FEDORA-2020-39e0b8bd14 created by spot 5 months ago for Fedora 30
stable

Update to 80.0.3987.149. Upstream says it fixes "13" security issues, but only lists these CVEs:

  • CVE-2020-6422: Use after free in WebGL
  • CVE-2020-6424: Use after free in media
  • CVE-2020-6425: Insufficient policy enforcement in extensions.
  • CVE-2020-6426: Inappropriate implementation in V8
  • CVE-2020-6427: Use after free in audio
  • CVE-2020-6428: Use after free in audio
  • CVE-2020-6429: Use after free in audio.
  • CVE-2019-20503: Out of bounds read in usersctplib.
  • CVE-2020-6449: Use after free in audio

Update to 80.0.3987.132. Lots of security fixes here. VAAPI re-enabled by default except on NVIDIA.

List of CVEs fixed (since last update):

  • CVE-2019-20446
  • CVE-2020-6381
  • CVE-2020-6382
  • CVE-2020-6383
  • CVE-2020-6384
  • CVE-2020-6385
  • CVE-2020-6386
  • CVE-2020-6387
  • CVE-2020-6388
  • CVE-2020-6389
  • CVE-2020-6390
  • CVE-2020-6391
  • CVE-2020-6392
  • CVE-2020-6393
  • CVE-2020-6394
  • CVE-2020-6395
  • CVE-2020-6396
  • CVE-2020-6397
  • CVE-2020-6398
  • CVE-2020-6399
  • CVE-2020-6400
  • CVE-2020-6401
  • CVE-2020-6402
  • CVE-2020-6403
  • CVE-2020-6404
  • CVE-2020-6405
  • CVE-2020-6406
  • CVE-2020-6407
  • CVE-2020-6408
  • CVE-2020-6409
  • CVE-2020-6410
  • CVE-2020-6411
  • CVE-2020-6412
  • CVE-2020-6413
  • CVE-2020-6414
  • CVE-2020-6415
  • CVE-2020-6416
  • CVE-2020-6417
  • CVE-2020-6418
  • CVE-2020-6420

Update to 79.0.3945.130. Fixes the following security issues: * CVE-2020-6378 * CVE-2020-6379 * CVE-2020-6380

How to install

sudo dnf upgrade --advisory=FEDORA-2020-39e0b8bd14

This update has been submitted for testing by spot.

5 months ago

This update's test gating status has been changed to 'waiting'.

5 months ago

This update has obsoleted chromium-80.0.3987.132-1.fc30, and has inherited its bugs and notes.

5 months ago

This update's test gating status has been changed to 'ignored'.

5 months ago

This update has been pushed to testing.

5 months ago

spot edited this update.

5 months ago

This update can be pushed to stable now if the maintainer wishes

5 months ago

This update has been submitted for stable by bodhi.

5 months ago

This update has been pushed to stable.

5 months ago

Please login to add feedback.

Metadata
Type
security
Severity
high
Karma
0
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
7 days
Dates
submitted
5 months ago
in testing
5 months ago
in stable
5 months ago
modified
5 months ago
BZ#1793514 CVE-2020-6378 chromium-browser: use-after-free in speech recognizer
0
0
BZ#1793517 CVE-2020-6378 chromium: chromium-browser: use-after-free in speech recognizer [fedora-all]
0
0
BZ#1793529 CVE-2020-6379 chromium-browser: use-after-free in speech recognizer
0
0
BZ#1793531 CVE-2020-6379 chromium: chromium-browser: use-after-free in speech recognizer [fedora-all]
0
0
BZ#1793537 CVE-2020-6380 chromium-browser: extension message verification error
0
0
BZ#1793540 CVE-2020-6380 chromium: chromium-browser: extension message verification error [fedora-all]
0
0
BZ#1797608 CVE-2019-20446 librsvg: Resource exhaustion via crafted SVG file with nested patterns
0
0
BZ#1797610 CVE-2019-20446 chromium: librsvg: Resource exhaustion via crafted SVG file with nested patterns [fedora-all]
0
0
BZ#1801160 CVE-2020-6381 chromium-browser: Integer overflow in JavaScript
0
0
BZ#1801161 CVE-2020-6382 chromium-browser: Type Confusion in JavaScript
0
0
BZ#1801162 CVE-2020-6385 chromium-browser: Insufficient policy enforcement in storage
0
0
BZ#1801163 CVE-2020-6387 chromium-browser: Out of bounds write in WebRTC
0
0
BZ#1801164 CVE-2020-6388 chromium-browser: Out of bounds memory access in WebAudio
0
0
BZ#1801165 CVE-2020-6389 chromium-browser: Out of bounds write in WebRTC
0
0
BZ#1801166 CVE-2020-6390 chromium-browser: Out of bounds memory access in streams
0
0
BZ#1801167 CVE-2020-6391 chromium-browser: Insufficient validation of untrusted input in Blink
0
0
BZ#1801168 CVE-2020-6392 chromium-browser: Insufficient policy enforcement in extensions
0
0
BZ#1801169 CVE-2020-6393 chromium-browser: Insufficient policy enforcement in Blink
0
0
BZ#1801170 CVE-2020-6394 chromium-browser: Insufficient policy enforcement in Blink
0
0
BZ#1801171 CVE-2020-6395 chromium-browser: Out of bounds read in JavaScript
0
0
BZ#1801172 CVE-2020-6396 chromium-browser: Inappropriate implementation in Skia
0
0
BZ#1801173 CVE-2020-6397 chromium-browser: Incorrect security UI in sharing
0
0
BZ#1801174 CVE-2020-6398 chromium-browser: Uninitialized use in PDFium
0
0
BZ#1801175 CVE-2020-6399 chromium-browser: Insufficient policy enforcement in AppCache
0
0
BZ#1801176 CVE-2020-6400 chromium-browser: Inappropriate implementation in CORS
0
0
BZ#1801177 CVE-2020-6401 chromium-browser: Insufficient validation of untrusted input in Omnibox
0
0
BZ#1801178 CVE-2020-6402 chromium-browser: Insufficient policy enforcement in downloads
0
0
BZ#1801179 CVE-2020-6403 chromium-browser: Incorrect security UI in Omnibox
0
0
BZ#1801180 CVE-2020-6404 chromium-browser: Inappropriate implementation in Blink
0
0
BZ#1801181 CVE-2020-6405 sqlite: Out-of-bounds read in SELECT with ON/USING clause
0
0
BZ#1801182 CVE-2020-6406 chromium-browser: Use after free in audio
0
0
BZ#1801184 CVE-2020-6408 chromium-browser: Insufficient policy enforcement in CORS
0
0
BZ#1801185 CVE-2020-6409 chromium-browser: Inappropriate implementation in Omnibox
0
0
BZ#1801186 CVE-2020-6410 chromium-browser: Insufficient policy enforcement in navigation
0
0
BZ#1801187 CVE-2020-6411 chromium-browser: Insufficient validation of untrusted input in Omnibox
0
0
BZ#1801188 CVE-2020-6412 chromium-browser: Insufficient validation of untrusted input in Omnibox
0
0
BZ#1801189 CVE-2020-6413 chromium-browser: Inappropriate implementation in Blink
0
0
BZ#1801190 CVE-2020-6414 chromium-browser: Insufficient policy enforcement in Safe Browsing
0
0
BZ#1801191 CVE-2020-6415 chromium-browser: Inappropriate implementation in JavaScript
0
0
BZ#1801192 CVE-2020-6416 chromium-browser: Insufficient data validation in streams
0
0
BZ#1801193 CVE-2020-6417 chromium-browser: Inappropriate implementation in installer
0
0
BZ#1801838 CVE-2020-6381 CVE-2020-6382 CVE-2020-6385 CVE-2020-6387 CVE-2020-6388 CVE-2020-6389 CVE-2020-6390 CVE-2020-6391 CVE-2020-6392 CVE-2020-6393 CVE-2020-6394 CVE-2020-6395 CVE-2020-6396 CVE-2020-6397 CVE-2020-6398 ... chromium: various flaws [fedora-all]
0
0
BZ#1807341 chromium-browser: Out of bounds memory access in streams
0
0
BZ#1807343 CVE-2020-6418 chromium-browser: Type confusion in V8
0
0
BZ#1807349 CVE-2020-10531 ICU: Integer overflow in UnicodeString::doAppend()
0
0
BZ#1807356 CVE-2020-6418 chromium: chromium-browser: type confusion in V8 [fedora-all]
0
0
BZ#1807358 CVE-2020-10531 chromium: ICU: Integer overflow in UnicodeString::doAppend() [fedora-all]
0
0
BZ#1807381 CVE-2020-6407 chromium-browser: Out of bounds memory access in streams
0
0
BZ#1807382 CVE-2020-6407 chromium: chromium-browser: out of bounds memory access in streams [fedora-all]
0
0
BZ#1807498 CVE-2020-6383 chromium-browser: Type confusion in V8
0
0
BZ#1807499 CVE-2020-6384 chromium-browser: Use after free in WebAudio
0
0
BZ#1807500 CVE-2020-6386 chromium-browser: Use after free in speech
0
0
BZ#1807503 CVE-2020-6383 CVE-2020-6384 CVE-2020-6386 chromium: various flaws [fedora-all]
0
0
BZ#1811073 CVE-2020-6420 chromium-browser: Insufficient policy enforcement in media
0
0
BZ#1811074 CVE-2020-6420 chromium: chromium-browser: Insufficient policy enforcement in media [fedora-all]
0
0
BZ#1815241 CVE-2020-6424 chromium-browser: Use after free in media
0
0
BZ#1815242 CVE-2020-6425 chromium-browser: Insufficient policy enforcement in extensions
0
0
BZ#1815243 CVE-2020-6426 chromium-browser: Inappropriate implementation in V8
0
0
BZ#1815244 CVE-2020-6427 chromium-browser: Use after free in audio
0
0
BZ#1815245 CVE-2020-6428 chromium-browser: Use after free in audio
0
0
BZ#1815247 CVE-2020-6429 chromium-browser: Use after free in audio
0
0
BZ#1815248 CVE-2020-6449 chromium-browser: Use after free in audio
0
0
BZ#1815253 CVE-2020-6424 CVE-2020-6425 CVE-2020-6426 CVE-2020-6427 CVE-2020-6428 CVE-2020-6429 CVE-2020-6449 chromium: various flaws [fedora-all]
0
0
BZ#1815259 CVE-2020-6422 chromium-browser: Use after free in WebGL
0
0
BZ#1815264 CVE-2020-6422 chromium: chromium-browser: Use after free in WebGL [fedora-all]
0
0

Automated Test Results