FEDORA-2017-ea44f172e3

security update in Fedora 26 for chromium

Status: stable 2 years ago

Security fix for CVE-2017-15412 CVE-2017-15422 CVE-2017-15407 CVE-2017-15408 CVE-2017-15409 CVE-2017-15410 CVE-2017-15411 CVE-2017-15413 CVE-2017-15415 CVE-2017-15416 CVE-2017-15417 CVE-2017-15418 CVE-2017-15419 CVE-2017-15420 CVE-2017-15423 CVE-2017-15424 CVE-2017-15425 CVE-2017-15426 CVE-2017-15427 CVE-2017-15429


Security fix for CVE-2017-15398, CVE-2017-15399


Security fix for CVE-2017-15386 CVE-2017-15387 CVE-2017-15388 CVE-2017-15389 CVE-2017-15390 CVE-2017-15391 CVE-2017-15392 CVE-2017-15393 CVE-2017-15394 CVE-2017-15395 CVE-2017-5124 CVE-2017-5125 CVE-2017-5126 CVE-2017-5127.

Build switched to use gtk3.

How to install

sudo dnf upgrade --advisory=FEDORA-2017-ea44f172e3

Comments 18

This update has been submitted for testing by tpopela.

This update has obsoleted chromium-62.0.3202.89-1.fc26, and has inherited its bugs and notes.

please let me know a couple days before you will intend to push this to batched/stable (if not done automatically by karma)

please let me know a couple days before you will intend to push this to batched/stable (if not done automatically by karma)

tpopela edited this update.

This update has been pushed to testing.

Problem: package chromium-libs-media-freeworld-61.0.3163.100-1.fc26.x86_64 requires chromium-libs(x86-64) = 61.0.3163.100-1.fc26, but none of the providers can be installed - cannot install both chromium-libs-63.0.3239.108-1.fc26.x86_64 and chromium-libs-61.0.3163.100-1.fc26.x86_64 - cannot install both chromium-libs-61.0.3163.100-1.fc26.x86_64 and chromium-libs-63.0.3239.108-1.fc26.x86_64 - package chromium-63.0.3239.108-1.fc26.x86_64 requires chromium-libs(x86-64) = 63.0.3239.108-1.fc26, but none of the providers can be installed - cannot install the best update candidate for package chromium-61.0.3163.100-1.fc26.x86_64 - problem with installed package chromium-libs-media-freeworld-61.0.3163.100-1.fc26.x86_64

Problem: package chromium-libs-media-freeworld-61.0.3163.100-1.fc26.x86_64 requires chromium-libs(x86-64) = 61.0.3163.100-1.fc26, but none of the providers can be installed - cannot install both chromium-libs-63.0.3239.108-1.fc26.x86_64 and chromium-libs-61.0.3163.100-1.fc26.x86_64 - cannot install both chromium-libs-61.0.3163.100-1.fc26.x86_64 and chromium-libs-63.0.3239.108-1.fc26.x86_64 - package chromium-63.0.3239.108-1.fc26.x86_64 requires chromium-libs(x86-64) = 63.0.3239.108-1.fc26, but none of the providers can be installed - cannot install the best update candidate for package chromium-61.0.3163.100-1.fc26.x86_64 - problem with installed package chromium-libs-media-freeworld-61.0.3163.100-1.fc26.x86_64

Try with:

dnf update chromium* --enablerepo=*testing --refresh

Give it a couple of days before it syncs to the mirrors.

Sure, didn't realize chromium-libs-media-freeworld was already in rpmfusion-free-updates-testing. With chromium-libs-media-freeworld-63 the update of course works fine.

The chromium package itsself does too. So +1 karma.

karma: +1

Sure, didn't realize chromium-libs-media-freeworld was already in rpmfusion-free-updates-testing. With chromium-libs-media-freeworld-63 the update of course works fine.

The chromium package itsself does too. So +1 karma.

karma: +1

Chromium is not my default web browser, so I haven't tried out a lot of different websites but Planet GNOME and LWN seemed to work OK.

karma: +1

This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes

Working fine here

karma: +1

This update has been submitted for batched by churchyard.

This update has been submitted for stable by churchyard.

This update has been pushed to stable.

Add Comment & Feedback

Please login to add feedback.

Content Type
RPM
Status
stable
Test Gating
Submitted by
Update Type
security
Update Severity
high
Karma
+3
stable threshold: 3
unstable threshold: -3
Autopush (karma)
Disabled
Autopush (time)
Disabled
Dates
submitted 2 years ago
in testing 2 years ago
in stable 2 years ago
modified 2 years ago

Related Bugs 47

00 #1502233 Chromium dark theme compatibility regression
00 #1503530 CVE-2017-5124 chromium-browser: uxss with mhtml
00 #1503531 CVE-2017-5125 chromium-browser: heap overflow in skia
00 #1503532 CVE-2017-5126 chromium-browser: use after free in pdfium
00 #1503533 CVE-2017-5127 chromium-browser: use after free in pdfium
00 #1503534 CVE-2017-5128 chromium-browser: heap overflow in webgl
00 #1503535 CVE-2017-5129 chromium-browser: use after free in webaudio
00 #1503536 CVE-2017-5132 chromium-browser: incorrect stack manipulation in webassembly
00 #1503537 CVE-2017-5130 chromium-browser: heap overflow in libxml2
00 #1503538 CVE-2017-5131 chromium-browser: out of bounds write in skia
00 #1503539 CVE-2017-5133 chromium-browser: out of bounds write in skia
00 #1503540 CVE-2017-15386 chromium-browser: ui spoofing in blink
00 #1503542 CVE-2017-15387 chromium-browser: content security bypass
00 #1503543 CVE-2017-15388 chromium-browser: out of bounds read in skia
00 #1503544 CVE-2017-15389 chromium-browser: url spoofing in omnibox
00 #1503545 CVE-2017-15390 chromium-browser: url spoofing in omnibox
00 #1503546 CVE-2017-15391 chromium-browser: extension limitation bypass in extensions
00 #1503547 CVE-2017-15392 chromium-browser: incorrect registry key handling in platformintegration
00 #1503548 CVE-2017-15393 chromium-browser: referrer leak in devtools
00 #1503549 CVE-2017-15394 chromium-browser: url spoofing in extensions ui
00 #1503550 CVE-2017-15395 chromium-browser: null pointer dereference in imagecapture
00 #1503551 CVE-2017-15386 CVE-2017-15387 CVE-2017-15388 CVE-2017-15389 CVE-2017-15390 CVE-2017-15391 CVE-2017-15392 CVE-2017-15393 CVE-2017-15394 CVE-2017-15395 CVE-2017-5124 CVE-2017-5125 CVE-2017-5126 CVE-2017-5127 ... chromium: various flaws [fedora-all]
00 #1510429 CVE-2017-15398 chromium-browser: stack buffer overflow in quic
00 #1510431 CVE-2017-15399 chromium-browser: use after free in v8
00 #1510434 CVE-2017-15398 CVE-2017-15399 chromium: various flaws [fedora-all]
00 #1523123 CVE-2017-15407 chromium-browser: out of bounds write in quic
00 #1523124 CVE-2017-15408 chromium-browser: heap buffer overflow in pdfium
00 #1523125 CVE-2017-15409 chromium-browser: out of bounds write in skia
00 #1523126 CVE-2017-15410 chromium-browser: use after free in pdfium
00 #1523127 CVE-2017-15411 chromium-browser: use after free in pdfium
00 #1523128 CVE-2017-15412 chromium-browser: use after free in libxml
00 #1523129 CVE-2017-15413 chromium-browser: type confusion in webassembly
00 #1523130 CVE-2017-15415 chromium-browser: pointer information disclosure in ipc call
00 #1523131 CVE-2017-15416 chromium-browser: out of bounds read in blink
00 #1523132 CVE-2017-15417 chromium-browser: cross origin information disclosure in skia
00 #1523133 CVE-2017-15418 chromium-browser: use of uninitialized value in skia
00 #1523134 CVE-2017-15419 chromium-browser: cross origin leak of redirect url in blink
00 #1523135 CVE-2017-15420 chromium-browser: url spoofing in omnibox
00 #1523136 CVE-2017-15422 chromium-browser: integer overflow in icu
00 #1523137 CVE-2017-15423 chromium-browser: issue with spake implementation in boringssl
00 #1523138 CVE-2017-15424 chromium-browser: url spoof in omnibox
00 #1523139 CVE-2017-15425 chromium-browser: url spoof in omnibox
00 #1523140 CVE-2017-15426 chromium-browser: url spoof in omnibox
00 #1523141 CVE-2017-15427 chromium-browser: insufficient blocking of javascript in omnibox
00 #1523145 CVE-2017-15407 CVE-2017-15408 CVE-2017-15409 CVE-2017-15410 CVE-2017-15411 CVE-2017-15412 CVE-2017-15413 CVE-2017-15415 CVE-2017-15416 CVE-2017-15417 CVE-2017-15418 CVE-2017-15419 CVE-2017-15420 CVE-2017-15422 ... chromium: various flaws [fedora-all]
00 #1526405 CVE-2017-15429 chromium-browser: uxss in v8
00 #1526406 CVE-2017-15429 chromium: chromium-browser: uxss in v8 [fedora-all]

Automated Test Results