.redhat.com/show_bug.cgi?id=1827380
[ 26 ] Bug #1827381 - CVE-2020-6458 chromium-browser: Out of bounds read and
write in PDFium
https://bugzilla.redhat.com/show_bug.cgi?id=1827381
[ 27 ] Bug #1828859 - CVE-2020-6462 chromium-browser: Use after free in task
scheduling
https://bugzilla.redhat.com/show_bug.cgi?id=1828859
[ 28 ] Bug #1828860 - CVE-2020-6461 chromium-browser: Use after free in
storage
https://bugzilla.redhat.com/show_bug.cgi?id=1828860
[ 29 ] Bug #1832488 - CVE-2020-6464 chromium-browser: Type Confusion in Blink
https://bugzilla.redhat.com/show_bug.cgi?id=1832488
-------------------------------------------------------------------------------
-

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2020-da49fbb17c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung