You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa chromium

Sigurnosni nedostaci programskog paketa chromium

——————————————————————————–
Fedora Update Notification
FEDORA-2016-d61c4f72da
2016-10-16 18:48:32.066652
——————————————————————————–

Name : chromium
Product : Fedora 24
Version : 53.0.2785.143
Release : 1.fc24
URL : http://www.chromium.org/Home
Summary : A WebKit (Blink) powered web browser
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).

——————————————————————————–
Update Information:

Security fix for CVE-2016-5177, CVE-2016-5178
https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-
desktop_29.html
——————————————————————————–
References:

[ 1 ] Bug #1380632 – CVE-2016-5178 chromium-browser: various fixes from internal audits
https://bugzilla.redhat.com/show_bug.cgi?id=1380632
[ 2 ] Bug #1380631 – CVE-2016-5177 chromium-browser: use after free in v8
https://bugzilla.redhat.com/show_bug.cgi?id=1380631
——————————————————————————–

This update can be installed with the “yum” update program. Use
su -c ‘yum update chromium’ at the command line.
For more information, refer to “Managing Software with yum”,
available at https://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list — package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

——————————————————————————–
Fedora Update Notification
FEDORA-2016-2e50862950
2016-10-12 18:56:55.304630
——————————————————————————–

Name : chromium
Product : Fedora 23
Version : 53.0.2785.143
Release : 1.fc23
URL : http://www.chromium.org/Home
Summary : A WebKit (Blink) powered web browser
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).

——————————————————————————–
Update Information:

Security fix for CVE-2016-5177, CVE-2016-5178
https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-
desktop_29.html —- Update to 53.0.2785.116. https://chromium.googlesource.c
om/chromium/src/+log/53.0.2785.113..53.0.2785.116?pretty=fuller&n=10000 —-
Update to 53.0.2785.113 Security fix for CVE-2016-5170, CVE-2016-5171,
CVE-2016-5172, CVE-2016-5173, CVE-2016-5174, CVE-2016-5175 —- Stable update
to 53.0.2785.101. Security fix for CVE-2016-5147, CVE-2016-5148, CVE-2016-5149,
CVE-2016-5150, CVE-2016-5151, CVE-2016-5152, CVE-2016-5153, CVE-2016-5154,
CVE-2016-5155, CVE-2016-5156, CVE-2016-5157, CVE-2016-5158, CVE-2016-5159,
CVE-2016-5161, CVE-2016-5162, CVE-2016-5163, CVE-2016-5164, CVE-2016-5165,
CVE-2016-5166, CVE-2016-5160, CVE-2016-5167 Also applies fix for chrome-remote-
desktop where HOME env variable was not properly set via systemd service.
——————————————————————————–
References:

[ 1 ] Bug #1380632 – CVE-2016-5178 chromium-browser: various fixes from internal audits
https://bugzilla.redhat.com/show_bug.cgi?id=1380632
[ 2 ] Bug #1380631 – CVE-2016-5177 chromium-browser: use after free in v8
https://bugzilla.redhat.com/show_bug.cgi?id=1380631
[ 3 ] Bug #1375868 – CVE-2016-5175 chromium-browser: various fixes from internal audits
https://bugzilla.redhat.com/show_bug.cgi?id=1375868
[ 4 ] Bug #1375867 – CVE-2016-5174 chromium-browser: popup not correctly suppressed
https://bugzilla.redhat.com/show_bug.cgi?id=1375867
[ 5 ] Bug #1375866 – CVE-2016-5173 chromium-browser: extension resource access
https://bugzilla.redhat.com/show_bug.cgi?id=1375866
[ 6 ] Bug #1375865 – CVE-2016-5172 chromium-browser: arbitrary memory read in v8
https://bugzilla.redhat.com/show_bug.cgi?id=1375865
[ 7 ] Bug #1375864 – CVE-2016-5171 chromium-browser: use after free in blink
https://bugzilla.redhat.com/show_bug.cgi?id=1375864
[ 8 ] Bug #1375863 – CVE-2016-5170 chromium-browser: use after free in blink
https://bugzilla.redhat.com/show_bug.cgi?id=1375863
[ 9 ] Bug #1372229 – CVE-2016-5167 chromium-browser: various fixes from internal audits
https://bugzilla.redhat.com/show_bug.cgi?id=1372229
[ 10 ] Bug #1372228 – CVE-2016-5160 chromium-browser: extensions web accessible resources bypass
https://bugzilla.redhat.com/show_bug.cgi?id=1372228
[ 11 ] Bug #1372227 – CVE-2016-5166 chromium-browser: smb relay attack via save page as
https://bugzilla.redhat.com/show_bug.cgi?id=1372227
[ 12 ] Bug #1372225 – CVE-2016-5165 chromium-browser: script injection in devtools
https://bugzilla.redhat.com/show_bug.cgi?id=1372225
[ 13 ] Bug #1372224 – CVE-2016-5164 chromium-browser: universal xss using devtools
https://bugzilla.redhat.com/show_bug.cgi?id=1372224
[ 14 ] Bug #1372223 – CVE-2016-5163 chromium-browser: address bar spoofing
https://bugzilla.redhat.com/show_bug.cgi?id=1372223
[ 15 ] Bug #1372222 – CVE-2016-5162 chromium-browser: extensions web accessible resources bypass
https://bugzilla.redhat.com/show_bug.cgi?id=1372222
[ 16 ] Bug #1372221 – CVE-2016-5161 chromium-browser: type confusion in blink
https://bugzilla.redhat.com/show_bug.cgi?id=1372221
[ 17 ] Bug #1372220 – CVE-2016-5159 chromium-browser: heap overflow in pdfium
https://bugzilla.redhat.com/show_bug.cgi?id=1372220
[ 18 ] Bug #1372219 – CVE-2016-5158 chromium-browser: heap overflow in pdfium
https://bugzilla.redhat.com/show_bug.cgi?id=1372219
[ 19 ] Bug #1372218 – CVE-2016-5157 chromium-browser: heap overflow in pdfium
https://bugzilla.redhat.com/show_bug.cgi?id=1372218
[ 20 ] Bug #1372217 – CVE-2016-5156 chromium-browser: use after free in event bindings
https://bugzilla.redhat.com/show_bug.cgi?id=1372217
[ 21 ] Bug #1372216 – CVE-2016-5155 chromium-browser: address bar spoofing
https://bugzilla.redhat.com/show_bug.cgi?id=1372216
[ 22 ] Bug #1372215 – CVE-2016-5154 chromium-browser: heap overflow in pdfium
https://bugzilla.redhat.com/show_bug.cgi?id=1372215
[ 23 ] Bug #1372214 – CVE-2016-5153 chromium-browser: use after destruction in blink
https://bugzilla.redhat.com/show_bug.cgi?id=1372214
[ 24 ] Bug #1372213 – CVE-2016-5152 chromium-browser: heap overflow in pdfium
https://bugzilla.redhat.com/show_bug.cgi?id=1372213
[ 25 ] Bug #1372212 – CVE-2016-5151 chromium-browser: use after free in pdfium
https://bugzilla.redhat.com/show_bug.cgi?id=1372212
[ 26 ] Bug #1372210 – CVE-2016-5150 chromium-browser: use after free in blink
https://bugzilla.redhat.com/show_bug.cgi?id=1372210
[ 27 ] Bug #1372209 – CVE-2016-5149 chromium-browser: script injection in extensions
https://bugzilla.redhat.com/show_bug.cgi?id=1372209
[ 28 ] Bug #1372208 – CVE-2016-5148 chromium-browser: universal xss in blink
https://bugzilla.redhat.com/show_bug.cgi?id=1372208
[ 29 ] Bug #1372207 – CVE-2016-5147 chromium-browser: universal xss in blink
https://bugzilla.redhat.com/show_bug.cgi?id=1372207
——————————————————————————–

This update can be installed with the “yum” update program. Use
su -c ‘yum update chromium’ at the command line.
For more information, refer to “Managing Software with yum”,
available at https://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list — package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Top
More in Preporuke
Sigurnosni nedostatak programskog paketa dbus

Otkriven je sigurnosni nedostatak u programskom paketu dbus za Fedoru. Otkriveni nedostatak uzrokovan je neodgovarajćom obradom unesenih parametara unutar dbus-daemon,...

Close