Login
Newsletter
Werbung
Sicherheit: Mehrere Probleme in chromium
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in chromium
ID: FEDORA-2020-08561721ad
Distribution: Fedora
Plattformen: Fedora 32
Datum: Do, 2. Juli 2020, 07:06
Referenzen: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6483
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6489
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6488
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6477
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6472
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6487
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6468
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6478
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6467
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6481
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6506
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6473
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6476
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6509
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6471
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6463
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6507
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6475
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6491
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6480
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6485
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6484
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6474
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6465
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6469
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6470
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6482
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6466
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6505
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6479
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6486
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6490
Applikationen: Chromium

Originalnachricht

 
-------------------------------------------------------------------------------
-
Fedora Update Notification
FEDORA-2020-08561721ad
2020-07-02 01:11:03.368832
-------------------------------------------------------------------------------
-

Name        : chromium
Product     : Fedora 32
Version     : 83.0.4103.116
Release     : 3.fc32
URL         : http://www.chromium.org/Home
Summary     : A WebKit (Blink) powered web browser
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).

-------------------------------------------------------------------------------
-
Update Information:

Update to 83.0.4103.116. Fixes CVE-2020-6509.  ----  Black Lives Matter. Saying
this does not mean that other lives do not matter. It should not be
controversial to say this. If I say Chromium updates matter, it does not mean
that other Fedora packages do not matter, it means that a Chromium update is
needed to fix this giant pile of severe security vulnerabilities, here, today,
now:  CVE-2020-6463 CVE-2020-6465 CVE-2020-6466 CVE-2020-6467 CVE-2020-6468
CVE-2020-6469 CVE-2020-6470 CVE-2020-6471 CVE-2020-6472 CVE-2020-6473
CVE-2020-6474 CVE-2020-6475 CVE-2020-6476 CVE-2020-6478 CVE-2020-6479
CVE-2020-6480 CVE-2020-6481 CVE-2020-6482 CVE-2020-6483 CVE-2020-6484
CVE-2020-6485 CVE-2020-6486 CVE-2020-6487 CVE-2020-6488 CVE-2020-6489
CVE-2020-6490 CVE-2020-6491 CVE-2020-6505 CVE-2020-6506 CVE-2020-6507  In
 making
that analogy, I do not intend to trivialize BLM. In no way do I mean to compare
the lives of people to a silly web browser update. People are infinitely
important than software.  But since I'm here to push this software update
 out, I
am also choosing to say clearly and unambiguously that Black Lives Matter.
Open Source proves that many voices, many contributions, together can change
 the
world. It depends on it. This is my voice.
-------------------------------------------------------------------------------
-
ChangeLog:

* Sat Jun 27 2020 Tom Callaway <spot@fedoraproject.org> - 83.0.4103.116-3
- only set ozone on headless
- enable use_kerberos
* Tue Jun 23 2020 Tom Callaway <spot@fedoraproject.org> - 83.0.4103.116-2
- do not force ozone into x11
* Tue Jun 23 2020 Tom Callaway <spot@fedoraproject.org> - 83.0.4103.116-1
- update to 83.0.4103.116
* Thu Jun 18 2020 Tom Callaway <spot@fedoraproject.org> - 83.0.4103.106-1
- update to 83.0.4103.106
- remove duplicate ServiceWorker fix
- add fix to work around gcc bug on aarch64
- disable python byte compiling (we do not need it)
* Tue Jun 16 2020 Tom Callaway <spot@fedoraproject.org> - 83.0.4103.97-5
- add ServiceWorker fix
* Mon Jun 15 2020 Tom Callaway <spot@fedoraproject.org> - 83.0.4103.97-4
- use old cups handling on epel7
- fix skia attribute overrides with gcc
* Wed Jun 10 2020 Tom Callaway <spot@fedoraproject.org> - 83.0.4103.97-3
- fix issue on epel7 where linux/kcmp.h does not exist
* Mon Jun  8 2020 Tom Callaway <spot@fedoraproject.org> - 83.0.4103.97-2
- more fixes from gentoo
* Sun Jun  7 2020 Tom Callaway <spot@fedoraproject.org> - 83.0.4103.97-1
- update to 83.0.4103.97
* Tue Jun  2 2020 Tom Callaway <spot@fedoraproject.org> - 83.0.4103.61-1
- update to 83.0.4103.61
- conditionalize and disable remoting
-------------------------------------------------------------------------------
-
References:

  [ 1 ] Bug #1837877 - CVE-2020-6465 chromium-browser: Use after free in reader
 mode
        https://bugzilla.redhat.com/show_bug.cgi?id=1837877
  [ 2 ] Bug #1837878 - CVE-2020-6466 chromium-browser: Use after free in media
        https://bugzilla.redhat.com/show_bug.cgi?id=1837878
  [ 3 ] Bug #1837879 - CVE-2020-6467 chromium-browser: Use after free in WebRTC
        https://bugzilla.redhat.com/show_bug.cgi?id=1837879
  [ 4 ] Bug #1837880 - CVE-2020-6468 chromium-browser: Type Confusion in V8
        https://bugzilla.redhat.com/show_bug.cgi?id=1837880
  [ 5 ] Bug #1837882 - CVE-2020-6470 chromium-browser: Insufficient validation
 of untrusted input in clipboard
        https://bugzilla.redhat.com/show_bug.cgi?id=1837882
  [ 6 ] Bug #1837883 - CVE-2020-6471 chromium-browser: Insufficient policy
 enforcement in developer tools
        https://bugzilla.redhat.com/show_bug.cgi?id=1837883
  [ 7 ] Bug #1837884 - CVE-2020-6472 chromium-browser: Insufficient policy
 enforcement in developer tools
        https://bugzilla.redhat.com/show_bug.cgi?id=1837884
  [ 8 ] Bug #1837885 - CVE-2020-6473 chromium-browser: Insufficient policy
 enforcement in Blink
        https://bugzilla.redhat.com/show_bug.cgi?id=1837885
  [ 9 ] Bug #1837886 - CVE-2020-6474 chromium-browser: Use after free in Blink
        https://bugzilla.redhat.com/show_bug.cgi?id=1837886
  [ 10 ] Bug #1837887 - CVE-2020-6475 chromium-browser: Incorrect security UI
 in full screen
        https://bugzilla.redhat.com/show_bug.cgi?id=1837887
  [ 11 ] Bug #1837888 - CVE-2020-6477 chromium-browser: Inappropriate
 implementation in installer
        https://bugzilla.redhat.com/show_bug.cgi?id=1837888
  [ 12 ] Bug #1837889 - CVE-2020-6478 chromium-browser: Inappropriate
 implementation in full screen
        https://bugzilla.redhat.com/show_bug.cgi?id=1837889
  [ 13 ] Bug #1837890 - CVE-2020-6480 chromium-browser: Insufficient policy
 enforcement in enterprise
        https://bugzilla.redhat.com/show_bug.cgi?id=1837890
  [ 14 ] Bug #1837891 - CVE-2020-6481 chromium-browser: Insufficient policy
 enforcement in URL formatting
        https://bugzilla.redhat.com/show_bug.cgi?id=1837891
  [ 15 ] Bug #1837892 - CVE-2020-6482 chromium-browser: Insufficient policy
 enforcement in developer tools
        https://bugzilla.redhat.com/show_bug.cgi?id=1837892
  [ 16 ] Bug #1837893 - CVE-2020-6483 chromium-browser: Insufficient policy
 enforcement in payments
        https://bugzilla.redhat.com/show_bug.cgi?id=1837893
  [ 17 ] Bug #1837894 - CVE-2020-6484 chromium-browser: Insufficient data
 validation in ChromeDriver
        https://bugzilla.redhat.com/show_bug.cgi?id=1837894
  [ 18 ] Bug #1837896 - CVE-2020-6485 chromium-browser: Insufficient data
 validation in media router
        https://bugzilla.redhat.com/show_bug.cgi?id=1837896
  [ 19 ] Bug #1837897 - CVE-2020-6486 chromium-browser: Insufficient policy
 enforcement in navigations
        https://bugzilla.redhat.com/show_bug.cgi?id=1837897
  [ 20 ] Bug #1837898 - CVE-2020-6487 chromium-browser: Insufficient policy
 enforcement in downloads
        https://bugzilla.redhat.com/show_bug.cgi?id=1837898
  [ 21 ] Bug #1837899 - CVE-2020-6488 chromium-browser: Insufficient policy
 enforcement in downloads
        https://bugzilla.redhat.com/show_bug.cgi?id=1837899
  [ 22 ] Bug #1837900 - CVE-2020-6489 chromium-browser: Inappropriate
 implementation in developer tools
        https://bugzilla.redhat.com/show_bug.cgi?id=1837900
  [ 23 ] Bug #1837901 - CVE-2020-6490 chromium-browser: Insufficient data
 validation in loader
        https://bugzilla.redhat.com/show_bug.cgi?id=1837901
  [ 24 ] Bug #1837902 - CVE-2020-6491 chromium-browser: Incorrect security UI
 in site information
        https://bugzilla.redhat.com/show_bug.cgi?id=1837902
  [ 25 ] Bug #1837907 - CVE-2020-6469 chromium-browser: Insufficient policy
 enforcement in developer tools
        https://bugzilla.redhat.com/show_bug.cgi?id=1837907
  [ 26 ] Bug #1837912 - CVE-2020-6476 chromium-browser: Insufficient policy
 enforcement in tab strip
        https://bugzilla.redhat.com/show_bug.cgi?id=1837912
  [ 27 ] Bug #1837927 - CVE-2020-6479 chromium-browser: Inappropriate
 implementation in sharing
        https://bugzilla.redhat.com/show_bug.cgi?id=1837927
  [ 28 ] Bug #1847268 - CVE-2020-6505 chromium-browser: Use after free in
 speech
        https://bugzilla.redhat.com/show_bug.cgi?id=1847268
  [ 29 ] Bug #1847269 - CVE-2020-6506 chromium-browser: Insufficient policy
 enforcement in WebView
        https://bugzilla.redhat.com/show_bug.cgi?id=1847269
  [ 30 ] Bug #1847270 - CVE-2020-6507 chromium-browser: Out of bounds write in
 V8
        https://bugzilla.redhat.com/show_bug.cgi?id=1847270
  [ 31 ] Bug #1849947 - CVE-2020-6509 chromium-browser: Use after free in
 extensions
        https://bugzilla.redhat.com/show_bug.cgi?id=1849947
-------------------------------------------------------------------------------
-

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2020-08561721ad' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung