Fedora Linux 8773 Published by

A chromium security update has been released for Fedora 33.



SECURITY: Fedora 33 Update: chromium-86.0.4240.183-1.fc33


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2020-4e8e48da22
2020-11-14 01:11:09.444571
--------------------------------------------------------------------------------

Name : chromium
Product : Fedora 33
Version : 86.0.4240.183
Release : 1.fc33
URL :   http://www.chromium.org/Home
Summary : A WebKit (Blink) powered web browser
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).

--------------------------------------------------------------------------------
Update Information:

Update to 86.0.4240.183. Fixes the following security issues: CVE-2020-16004
CVE-2020-16005 CVE-2020-16006 CVE-2020-16008 CVE-2020-16009 Also disables the
very verbose output going to stdout. ---- Update to Chromium 86. A few big
things here: 1. Upstream has made hardware accelerated video support (VAAPI)
for Linux possible without patches. One key difference is that the patchset used
previously in Fedora enabled it by default and upstream's approach disables it
by default. To enable Hardware accelerated video in chromium, open this link in
chromium: chrome://flags/#enable-accelerated-video-decode Be sure it is turned
on. Note that not all GPUs are supported. 2. All the security fixes you expect
with a major release: CVE-2020-15967 CVE-2020-15968 CVE-2020-15969
CVE-2020-15970 CVE-2020-15971 CVE-2020-15972 CVE-2020-15990 CVE-2020-15991
CVE-2020-15973 CVE-2020-15974 CVE-2020-15975 CVE-2020-15976 CVE-2020-6557
CVE-2020-15977 CVE-2020-15978 CVE-2020-15979 CVE-2020-15980 CVE-2020-15981
CVE-2020-15982 CVE-2020-15983 CVE-2020-15984 CVE-2020-15985 CVE-2020-15986
CVE-2020-15987 CVE-2020-15992 CVE-2020-15988 CVE-2020-15989 CVE-2020-16000
CVE-2020-16001 CVE-2020-16002 CVE-2020-16003 3. Without bats acting as
pollinators, agave and cacao plants would struggle. That means that bats are
responsible for tequila and chocolate.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Nov 4 2020 Tom Callaway - 86.0.4240.183-1
- update to 86.0.4240.183
* Mon Nov 2 2020 Tom Callaway - 86.0.4240.111-2
- fix conditional typo that was causing console logging to be turned on
* Wed Oct 21 2020 Tom Callaway - 86.0.4240.111-1
- update to 86.0.4240.111
* Tue Oct 20 2020 Tom Callaway - 86.0.4240.75-2
- use bundled zlib/minizip on el7 (thanks Red Hat. :P)
* Wed Oct 14 2020 Tom Callaway - 86.0.4240.75-1
- update to 86.0.4240.75
* Mon Sep 28 2020 Tom Callaway - 85.0.4183.121-2
- rebuild for libevent
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #1885883 - CVE-2020-15967 chromium-browser: Use after free in payments
  https://bugzilla.redhat.com/show_bug.cgi?id=1885883
[ 2 ] Bug #1885884 - CVE-2020-15968 chromium-browser: Use after free in Blink
  https://bugzilla.redhat.com/show_bug.cgi?id=1885884
[ 3 ] Bug #1885885 - CVE-2020-15969 chromium-browser: Use after free in WebRTC
  https://bugzilla.redhat.com/show_bug.cgi?id=1885885
[ 4 ] Bug #1885886 - CVE-2020-15970 chromium-browser: Use after free in NFC
  https://bugzilla.redhat.com/show_bug.cgi?id=1885886
[ 5 ] Bug #1885887 - CVE-2020-15971 chromium-browser: Use after free in printing
  https://bugzilla.redhat.com/show_bug.cgi?id=1885887
[ 6 ] Bug #1885888 - CVE-2020-15972 chromium-browser: Use after free in audio
  https://bugzilla.redhat.com/show_bug.cgi?id=1885888
[ 7 ] Bug #1885889 - CVE-2020-15990 chromium-browser: Use after free in autofill
  https://bugzilla.redhat.com/show_bug.cgi?id=1885889
[ 8 ] Bug #1885890 - CVE-2020-15991 chromium-browser: Use after free in password manager
  https://bugzilla.redhat.com/show_bug.cgi?id=1885890
[ 9 ] Bug #1885891 - CVE-2020-15973 chromium-browser: Insufficient policy enforcement in extensions
  https://bugzilla.redhat.com/show_bug.cgi?id=1885891
[ 10 ] Bug #1885892 - CVE-2020-15974 chromium-browser: Integer overflow in Blink
  https://bugzilla.redhat.com/show_bug.cgi?id=1885892
[ 11 ] Bug #1885893 - CVE-2020-15975 chromium-browser: Integer overflow in SwiftShader
  https://bugzilla.redhat.com/show_bug.cgi?id=1885893
[ 12 ] Bug #1885894 - CVE-2020-15976 chromium-browser: Use after free in WebXR
  https://bugzilla.redhat.com/show_bug.cgi?id=1885894
[ 13 ] Bug #1885896 - CVE-2020-6557 chromium-browser: Inappropriate implementation in networking
  https://bugzilla.redhat.com/show_bug.cgi?id=1885896
[ 14 ] Bug #1885897 - CVE-2020-15977 chromium-browser: Insufficient data validation in dialogs
  https://bugzilla.redhat.com/show_bug.cgi?id=1885897
[ 15 ] Bug #1885899 - CVE-2020-15978 chromium-browser: Insufficient data validation in navigation
  https://bugzilla.redhat.com/show_bug.cgi?id=1885899
[ 16 ] Bug #1885901 - CVE-2020-15979 chromium-browser: Inappropriate implementation in V8
  https://bugzilla.redhat.com/show_bug.cgi?id=1885901
[ 17 ] Bug #1885902 - CVE-2020-15980 chromium-browser: Insufficient policy enforcement in Intents
  https://bugzilla.redhat.com/show_bug.cgi?id=1885902
[ 18 ] Bug #1885903 - CVE-2020-15981 chromium-browser: Out of bounds read in audio
  https://bugzilla.redhat.com/show_bug.cgi?id=1885903
[ 19 ] Bug #1885904 - CVE-2020-15982 chromium-browser: Side-channel information leakage in cache
  https://bugzilla.redhat.com/show_bug.cgi?id=1885904
[ 20 ] Bug #1885905 - CVE-2020-15983 chromium-browser: Insufficient data validation in webUI
  https://bugzilla.redhat.com/show_bug.cgi?id=1885905
[ 21 ] Bug #1885906 - CVE-2020-15984 chromium-browser: Insufficient policy enforcement in Omnibox
  https://bugzilla.redhat.com/show_bug.cgi?id=1885906
[ 22 ] Bug #1885907 - CVE-2020-15985 chromium-browser: Inappropriate implementation in Blink
  https://bugzilla.redhat.com/show_bug.cgi?id=1885907
[ 23 ] Bug #1885908 - CVE-2020-15986 chromium-browser: Integer overflow in media
  https://bugzilla.redhat.com/show_bug.cgi?id=1885908
[ 24 ] Bug #1885909 - CVE-2020-15987 chromium-browser: Use after free in WebRTC
  https://bugzilla.redhat.com/show_bug.cgi?id=1885909
[ 25 ] Bug #1885910 - CVE-2020-15992 chromium-browser: Insufficient policy enforcement in networking
  https://bugzilla.redhat.com/show_bug.cgi?id=1885910
[ 26 ] Bug #1885911 - CVE-2020-15988 chromium-browser: Insufficient policy enforcement in downloads
  https://bugzilla.redhat.com/show_bug.cgi?id=1885911
[ 27 ] Bug #1885912 - CVE-2020-15989 chromium-browser: Uninitialized use in PDFium
  https://bugzilla.redhat.com/show_bug.cgi?id=1885912
[ 28 ] Bug #1890266 - CVE-2020-16000 chromium-browser: Inappropriate implementation in Blink
  https://bugzilla.redhat.com/show_bug.cgi?id=1890266
[ 29 ] Bug #1890267 - CVE-2020-16001 chromium-browser: Use after free in media
  https://bugzilla.redhat.com/show_bug.cgi?id=1890267
[ 30 ] Bug #1890268 - CVE-2020-16002 chromium-browser: Use after free in PDFium
  https://bugzilla.redhat.com/show_bug.cgi?id=1890268
[ 31 ] Bug #1890269 - CVE-2020-16003 chromium-browser: Use after free in printing
  https://bugzilla.redhat.com/show_bug.cgi?id=1890269
[ 32 ] Bug #1894197 - CVE-2020-16004 chromium-browser: Use after free in user interface
  https://bugzilla.redhat.com/show_bug.cgi?id=1894197
[ 33 ] Bug #1894198 - CVE-2020-16005 chromium-browser: Insufficient policy enforcement in ANGLE
  https://bugzilla.redhat.com/show_bug.cgi?id=1894198
[ 34 ] Bug #1894199 - CVE-2020-16006 chromium-browser: Inappropriate implementation in V8
  https://bugzilla.redhat.com/show_bug.cgi?id=1894199
[ 35 ] Bug #1894201 - CVE-2020-16008 chromium-browser: Stack buffer overflow in WebRTC
  https://bugzilla.redhat.com/show_bug.cgi?id=1894201
[ 36 ] Bug #1894202 - CVE-2020-16009 chromium-browser: Inappropriate implementation in V8
  https://bugzilla.redhat.com/show_bug.cgi?id=1894202
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2020-4e8e48da22' at the command
line. For more information, refer to the dnf documentation available at
  http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
  https://fedoraproject.org/keys