SECURITY: Fedora 35 Update: chromium-103.0.5060.114-1.fc35
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2022-0102ccc2a2
2022-07-28 01:29:59.622167
--------------------------------------------------------------------------------
Name : chromium
Product : Fedora 35
Version : 103.0.5060.114
Release : 1.fc35
URL : http://www.chromium.org/Home
Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).
--------------------------------------------------------------------------------
Update Information:
Update to 103.0.5060.114. Fixes: CVE-2022-2156 CVE-2022-2157 CVE-2022-2158
CVE-2022-2160 CVE-2022-2161 CVE-2022-2162 CVE-2022-2163 CVE-2022-2164
CVE-2022-2165 CVE-2022-2294 CVE-2022-2295 CVE-2022-2296
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jul 13 2022 Tom Callaway - 103.0.5060.114-1
- update to 103.0.5060.114
* Wed Jun 22 2022 Tom Callaway - 103.0.5060.53-1
- update to 103.0.5060.53
* Thu Jun 16 2022 Tom Callaway - 102.0.5005.115-2
- fix minizip Requires for EL9
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2099947 - CVE-2022-2156 chromium-browser: Use after free in Base
https://bugzilla.redhat.com/show_bug.cgi?id=2099947
[ 2 ] Bug #2099948 - CVE-2022-2157 chromium-browser: Use after free in Interest groups
https://bugzilla.redhat.com/show_bug.cgi?id=2099948
[ 3 ] Bug #2099949 - CVE-2022-2158 chromium-browser: Type Confusion in V8
https://bugzilla.redhat.com/show_bug.cgi?id=2099949
[ 4 ] Bug #2099950 - CVE-2022-2160 chromium-browser: Insufficient policy enforcement in DevTools
https://bugzilla.redhat.com/show_bug.cgi?id=2099950
[ 5 ] Bug #2099951 - CVE-2022-2161 chromium-browser: Use after free in WebApp Provider
https://bugzilla.redhat.com/show_bug.cgi?id=2099951
[ 6 ] Bug #2099952 - CVE-2022-2162 chromium-browser: Insufficient policy enforcement in File System API
https://bugzilla.redhat.com/show_bug.cgi?id=2099952
[ 7 ] Bug #2099953 - CVE-2022-2163 chromium-browser: Use after free in Cast UI and Toolbar
https://bugzilla.redhat.com/show_bug.cgi?id=2099953
[ 8 ] Bug #2099954 - CVE-2022-2164 chromium-browser: Inappropriate implementation in Extensions API
https://bugzilla.redhat.com/show_bug.cgi?id=2099954
[ 9 ] Bug #2099955 - CVE-2022-2165 chromium-browser: Insufficient data validation in URL formatting
https://bugzilla.redhat.com/show_bug.cgi?id=2099955
[ 10 ] Bug #2103854 - CVE-2022-2294 chromium-browser: Heap buffer overflow in WebRTC
https://bugzilla.redhat.com/show_bug.cgi?id=2103854
[ 11 ] Bug #2103855 - CVE-2022-2295 chromium-browser: Type Confusion in V8
https://bugzilla.redhat.com/show_bug.cgi?id=2103855
[ 12 ] Bug #2103856 - CVE-2022-2296 chromium-browser: Use after free in Chrome OS Shell
https://bugzilla.redhat.com/show_bug.cgi?id=2103856
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2022-0102ccc2a2' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
A chromium security update has been released for Fedora 35.