You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa chromium

Sigurnosni nedostaci programskog paketa chromium

——————————————————————————–
Fedora Update Notification
FEDORA-2020-4355ea258e
2020-01-19 01:00:16.266048
——————————————————————————–

Name : chromium
Product : Fedora 30
Version : 79.0.3945.117
Release : 1.fc30
URL : http://www.chromium.org/Home
Summary : A WebKit (Blink) powered web browser
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).

——————————————————————————–
Update Information:

Update to 79.0.3945.117. Fixes CVE-2020-6377. —- Security fix for
CVE-2019-13767. —- Update to Chromium 79. Fixes the usual giant pile of bugs
and security issues. This time, the list is: CVE-2019-13725 CVE-2019-13726
CVE-2019-13727 CVE-2019-13728 CVE-2019-13729 CVE-2019-13730 CVE-2019-13732
CVE-2019-13734 CVE-2019-13735 CVE-2019-13764 CVE-2019-13736 CVE-2019-13737
CVE-2019-13738 CVE-2019-13739 CVE-2019-13740 CVE-2019-13741 CVE-2019-13742
CVE-2019-13743 CVE-2019-13744 CVE-2019-13745 CVE-2019-13746 CVE-2019-13747
CVE-2019-13748 CVE-2019-13749 CVE-2019-13750 CVE-2019-13751 CVE-2019-13752
CVE-2019-13753 CVE-2019-13754 CVE-2019-13755 CVE-2019-13756 CVE-2019-13757
CVE-2019-13758 CVE-2019-13759 CVE-2019-13761 CVE-2019-13762 CVE-2019-13763
——————————————————————————–
ChangeLog:

* Thu Jan 9 2020 Tom Callaway <spot@fedoraproject.org> – 79.0.3945.117-1
– update to 79.0.3945.117
* Tue Dec 17 2019 Tom Callaway <spot@fedoraproject.org> – 79.0.3945.88-1
– update to 79.0.3945.88
* Tue Dec 10 2019 Tom Callaway <spot@fedoraproject.org> – 79.0.3945.79-1
– update to 79.0.3945.79
* Wed Dec 4 2019 Tom Callaway <spot@fedoraproject.org> – 79.0.3945.56-2
– fix lib provides filtering
* Tue Dec 3 2019 Tom Callaway <spot@fedoraproject.org> – 79.0.3945.56-1
– update to current beta (rawhide only)
– switch to upstream patch for clock_nanosleep fix
* Mon Nov 25 2019 Tom Callaway <spot@fedoraproject.org> – 78.0.3904.108-1
– update to 78.0.3904.108
* Sun Nov 17 2019 Tom Callaway <spot@fedoraproject.org> – 78.0.3904.97-2
– allow clock_nanosleep through seccomp (bz #1773289)
* Thu Nov 7 2019 Tom Callaway <spot@fedoraproject.org> – 78.0.3904.97-1
– update to 78.0.3904.97
* Fri Nov 1 2019 Tom Callaway <spot@fedoraproject.org> – 78.0.3904.87-1
– update to 78.0.3904.87
– apply most of the freeworld changes in PR 23/24/25
* Wed Oct 23 2019 Tom Callaway <spot@fedoraproject.org> – 78.0.3904.80-1
– update to 78.0.3904.80
* Wed Oct 16 2019 Tom Callaway <spot@fedoraproject.org> – 77.0.3865.120-4
– upstream fix for zlib symbol exports with gcc
* Wed Oct 16 2019 Tom Callaway <spot@fedoraproject.org> – 77.0.3865.120-3
– silence outdated build noise (bz1745745)
* Tue Oct 15 2019 Tom Callaway <spot@fedoraproject.org> – 77.0.3865.120-2
– fix node handling for EPEL-8
* Mon Oct 14 2019 Tomas Popela <tpopela@redhat.com> – 77.0.3865.120-1
– Update to 77.0.3865.120
* Thu Oct 10 2019 Tom Callaway <spot@fedoraproject.org> – 77.0.3865.90-4
– enable aarch64 for EPEL-8
* Wed Oct 9 2019 Tom Callaway <spot@fedoraproject.org> – 77.0.3865.90-3
– spec cleanups and changes to make EPEL8 try to build
* Mon Sep 23 2019 Tomas Popela <tpopela@redhat.com> – 77.0.3865.90-2
– Fix the icon
– Remove quite a few of downstream patches
– Fix the crashes by backporting an upstream bug
– Resolves: rhbz#1754179
* Thu Sep 19 2019 Tomas Popela <tpopela@redhat.com> – 77.0.3865.90-1
– Update to 77.0.3865.90
* Mon Sep 16 2019 Tomas Popela <tpopela@redhat.com> – 77.0.3865.75-2
– Update the list of private libraries
* Fri Sep 13 2019 Tomas Popela <tpopela@redhat.com> – 77.0.3865.75-1
– Update to 77.0.3865.75
* Tue Sep 3 2019 Tomas Popela <tpopela@redhat.com> – 76.0.3809.132-2
– Backport patch to fix certificate transparency
* Tue Aug 27 2019 Tomas Popela <tpopela@redhat.com> – 76.0.3809.132-1
– Update to 76.0.3809.132
* Tue Aug 13 2019 Tomas Popela <tpopela@redhat.com> – 76.0.3809.100-1
– Update to 76.0.3809.100
* Wed Jul 24 2019 Fedora Release Engineering <releng@fedoraproject.org> – 75.0.3770.100-4
– Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Tue Jul 2 2019 Tom Callaway <spot@fedoraproject.org> – 75.0.3770.100-3
– apply upstream fix to resolve issue where it is dangerous to post a
task with a RenderProcessHost pointer because the RenderProcessHost
can go away before the task is run (causing a segfault).
* Tue Jun 25 2019 Tom Callaway <spot@fedoraproject.org> – 75.0.3770.100-2
– fix v8 compile with gcc
* Thu Jun 20 2019 Tom Callaway <spot@fedoraproject.org> – 75.0.3770.100-1
– update to 75.0.3770.100
* Fri Jun 14 2019 Tom Callaway <spot@fedoraproject.org> – 75.0.3770.90-1
– update to 75.0.3770.90
* Wed Jun 5 2019 Tom Callaway <spot@fedoraproject.org> – 75.0.3770.80-1
– update to 75.0.3770.80
– disable vaapi (via conditional), too broken
* Fri May 31 2019 Tom Callaway <spot@fedoraproject.org> – 74.0.3729.169-1
– update to 74.0.3729.169
* Thu Apr 11 2019 Tom Callaway <spot@fedoraproject.org> – 73.0.3683.103-1
– update to 73.0.3683.103
– add CLONE_VFORK logic to seccomp filter for linux to handle glibc 2.29 change
——————————————————————————–
References:

[ 1 ] Bug #1784989 – CVE-2019-13767 chromium-browser: Use after free in media picker
https://bugzilla.redhat.com/show_bug.cgi?id=1784989
[ 2 ] Bug #1782008 – CVE-2019-13763 chromium-browser: Insufficient policy enforcement in payments
https://bugzilla.redhat.com/show_bug.cgi?id=1782008
[ 3 ] Bug #1782007 – CVE-2019-13762 chromium-browser: Insufficient policy enforcement in downloads
https://bugzilla.redhat.com/show_bug.cgi?id=1782007
[ 4 ] Bug #1782006 – CVE-2019-13761 chromium-browser: Incorrect security UI in Omnibox
https://bugzilla.redhat.com/show_bug.cgi?id=1782006
[ 5 ] Bug #1782005 – CVE-2019-13759 chromium-browser: Incorrect security UI in interstitials
https://bugzilla.redhat.com/show_bug.cgi?id=1782005
[ 6 ] Bug #1782004 – CVE-2019-13757 chromium-browser: Incorrect security UI in Omnibox
https://bugzilla.redhat.com/show_bug.cgi?id=1782004
[ 7 ] Bug #1782000 – CVE-2019-13753 sqlite: fts3: incorrectly removed corruption check
https://bugzilla.redhat.com/show_bug.cgi?id=1782000
[ 8 ] Bug #1782003 – CVE-2019-13756 chromium-browser: Incorrect security UI in printing
https://bugzilla.redhat.com/show_bug.cgi?id=1782003
[ 9 ] Bug #1782002 – CVE-2019-13755 chromium-browser: Insufficient policy enforcement in extensions
https://bugzilla.redhat.com/show_bug.cgi?id=1782002
[ 10 ] Bug #1782001 – CVE-2019-13754 chromium-browser: Insufficient policy enforcement in extensions
https://bugzilla.redhat.com/show_bug.cgi?id=1782001
[ 11 ] Bug #1781998 – CVE-2019-13751 sqlite: fts3: improve detection of corrupted records
https://bugzilla.redhat.com/show_bug.cgi?id=1781998
[ 12 ] Bug #1781999 – CVE-2019-13752 sqlite: fts3: improve shadow table corruption detection
https://bugzilla.redhat.com/show_bug.cgi?id=1781999
[ 13 ] Bug #1781995 – CVE-2019-13749 chromium-browser: Incorrect security UI in Omnibox
https://bugzilla.redhat.com/show_bug.cgi?id=1781995
[ 14 ] Bug #1781993 – CVE-2019-13747 chromium-browser: Uninitialized Use in rendering
https://bugzilla.redhat.com/show_bug.cgi?id=1781993
[ 15 ] Bug #1781997 – CVE-2019-13750 sqlite: dropping of shadow tables not restricted in defensive mode
https://bugzilla.redhat.com/show_bug.cgi?id=1781997
[ 16 ] Bug #1781992 – CVE-2019-13746 chromium-browser: Insufficient policy enforcement in Omnibox
https://bugzilla.redhat.com/show_bug.cgi?id=1781992
[ 17 ] Bug #1781994 – CVE-2019-13748 chromium-browser: Insufficient policy enforcement in developer tools
https://bugzilla.redhat.com/show_bug.cgi?id=1781994
[ 18 ] Bug #1781991 – CVE-2019-13745 chromium-browser: Insufficient policy enforcement in audio
https://bugzilla.redhat.com/show_bug.cgi?id=1781991
[ 19 ] Bug #1781990 – CVE-2019-13743 chromium-browser: Incorrect security UI in external protocol handling
https://bugzilla.redhat.com/show_bug.cgi?id=1781990
[ 20 ] Bug #1781987 – CVE-2019-13740 chromium-browser: Incorrect security UI in sharing
https://bugzilla.redhat.com/show_bug.cgi?id=1781987
[ 21 ] Bug #1781989 – CVE-2019-13742 chromium-browser: Incorrect security UI in Omnibox
https://bugzilla.redhat.com/show_bug.cgi?id=1781989
[ 22 ] Bug #1781988 – CVE-2019-13741 chromium-browser: Insufficient validation of untrusted input in Blink
https://bugzilla.redhat.com/show_bug.cgi?id=1781988
[ 23 ] Bug #1781986 – CVE-2019-13739 chromium-browser: Incorrect security UI in Omnibox
https://bugzilla.redhat.com/show_bug.cgi?id=1781986
[ 24 ] Bug #1781985 – CVE-2019-13738 chromium-browser: Insufficient policy enforcement in navigation
https://bugzilla.redhat.com/show_bug.cgi?id=1781985
[ 25 ] Bug #1781983 – CVE-2019-13736 chromium-browser: Integer overflow in PDFium
https://bugzilla.redhat.com/show_bug.cgi?id=1781983
[ 26 ] Bug #1781984 – CVE-2019-13737 chromium-browser: Insufficient policy enforcement in autocomplete
https://bugzilla.redhat.com/show_bug.cgi?id=1781984
[ 27 ] Bug #1781980 – CVE-2019-13734 sqlite: fts3: improve shadow table corruption detection
https://bugzilla.redhat.com/show_bug.cgi?id=1781980
[ 28 ] Bug #1781982 – CVE-2019-13764 chromium-browser: Type Confusion in V8
https://bugzilla.redhat.com/show_bug.cgi?id=1781982
[ 29 ] Bug #1781981 – CVE-2019-13735 chromium-browser: Out of bounds write in V8
https://bugzilla.redhat.com/show_bug.cgi?id=1781981
[ 30 ] Bug #1781979 – CVE-2019-13732 chromium-browser: Use after free in WebAudio
https://bugzilla.redhat.com/show_bug.cgi?id=1781979
[ 31 ] Bug #1781978 – CVE-2019-13730 chromium-browser: Type Confusion in V8
https://bugzilla.redhat.com/show_bug.cgi?id=1781978
[ 32 ] Bug #1781974 – CVE-2019-13726 chromium-browser: Heap buffer overflow in password manager
https://bugzilla.redhat.com/show_bug.cgi?id=1781974
[ 33 ] Bug #1781975 – CVE-2019-13727 chromium-browser: Insufficient policy enforcement in WebSockets
https://bugzilla.redhat.com/show_bug.cgi?id=1781975
[ 34 ] Bug #1781976 – CVE-2019-13728 chromium-browser: Out of bounds write in V8
https://bugzilla.redhat.com/show_bug.cgi?id=1781976
[ 35 ] Bug #1781977 – CVE-2019-13729 chromium-browser: Use after free in WebSockets
https://bugzilla.redhat.com/show_bug.cgi?id=1781977
[ 36 ] Bug #1781973 – CVE-2019-13725 chromium-browser: Use after free in Bluetooth
https://bugzilla.redhat.com/show_bug.cgi?id=1781973
[ 37 ] Bug #1782021 – CVE-2019-13744 chromium-browser: Insufficient policy enforcement in cookies
https://bugzilla.redhat.com/show_bug.cgi?id=1782021
[ 38 ] Bug #1782017 – CVE-2019-13758 chromium-browser: Insufficient policy enforcement in navigation
https://bugzilla.redhat.com/show_bug.cgi?id=1782017
——————————————————————————–

This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade –advisory FEDORA-2020-4355ea258e’ at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list — package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org

Top
More in Preporuke
Sigurnosni nedostatak programskog paketa rubygem-rack

Otkriven je sigurnosni nedostatak u programskom paketu rubygem-rack za operacijski sustav Fedora. Otkriveni nedostatak potencijalnim napadačima omogućuje otkrivanje osjetljivih informacija...

Close