FEDORA-2018-faff5f661e

security update in Fedora 27 for chromium

Status: stable a year ago

Update to Chromium 65. For EPEL7, it has been a long time since a successful build has been possible, so this will fix a LOT of CVEs.

CVE-2017-15396 CVE-2017-15407 CVE-2017-15408 CVE-2017-15409 CVE-2017-15410 CVE-2017-15411 CVE-2017-15412 CVE-2017-15413 CVE-2017-15415 CVE-2017-15416 CVE-2017-15417 CVE-2017-15418 CVE-2017-15419 CVE-2017-15420 CVE-2017-15422 CVE-2018-6056 CVE-2018-6406 CVE-2018-6057 CVE-2018-6058 CVE-2018-6059 CVE-2018-6060 CVE-2018-6061 CVE-2018-6062 CVE-2018-6063 CVE-2018-6064 CVE-2018-6065 CVE-2018-6066 CVE-2018-6067 CVE-2018-6068 CVE-2018-6069 CVE-2018-6070 CVE-2018-6071

Comments 11

This update has been submitted for testing by spot.

This update has been pushed to testing.

Works for me..

karma: +1

no regressions noted

karma: +1

This update has been submitted for batched by bodhi.

This update has been submitted for stable by bodhi.

This update has been pushed to stable.

Update not possible due to unsolved dependencies:

Problem: problem with installed package chromium-libs-media-freeworld-63.0.3239.108-1.fc27.x86_64 - package chromium-libs-media-freeworld-63.0.3239.108-1.fc27.x86_64 requires chromium-libs(x86-64) = 63.0.3239.108-1.fc27, but none of the providers can be installed - cannot install both chromium-libs-65.0.3325.181-1.fc27.x86_64 and chromium-libs-63.0.3239.108-1.fc27.x86_64 - package chromium-65.0.3325.181-1.fc27.x86_64 requires chromium-libs(x86-64) = 65.0.3325.181-1.fc27, but none of the providers can be installed - cannot install the best update candidate for package chromium-63.0.3239.108-1.fc27.x86_64

karma: -1

Because your chromium-libs-media-freeworld-63.0.3239.108-1.fc27 is from RPMfusion and that needs updating.
--best --allowerasing will work around that but you then loose the non-free codecs the RPMfusion package provides.

Oh sorry. I didn't realize chromium-libs-media-freeworld wasn't required. So, I removed it and all is fine.

karma: +1

Add Comment & Feedback

Please login to add feedback.

Content Type
RPM
Status
stable
Test Gating
Submitted by
Update Type
security
Update Severity
unspecified
Karma
+4
stable threshold: 3
unstable threshold: -3
Autopush (karma)
Enabled
Autopush (time)
Disabled
Dates
submitted a year ago
in testing a year ago
in stable a year ago

Related Bugs 58

00 #1506944 CVE-2017-15396 chromium: chromium-browser: stack overflow in v8 [fedora-all]
00 #1516479 chromium package missing NSS version dependency
00 #1523123 CVE-2017-15407 chromium-browser: out of bounds write in quic
00 #1523124 CVE-2017-15408 chromium-browser: heap buffer overflow in pdfium
00 #1523125 CVE-2017-15409 chromium-browser: out of bounds write in skia
00 #1523126 CVE-2017-15410 chromium-browser: use after free in pdfium
00 #1523127 CVE-2017-15411 chromium-browser: use after free in pdfium
00 #1523128 CVE-2017-15412 chromium-browser: use after free in libxml
00 #1523129 CVE-2017-15413 chromium-browser: type confusion in webassembly
00 #1523130 CVE-2017-15415 chromium-browser: pointer information disclosure in ipc call
00 #1523131 CVE-2017-15416 chromium-browser: out of bounds read in blink
00 #1523132 CVE-2017-15417 chromium-browser: cross origin information disclosure in skia
00 #1523133 CVE-2017-15418 chromium-browser: use of uninitialized value in skia
00 #1523134 CVE-2017-15419 chromium-browser: cross origin leak of redirect url in blink
00 #1523135 CVE-2017-15420 chromium-browser: url spoofing in omnibox
00 #1523136 CVE-2017-15422 chromium-browser: integer overflow in icu
00 #1523137 CVE-2017-15423 chromium-browser: issue with spake implementation in boringssl
00 #1523138 CVE-2017-15424 chromium-browser: url spoof in omnibox
00 #1523139 CVE-2017-15425 chromium-browser: url spoof in omnibox
00 #1523140 CVE-2017-15426 chromium-browser: url spoof in omnibox
00 #1523141 CVE-2017-15427 chromium-browser: insufficient blocking of javascript in omnibox
00 #1523143 CVE-2017-15407 CVE-2017-15408 CVE-2017-15409 CVE-2017-15410 CVE-2017-15411 CVE-2017-15412 CVE-2017-15413 CVE-2017-15415 CVE-2017-15416 CVE-2017-15417 CVE-2017-15418 CVE-2017-15419 CVE-2017-15420 CVE-2017-15422 ... chromium: various flaws [epel-7]
00 #1545062 CVE-2018-6056 chromium-browser: incorrect derived class instantiation in v8
00 #1545064 CVE-2018-6056 chromium: chromium-browser: incorrect derived class instantiation in v8 [epel-7]
00 #1545066 CVE-2018-6056 chromium: chromium-browser: incorrect derived class instantiation in v8 [fedora-all]
00 #1545241 Startup Notification not supported by Chromium
00 #1547349 CVE-2018-6406 libwebm: Out of bounds read in libwebm_util.cc:ParseVP9SuperFrameIndex() can lead to information leak or potential denial of service
00 #1547350 CVE-2018-6406 chromium: chromium-browser: Out of bounds read in libwebm_util.cc:ParseVP9SuperFrameIndex() can lead to information leak or potential denial of service [epel-7]
00 #1547351 CVE-2018-6406 chromium: chromium-browser: Out of bounds read in libwebm_util.cc:ParseVP9SuperFrameIndex() can lead to information leak or potential denial of service [fedora-all]
00 #1552474 CVE-2018-6058 chromium-browser: use-after-free in flash
00 #1552475 CVE-2018-6059 chromium-browser: use-after-free in flash
00 #1552476 CVE-2018-6060 chromium-browser: use-after-free in blink
00 #1552477 CVE-2018-6061 chromium-browser: race condition in v8
00 #1552478 CVE-2018-6062 chromium-browser: heap buffer overflow in skia
00 #1552479 CVE-2018-6057 chromium-browser: incorrect permissions on shared memory
00 #1552480 CVE-2018-6063 chromium-browser: incorrect permissions on shared memory
00 #1552481 CVE-2018-6064 chromium-browser: type confusion in v8
00 #1552482 CVE-2018-6065 chromium-browser: integer overflow in v8
00 #1552483 CVE-2018-6066 chromium-browser: same origin bypass via canvas
00 #1552484 CVE-2018-6067 chromium-browser: buffer overflow in skia
00 #1552485 CVE-2018-6068 chromium-browser: object lifecycle issues in chrome custom tab
00 #1552486 CVE-2018-6069 chromium-browser: stack buffer overflow in skia
00 #1552487 CVE-2018-6070 chromium-browser: csp bypass through extensions
00 #1552488 CVE-2018-6071 chromium-browser: heap bufffer overflow in skia
00 #1552489 CVE-2018-6072 chromium-browser: integer overflow in pdfium
00 #1552490 CVE-2018-6073 chromium-browser: heap bufffer overflow in webgl
00 #1552491 CVE-2018-6074 chromium-browser: mark-of-the-web bypass
00 #1552492 CVE-2018-6075 chromium-browser: overly permissive cross origin downloads
00 #1552493 CVE-2018-6076 chromium-browser: incorrect handling of url fragment identifiers in blink
00 #1552494 CVE-2018-6077 chromium-browser: timing attack using svg filters
00 #1552495 CVE-2018-6078 chromium-browser: url spoof in omnibox
00 #1552496 CVE-2018-6079 chromium-browser: information disclosure via texture data in webgl
00 #1552497 CVE-2018-6080 chromium-browser: information disclosure in ipc call
00 #1552498 CVE-2018-6081 chromium-browser: xss in interstitials
00 #1552499 CVE-2018-6082 chromium-browser: circumvention of port blocking
00 #1552500 CVE-2018-6083 chromium-browser: incorrect processing of appmanifests
00 #1552502 CVE-2018-6057 CVE-2018-6060 CVE-2018-6061 CVE-2018-6062 CVE-2018-6063 CVE-2018-6064 CVE-2018-6065 CVE-2018-6066 CVE-2018-6067 CVE-2018-6069 CVE-2018-6070 CVE-2018-6071 CVE-2018-6072 CVE-2018-6073 CVE-2018-6074 ... chromium: various flaws [fedora-all]
00 #1552504 CVE-2018-6057 CVE-2018-6060 CVE-2018-6061 CVE-2018-6062 CVE-2018-6063 CVE-2018-6064 CVE-2018-6065 CVE-2018-6066 CVE-2018-6067 CVE-2018-6069 CVE-2018-6070 CVE-2018-6071 CVE-2018-6072 CVE-2018-6073 CVE-2018-6074 ... chromium: various flaws [epel-7]

Automated Test Results