Fedora Linux 8779 Published by

A chromium security update has been released for Fedora 36.



SECURITY: Fedora 36 Update: chromium-103.0.5060.114-1.fc36


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2022-1d3d5a0341
2022-07-28 01:26:41.098825
--------------------------------------------------------------------------------

Name : chromium
Product : Fedora 36
Version : 103.0.5060.114
Release : 1.fc36
URL :   http://www.chromium.org/Home
Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).

--------------------------------------------------------------------------------
Update Information:

Update to 103.0.5060.114. Fixes: CVE-2022-2156 CVE-2022-2157 CVE-2022-2158
CVE-2022-2160 CVE-2022-2161 CVE-2022-2162 CVE-2022-2163 CVE-2022-2164
CVE-2022-2165 CVE-2022-2294 CVE-2022-2295 CVE-2022-2296
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jul 13 2022 Tom Callaway - 103.0.5060.114-1
- update to 103.0.5060.114
* Wed Jun 22 2022 Tom Callaway - 103.0.5060.53-1
- update to 103.0.5060.53
* Thu Jun 16 2022 Tom Callaway - 102.0.5005.115-2
- fix minizip Requires for EL9
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2099947 - CVE-2022-2156 chromium-browser: Use after free in Base
  https://bugzilla.redhat.com/show_bug.cgi?id=2099947
[ 2 ] Bug #2099948 - CVE-2022-2157 chromium-browser: Use after free in Interest groups
  https://bugzilla.redhat.com/show_bug.cgi?id=2099948
[ 3 ] Bug #2099949 - CVE-2022-2158 chromium-browser: Type Confusion in V8
  https://bugzilla.redhat.com/show_bug.cgi?id=2099949
[ 4 ] Bug #2099950 - CVE-2022-2160 chromium-browser: Insufficient policy enforcement in DevTools
  https://bugzilla.redhat.com/show_bug.cgi?id=2099950
[ 5 ] Bug #2099951 - CVE-2022-2161 chromium-browser: Use after free in WebApp Provider
  https://bugzilla.redhat.com/show_bug.cgi?id=2099951
[ 6 ] Bug #2099952 - CVE-2022-2162 chromium-browser: Insufficient policy enforcement in File System API
  https://bugzilla.redhat.com/show_bug.cgi?id=2099952
[ 7 ] Bug #2099953 - CVE-2022-2163 chromium-browser: Use after free in Cast UI and Toolbar
  https://bugzilla.redhat.com/show_bug.cgi?id=2099953
[ 8 ] Bug #2099954 - CVE-2022-2164 chromium-browser: Inappropriate implementation in Extensions API
  https://bugzilla.redhat.com/show_bug.cgi?id=2099954
[ 9 ] Bug #2099955 - CVE-2022-2165 chromium-browser: Insufficient data validation in URL formatting
  https://bugzilla.redhat.com/show_bug.cgi?id=2099955
[ 10 ] Bug #2103854 - CVE-2022-2294 chromium-browser: Heap buffer overflow in WebRTC
  https://bugzilla.redhat.com/show_bug.cgi?id=2103854
[ 11 ] Bug #2103855 - CVE-2022-2295 chromium-browser: Type Confusion in V8
  https://bugzilla.redhat.com/show_bug.cgi?id=2103855
[ 12 ] Bug #2103856 - CVE-2022-2296 chromium-browser: Use after free in Chrome OS Shell
  https://bugzilla.redhat.com/show_bug.cgi?id=2103856
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2022-1d3d5a0341' at the command
line. For more information, refer to the dnf documentation available at
  http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
  https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________