Fedora Linux 8782 Published by

A chromium security update has been released for Fedora 39.



[SECURITY] Fedora 39 Update: chromium-119.0.6045.159-2.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2023-9425bb0115
2023-11-23 01:22:58.936114
--------------------------------------------------------------------------------

Name : chromium
Product : Fedora 39
Version : 119.0.6045.159
Release : 2.fc39
URL : http://www.chromium.org/Home
Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).

--------------------------------------------------------------------------------
Update Information:

update to 119.0.6045.159, upstream security release - High CVE-2023-5997,
use after free in Garbage Collection - High CVE-2023-6112, use after free in
Navigation ---- Fix bz#2240127, audio/video decode issue in chromium
--------------------------------------------------------------------------------
ChangeLog:

* Sun Nov 19 2023 Than Ngo [than@redhat.com] - 119.0.6045.159-2
- fix ffmpeg conflicts
* Wed Nov 15 2023 Than Ngo [than@redhat.com] - 119.0.6045.159-1
- update to 119.0.6045.159, upstream security release
High CVE-2023-5997, use after free in Garbage Collection
High CVE-2023-6112, use after free in Navigation
- add Requires/Conflicts for ABI break in fmpeg-free 6.0.1
- drop first_dts patch, reintroduce first_dts patch in ffmpeg-free-6.0.1
- fixed python3 syntaxWarning: invalid escape sequenc
- skip clang's patches for epel8 that now gets clang-16 update
* Mon Nov 13 2023 Than Ngo [than@redhat.com] - 119.0.6045.123-2
- fixed bz#2240127, Some h.264 mp4s do not play
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2240127 - Some h.264 mp4s do not play on fedora chromium, while they do on other chromium packages (i.e. rpm build from source, flatpak)
https://bugzilla.redhat.com/show_bug.cgi?id=2240127
[ 2 ] Bug #2246427 - Using this package, the only way to stay relatively current with security patches is to use the rawhide build. All other builds, including from testing, are consistently behind.
https://bugzilla.redhat.com/show_bug.cgi?id=2246427
[ 3 ] Bug #2250169 - Missing security patches from 119.0.6045.159
https://bugzilla.redhat.com/show_bug.cgi?id=2250169
[ 4 ] Bug #2250775 - CVE-2023-6112 chromium: chromium-browser: Use after free in Navigation [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2250775
[ 5 ] Bug #2250777 - CVE-2023-5997 chromium: chromium-browser: use-after-free in Garbage Collection [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2250777
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2023-9425bb0115' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--