Fedora Linux 8762 Published by

Fedora Linux recently released a series of security updates, which include chromium-130.0.6723.91-1.fc41, chromium-130.0.6723.91-1.fc40, chromium-130.0.6723.91-1.fc39, and webkitgtk-2.46.3-1.fc39:

Fedora 41 Update: chromium-130.0.6723.91-1.fc41
Fedora 40 Update: chromium-130.0.6723.91-1.fc40
Fedora 39 Update: chromium-130.0.6723.91-1.fc39
Fedora 39 Update: webkitgtk-2.46.3-1.fc39



[SECURITY] Fedora 41 Update: chromium-130.0.6723.91-1.fc41


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-aad3597d9e
2024-11-04 04:22:52.422591
--------------------------------------------------------------------------------

Name : chromium
Product : Fedora 41
Version : 130.0.6723.91
Release : 1.fc41
URL : http://www.chromium.org/Home
Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).

--------------------------------------------------------------------------------
Update Information:

Update to 130.0.6723.91
--------------------------------------------------------------------------------
ChangeLog:

* Wed Oct 30 2024 Than Ngo [than@redhat.com] - 130.0.6723.91-1
- Update to 130.0.6723.91
* Critical CVE-2024-10487: Out of bounds write in Dawn
* High CVE-2024-10488: Use after free in WebRTC
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2322630 - CVE-2024-10487 chromium: Out of bounds write in Dawn [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2322630
[ 2 ] Bug #2322631 - CVE-2024-10487 chromium: Out of bounds write in Dawn [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2322631
[ 3 ] Bug #2322632 - CVE-2024-10488 chromium: Use after free in WebRTC [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2322632
[ 4 ] Bug #2322633 - CVE-2024-10488 chromium: Use after free in WebRTC [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2322633
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-aad3597d9e' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 40 Update: chromium-130.0.6723.91-1.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-b92c0289c9
2024-11-04 04:16:58.467577
--------------------------------------------------------------------------------

Name : chromium
Product : Fedora 40
Version : 130.0.6723.91
Release : 1.fc40
URL : http://www.chromium.org/Home
Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).

--------------------------------------------------------------------------------
Update Information:

Update to 130.0.6723.91
--------------------------------------------------------------------------------
ChangeLog:

* Wed Oct 30 2024 Than Ngo [than@redhat.com] - 130.0.6723.91-1
- Update to 130.0.6723.91
* Critical CVE-2024-10487: Out of bounds write in Dawn
* High CVE-2024-10488: Use after free in WebRTC
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2322630 - CVE-2024-10487 chromium: Out of bounds write in Dawn [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2322630
[ 2 ] Bug #2322631 - CVE-2024-10487 chromium: Out of bounds write in Dawn [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2322631
[ 3 ] Bug #2322632 - CVE-2024-10488 chromium: Use after free in WebRTC [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2322632
[ 4 ] Bug #2322633 - CVE-2024-10488 chromium: Use after free in WebRTC [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2322633
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-b92c0289c9' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 39 Update: chromium-130.0.6723.91-1.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-00d1a85917
2024-11-04 01:37:03.129376
--------------------------------------------------------------------------------

Name : chromium
Product : Fedora 39
Version : 130.0.6723.91
Release : 1.fc39
URL : http://www.chromium.org/Home
Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).

--------------------------------------------------------------------------------
Update Information:

Update to 130.0.6723.91
--------------------------------------------------------------------------------
ChangeLog:

* Wed Oct 30 2024 Than Ngo [than@redhat.com] - 130.0.6723.91-1
- Update to 130.0.6723.91
* Critical CVE-2024-10487: Out of bounds write in Dawn
* High CVE-2024-10488: Use after free in WebRTC
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2322630 - CVE-2024-10487 chromium: Out of bounds write in Dawn [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2322630
[ 2 ] Bug #2322631 - CVE-2024-10487 chromium: Out of bounds write in Dawn [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2322631
[ 3 ] Bug #2322632 - CVE-2024-10488 chromium: Use after free in WebRTC [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2322632
[ 4 ] Bug #2322633 - CVE-2024-10488 chromium: Use after free in WebRTC [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2322633
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-00d1a85917' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 39 Update: webkitgtk-2.46.3-1.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-0f8a88da75
2024-11-04 01:37:03.129363
--------------------------------------------------------------------------------

Name : webkitgtk
Product : Fedora 39
Version : 2.46.3
Release : 1.fc39
URL : https://www.webkitgtk.org/
Summary : GTK web content engine library
Description :
WebKitGTK is the port of the WebKit web rendering engine to the
GTK platform.

--------------------------------------------------------------------------------
Update Information:

Update to WebKitGTK 2.46.3:
Flatten layers to a plane when preseve-3d style is set.
Fix DuckDuckGo links by adding a user agent quirk.
Fix several crashes and rendering issues.
Fixes: CVE-2024-44244, CVE-2024-44296
Changes from WebKitGTK 2.46.2:
Own well-known bus name on a11y bus.
Improve memory consumption when putImageData is used repeatedly on accelerated
canvas.
Disable cached web process suspension for now to prevent leaks.
Improve text kerning with different combinations of antialias and hinting
settings.
Destroy all network sessions on process exit.
Fix visible rectangle calculation when there are animations.
Fix the build with ENABLE_NOTIFICATIONS=OFF.
Fix several crashes and rendering issues.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Oct 30 2024 Michael Catanzaro [mcatanzaro@redhat.com] - 2.46.3-1
- Update to 2.46.3
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2323282 - CVE-2024-44244 webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash [fedora-39]
https://bugzilla.redhat.com/show_bug.cgi?id=2323282
[ 2 ] Bug #2323295 - CVE-2024-44296 webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced [fedora-39]
https://bugzilla.redhat.com/show_bug.cgi?id=2323295
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-0f8a88da75' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--