FEDORA-2017-e5bbb657c5

security update in Fedora 25 for chromium

Status: testing 6 days ago

Security fix for CVE-2017-15398, CVE-2017-15399


Security fix for CVE-2017-15386 CVE-2017-15387 CVE-2017-15388 CVE-2017-15389 CVE-2017-15390 CVE-2017-15391 CVE-2017-15392 CVE-2017-15393 CVE-2017-15394 CVE-2017-15395 CVE-2017-5124 CVE-2017-5125 CVE-2017-5126 CVE-2017-5127.

Build switched to use gtk3.


Update to 61.0.3163.100. Security fix for CVE-2017-5111, CVE-2017-5112, CVE-2017-5113, CVE-2017-5114, CVE-2017-5115, CVE-2017-5116, CVE-2017-5117, CVE-2017-5118, CVE-2017-5119, CVE-2017-5120, CVE-2017-5121, CVE-2017-5122

Comments 7

This update has been submitted for testing by spot.

This update has obsoleted chromium-62.0.3202.75-1.fc25, and has inherited its bugs and notes.

I get the following error when running:

# chromium-browser 
/usr/bin/chromium-browser: symbol lookup error: /usr/lib64/chromium-browser/./libmedia.so: undefined symbol: _ZN4base5Timer13SetTaskRunnerE13scoped_refptrINS_22SingleThreadTaskRunnerEE

I do have all stable updates installed and updated chromium with the following command:

dnf update --enablerepo=updates-testing chromium
karma: +1

I get the following error when running:

chromium-browser 
/usr/bin/chromium-browser: symbol lookup error: /usr/lib64/chromium-browser/./libmedia.so: undefined symbol: _ZN4base5Timer13SetTaskRunnerE13scoped_refptrINS_22SingleThreadTaskRunnerEE

My system has all stable updates installed and I installed chromium from testing with:

dnf update --enablerepo=updates-testing chromium
karma: -1

I get the following error when running:

chromium-browser 
/usr/bin/chromium-browser: symbol lookup error: /usr/lib64/chromium-browser/./libmedia.so: undefined symbol: _ZN4base5Timer13SetTaskRunnerE13scoped_refptrINS_22SingleThreadTaskRunnerEE

My system has all stable updates installed and I installed chromium from testing with:

dnf update --enablerepo=updates-testing chromium
karma: -1

This update has been pushed to testing.

Bodhi is disabling automatic push to stable due to negative karma. The maintainer may push manually if they determine that the issue is not severe.


Add Comment & Feedback
Toggle Preview

Comment fields support Fedora-Flavored Markdown.

-1 0 +1 Feedback Guidelines
#1510434 CVE-2017-15398 CVE-2017-15399 chromium: various flaws [fedora-all]
#1510431 CVE-2017-15399 chromium-browser: use after free in v8
#1510429 CVE-2017-15398 chromium-browser: stack buffer overflow in quic
#1503551 CVE-2017-15386 CVE-2017-15387 CVE-2017-15388 CVE-2017-15389 CVE-2017-15390 CVE-2017-15391 CVE-2017-15392 CVE-2017-15393 CVE-2017-15394 CVE-2017-15395 CVE-2017-5124 CVE-2017-5125 CVE-2017-5126 CVE-2017-5127 ... chromium: various flaws [fedora-all]
#1503550 CVE-2017-15395 chromium-browser: null pointer dereference in imagecapture
#1503549 CVE-2017-15394 chromium-browser: url spoofing in extensions ui
#1503548 CVE-2017-15393 chromium-browser: referrer leak in devtools
#1503547 CVE-2017-15392 chromium-browser: incorrect registry key handling in platformintegration
#1503546 CVE-2017-15391 chromium-browser: extension limitation bypass in extensions
#1503545 CVE-2017-15390 chromium-browser: url spoofing in omnibox
#1503544 CVE-2017-15389 chromium-browser: url spoofing in omnibox
#1503543 CVE-2017-15388 chromium-browser: out of bounds read in skia
#1503542 CVE-2017-15387 chromium-browser: content security bypass
#1503540 CVE-2017-15386 chromium-browser: ui spoofing in blink
#1503539 CVE-2017-5133 chromium-browser: out of bounds write in skia
#1503538 CVE-2017-5131 chromium-browser: out of bounds write in skia
#1503537 CVE-2017-5130 chromium-browser: heap overflow in libxml2
#1503536 CVE-2017-5132 chromium-browser: incorrect stack manipulation in webassembly
#1503535 CVE-2017-5129 chromium-browser: use after free in webaudio
#1503534 CVE-2017-5128 chromium-browser: heap overflow in webgl
#1503533 CVE-2017-5127 chromium-browser: use after free in pdfium
#1503532 CVE-2017-5126 chromium-browser: use after free in pdfium
#1503531 CVE-2017-5125 chromium-browser: heap overflow in skia
#1503530 CVE-2017-5124 chromium-browser: uxss with mhtml
#1502233 Chromium dark theme compatibility regression
#1488785 CVE-2017-5111 CVE-2017-5112 CVE-2017-5113 CVE-2017-5114 CVE-2017-5115 CVE-2017-5116 CVE-2017-5117 CVE-2017-5118 CVE-2017-5119 CVE-2017-5120 chromium: various flaws [fedora-all]
#1488782 CVE-2017-5120 chromium-browser: potential https downgrade during redirect navigation
#1488781 CVE-2017-5119 chromium-browser: use of uninitialized value in skia
#1488779 CVE-2017-5118 chromium-browser: bypass of content security policy in blink
#1488778 CVE-2017-5117 chromium-browser: use of uninitialized value in skia
#1488777 CVE-2017-5116 chromium-browser: type confusion in v8
#1488776 CVE-2017-5115 chromium-browser: type confusion in v8
#1488775 CVE-2017-5114 chromium-browser: memory lifecycle issue in pdfium
#1488774 CVE-2017-5113 chromium-browser: heap buffer overflow in skia
#1488773 CVE-2017-5112 chromium-browser: heap buffer overflow in webgl
#1488772 CVE-2017-5111 chromium-browser: use after free in pdfium
#1494394 CVE-2017-5121 CVE-2017-5122 chromium: various flaws [fedora-all]
#1494392 CVE-2017-5122 chromium-browser: out-of-bounds access in v8
#1494391 CVE-2017-5121 chromium-browser: out-of-bounds access in v8
Is the update generally functional?
Content Type
RPM
Status
testing
Submitted by
Update Type
security
Karma
-1
stable threshold: 3
unstable threshold: -3
Autopush
Disabled
Dates
submitted 8 days ago
in testing 6 days ago
days to stable 1

Related Bugs 39

00 #1510434 CVE-2017-15398 CVE-2017-15399 chromium: various flaws [fedora-all]
00 #1510431 CVE-2017-15399 chromium-browser: use after free in v8
00 #1510429 CVE-2017-15398 chromium-browser: stack buffer overflow in quic
00 #1503551 CVE-2017-15386 CVE-2017-15387 CVE-2017-15388 CVE-2017-15389 CVE-2017-15390 CVE-2017-15391 CVE-2017-15392 CVE-2017-15393 CVE-2017-15394 CVE-2017-15395 CVE-2017-5124 CVE-2017-5125 CVE-2017-5126 CVE-2017-5127 ... chromium: various flaws [fedora-all]
00 #1503550 CVE-2017-15395 chromium-browser: null pointer dereference in imagecapture
00 #1503549 CVE-2017-15394 chromium-browser: url spoofing in extensions ui
00 #1503548 CVE-2017-15393 chromium-browser: referrer leak in devtools
00 #1503547 CVE-2017-15392 chromium-browser: incorrect registry key handling in platformintegration
00 #1503546 CVE-2017-15391 chromium-browser: extension limitation bypass in extensions
00 #1503545 CVE-2017-15390 chromium-browser: url spoofing in omnibox
00 #1503544 CVE-2017-15389 chromium-browser: url spoofing in omnibox
00 #1503543 CVE-2017-15388 chromium-browser: out of bounds read in skia
00 #1503542 CVE-2017-15387 chromium-browser: content security bypass
00 #1503540 CVE-2017-15386 chromium-browser: ui spoofing in blink
00 #1503539 CVE-2017-5133 chromium-browser: out of bounds write in skia
00 #1503538 CVE-2017-5131 chromium-browser: out of bounds write in skia
00 #1503537 CVE-2017-5130 chromium-browser: heap overflow in libxml2
00 #1503536 CVE-2017-5132 chromium-browser: incorrect stack manipulation in webassembly
00 #1503535 CVE-2017-5129 chromium-browser: use after free in webaudio
00 #1503534 CVE-2017-5128 chromium-browser: heap overflow in webgl
00 #1503533 CVE-2017-5127 chromium-browser: use after free in pdfium
00 #1503532 CVE-2017-5126 chromium-browser: use after free in pdfium
00 #1503531 CVE-2017-5125 chromium-browser: heap overflow in skia
00 #1503530 CVE-2017-5124 chromium-browser: uxss with mhtml
00 #1502233 Chromium dark theme compatibility regression
00 #1488785 CVE-2017-5111 CVE-2017-5112 CVE-2017-5113 CVE-2017-5114 CVE-2017-5115 CVE-2017-5116 CVE-2017-5117 CVE-2017-5118 CVE-2017-5119 CVE-2017-5120 chromium: various flaws [fedora-all]
00 #1488782 CVE-2017-5120 chromium-browser: potential https downgrade during redirect navigation
00 #1488781 CVE-2017-5119 chromium-browser: use of uninitialized value in skia
00 #1488779 CVE-2017-5118 chromium-browser: bypass of content security policy in blink
00 #1488778 CVE-2017-5117 chromium-browser: use of uninitialized value in skia
00 #1488777 CVE-2017-5116 chromium-browser: type confusion in v8
00 #1488776 CVE-2017-5115 chromium-browser: type confusion in v8
00 #1488775 CVE-2017-5114 chromium-browser: memory lifecycle issue in pdfium
00 #1488774 CVE-2017-5113 chromium-browser: heap buffer overflow in skia
00 #1488773 CVE-2017-5112 chromium-browser: heap buffer overflow in webgl
00 #1488772 CVE-2017-5111 chromium-browser: use after free in pdfium
00 #1494394 CVE-2017-5121 CVE-2017-5122 chromium: various flaws [fedora-all]
00 #1494392 CVE-2017-5122 chromium-browser: out-of-bounds access in v8
00 #1494391 CVE-2017-5121 chromium-browser: out-of-bounds access in v8

Automated Test Results