Fedora Linux 8782 Published by

A chromium security update has been released for Fedora 35.



SECURITY: Fedora 35 Update: chromium-99.0.4844.51-1.fc35


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2022-d1a15f9cdb
2022-03-11 14:43:31.710841
--------------------------------------------------------------------------------

Name : chromium
Product : Fedora 35
Version : 99.0.4844.51
Release : 1.fc35
URL :   http://www.chromium.org/Home
Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).

--------------------------------------------------------------------------------
Update Information:

Update Chromium to 99.0.4844.51. Fixes, well, a LOT of security bugs. Sorry
about that. CVE-2021-22570 CVE-2022-0096 CVE-2022-0097 CVE-2022-0098
CVE-2022-0099 CVE-2022-0100 CVE-2022-0101 CVE-2022-0102 CVE-2022-0103
CVE-2022-0104 CVE-2022-0105 CVE-2022-0106 CVE-2022-0107 CVE-2022-0108
CVE-2022-0109 CVE-2022-0110 CVE-2022-0111 CVE-2022-0112 CVE-2022-0113
CVE-2022-0114 CVE-2022-0115 CVE-2022-0116 CVE-2022-0117 CVE-2022-0118
CVE-2022-0120 CVE-2022-0789 CVE-2022-0790 CVE-2022-0791 CVE-2022-0792
CVE-2022-0793 CVE-2022-0794 CVE-2022-0795 CVE-2022-0796 CVE-2022-0797
CVE-2022-0798 CVE-2022-0799 CVE-2022-0800 CVE-2022-0801 CVE-2022-0802
CVE-2022-0803 CVE-2022-0804 CVE-2022-0805 CVE-2022-0806 CVE-2022-0807
CVE-2022-0808 CVE-2022-0809
--------------------------------------------------------------------------------
ChangeLog:

* Sat Mar 5 2022 Tom Callaway - 99.0.4844.5-1
- update to 99.0.4844.5
* Fri Feb 25 2022 Tom Callaway - 98.0.4758.102-1
- update to 98.0.4758.102
- fix build issue with subzero and gcc12
* Tue Feb 8 2022 Tom Callaway - 98.0.4758.80-1
- update to 98.0.4758.80
* Sat Feb 5 2022 Jiri Vanek - 96.0.4664.110-9
- Rebuilt for java-17-openjdk as system jdk
* Wed Jan 19 2022 Fedora Release Engineering - 96.0.4664.110-8
- Rebuilt for   https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Wed Jan 5 2022 Tom Callaway - 96.0.4664.110-7
- i hate regex. trying again
* Tue Jan 4 2022 Tom Callaway - 96.0.4664.110-6
- always filter provides, was previously inside conditional for shared builds
* Mon Jan 3 2022 Tom Callaway - 96.0.4664.110-5
- fix provides filtering to be more inclusive (and work properly)
* Thu Dec 30 2021 Tom Callaway - 96.0.4664.110-4
- package up more swiftshader/angle stuff
- move swiftshader files to -common so headless can use them
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2037457 - CVE-2022-0096 chromium-browser: Use after free in Storage
  https://bugzilla.redhat.com/show_bug.cgi?id=2037457
[ 2 ] Bug #2037458 - CVE-2022-0097 chromium-browser: Inappropriate implementation in DevTools
  https://bugzilla.redhat.com/show_bug.cgi?id=2037458
[ 3 ] Bug #2037459 - CVE-2022-0098 chromium-browser: Use after free in Screen Capture
  https://bugzilla.redhat.com/show_bug.cgi?id=2037459
[ 4 ] Bug #2037460 - CVE-2022-0099 chromium-browser: Use after free in Sign-in
  https://bugzilla.redhat.com/show_bug.cgi?id=2037460
[ 5 ] Bug #2037461 - CVE-2022-0100 chromium-browser: Heap buffer overflow in Media streams API
  https://bugzilla.redhat.com/show_bug.cgi?id=2037461
[ 6 ] Bug #2037462 - CVE-2022-0101 chromium-browser: Heap buffer overflow in Bookmarks
  https://bugzilla.redhat.com/show_bug.cgi?id=2037462
[ 7 ] Bug #2037463 - CVE-2022-0102 chromium-browser: Type Confusion in V8
  https://bugzilla.redhat.com/show_bug.cgi?id=2037463
[ 8 ] Bug #2037464 - CVE-2022-0103 chromium-browser: Use after free in SwiftShader
  https://bugzilla.redhat.com/show_bug.cgi?id=2037464
[ 9 ] Bug #2037465 - CVE-2022-0104 chromium-browser: Heap buffer overflow in ANGLE
  https://bugzilla.redhat.com/show_bug.cgi?id=2037465
[ 10 ] Bug #2037466 - CVE-2022-0105 chromium-browser: Use after free in PDF
  https://bugzilla.redhat.com/show_bug.cgi?id=2037466
[ 11 ] Bug #2037467 - CVE-2022-0106 chromium-browser: Use after free in Autofill
  https://bugzilla.redhat.com/show_bug.cgi?id=2037467
[ 12 ] Bug #2037468 - CVE-2022-0107 chromium-browser: Use after free in File Manager API
  https://bugzilla.redhat.com/show_bug.cgi?id=2037468
[ 13 ] Bug #2037469 - CVE-2022-0108 chromium-browser: Inappropriate implementation in Navigation
  https://bugzilla.redhat.com/show_bug.cgi?id=2037469
[ 14 ] Bug #2037470 - CVE-2022-0109 chromium-browser: Inappropriate implementation in Autofill
  https://bugzilla.redhat.com/show_bug.cgi?id=2037470
[ 15 ] Bug #2037471 - CVE-2022-0110 chromium-browser: Incorrect security UI in Autofill
  https://bugzilla.redhat.com/show_bug.cgi?id=2037471
[ 16 ] Bug #2037472 - CVE-2022-0111 chromium-browser: Inappropriate implementation in Navigation
  https://bugzilla.redhat.com/show_bug.cgi?id=2037472
[ 17 ] Bug #2037473 - CVE-2022-0112 chromium-browser: Incorrect security UI in Browser UI
  https://bugzilla.redhat.com/show_bug.cgi?id=2037473
[ 18 ] Bug #2037474 - CVE-2022-0113 chromium-browser: Inappropriate implementation in Blink
  https://bugzilla.redhat.com/show_bug.cgi?id=2037474
[ 19 ] Bug #2037475 - CVE-2022-0114 chromium-browser: Out of bounds memory access in Web Serial
  https://bugzilla.redhat.com/show_bug.cgi?id=2037475
[ 20 ] Bug #2037476 - CVE-2022-0115 chromium-browser: Uninitialized Use in File API
  https://bugzilla.redhat.com/show_bug.cgi?id=2037476
[ 21 ] Bug #2037477 - CVE-2022-0116 chromium-browser: Inappropriate implementation in Compositing
  https://bugzilla.redhat.com/show_bug.cgi?id=2037477
[ 22 ] Bug #2037478 - CVE-2022-0117 chromium-browser: Policy bypass in Service Workers
  https://bugzilla.redhat.com/show_bug.cgi?id=2037478
[ 23 ] Bug #2037479 - CVE-2022-0118 chromium-browser: Inappropriate implementation in WebShare
  https://bugzilla.redhat.com/show_bug.cgi?id=2037479
[ 24 ] Bug #2037480 - CVE-2022-0120 chromium-browser: Inappropriate implementation in Passwords
  https://bugzilla.redhat.com/show_bug.cgi?id=2037480
[ 25 ] Bug #2049429 - CVE-2021-22570 protobuf: Incorrect parsing of nullchar in the proto symbol leads to Nullptr dereference
  https://bugzilla.redhat.com/show_bug.cgi?id=2049429
[ 26 ] Bug #2059898 - CVE-2022-0789 chromium-browser: Heap buffer overflow in ANGLE
  https://bugzilla.redhat.com/show_bug.cgi?id=2059898
[ 27 ] Bug #2059900 - CVE-2022-0791 chromium-browser: Use after free in Omnibox
  https://bugzilla.redhat.com/show_bug.cgi?id=2059900
[ 28 ] Bug #2059901 - CVE-2022-0792 chromium-browser: Out of bounds read in ANGLE
  https://bugzilla.redhat.com/show_bug.cgi?id=2059901
[ 29 ] Bug #2059902 - CVE-2022-0793 chromium-browser: Use after free in Views
  https://bugzilla.redhat.com/show_bug.cgi?id=2059902
[ 30 ] Bug #2059905 - CVE-2022-0796 chromium-browser: Use after free in Media
  https://bugzilla.redhat.com/show_bug.cgi?id=2059905
[ 31 ] Bug #2059910 - CVE-2022-0801 chromium-browser: Inappropriate implementation in HTML parser
  https://bugzilla.redhat.com/show_bug.cgi?id=2059910
[ 32 ] Bug #2059911 - CVE-2022-0802 chromium-browser: Inappropriate implementation in Full screen mode
  https://bugzilla.redhat.com/show_bug.cgi?id=2059911
[ 33 ] Bug #2059912 - CVE-2022-0803 chromium-browser: Inappropriate implementation in Permissions
  https://bugzilla.redhat.com/show_bug.cgi?id=2059912
[ 34 ] Bug #2059913 - CVE-2022-0804 chromium-browser: Inappropriate implementation in Full screen mode
  https://bugzilla.redhat.com/show_bug.cgi?id=2059913
[ 35 ] Bug #2059914 - CVE-2022-0805 chromium-browser: Use after free in Browser Switcher
  https://bugzilla.redhat.com/show_bug.cgi?id=2059914
[ 36 ] Bug #2059915 - CVE-2022-0806 chromium-browser: Data leak in Canvas
  https://bugzilla.redhat.com/show_bug.cgi?id=2059915
[ 37 ] Bug #2059916 - CVE-2022-0807 chromium-browser: Inappropriate implementation in Autofill
  https://bugzilla.redhat.com/show_bug.cgi?id=2059916
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2022-d1a15f9cdb' at the command
line. For more information, refer to the dnf documentation available at
  http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
  https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________