FEDORA-EPEL-2020-d92c8360fe — security update for chromium

obsolete

chromium-80.0.3987.132-1.el8

FEDORA-EPEL-2020-d92c8360fe created by spot 3 years ago for Fedora EPEL 8

Update to 80.0.3987.132. Lots of security fixes here. VAAPI re-enabled by default (except on nvidia).

List of CVEs fixed (since last update):

CVE-2019-20446
CVE-2020-6381
CVE-2020-6382
CVE-2020-6383
CVE-2020-6384
CVE-2020-6385
CVE-2020-6386
CVE-2020-6387
CVE-2020-6388
CVE-2020-6389
CVE-2020-6390
CVE-2020-6391
CVE-2020-6392
CVE-2020-6393
CVE-2020-6394
CVE-2020-6395
CVE-2020-6396
CVE-2020-6397
CVE-2020-6398
CVE-2020-6399
CVE-2020-6400
CVE-2020-6401
CVE-2020-6402
CVE-2020-6403
CVE-2020-6404
CVE-2020-6405
CVE-2020-6406
CVE-2020-6407
CVE-2020-6408
CVE-2020-6409
CVE-2020-6410
CVE-2020-6411
CVE-2020-6412
CVE-2020-6413
CVE-2020-6414
CVE-2020-6415
CVE-2020-6416
CVE-2020-6417
CVE-2020-6418
CVE-2020-6420

This update has been submitted for testing by spot.

3 years ago

This update's test gating status has been changed to 'waiting'.

3 years ago

This update's test gating status has been changed to 'ignored'.

3 years ago

This update has been pushed to testing.

3 years ago

This update has been obsoleted by chromium-80.0.3987.149-1.el8.

3 years ago

Please login to add feedback.

Metadata

Type

security

Severity

high

Karma

Signed

Content Type

RPM

Test Gating

ignored

Builds

chromium-80.0.3987.132-1.el8

Settings

Unstable by Karma

-3

Stable by Karma

Stable by Time

14 days

Dates

submitted

3 years ago

in testing

3 years ago

BZ#1797608 CVE-2019-20446 librsvg: Resource exhaustion via crafted SVG file with nested patterns

BZ#1797611 CVE-2019-20446 chromium: librsvg: Resource exhaustion via crafted SVG file with nested patterns [epel-all]

BZ#1801160 CVE-2020-6381 chromium-browser: Integer overflow in JavaScript

BZ#1801161 CVE-2020-6382 chromium-browser: Type Confusion in JavaScript

BZ#1801162 CVE-2020-6385 chromium-browser: Insufficient policy enforcement in storage

BZ#1801163 CVE-2020-6387 chromium-browser: Out of bounds write in WebRTC

BZ#1801164 CVE-2020-6388 chromium-browser: Out of bounds memory access in WebAudio

BZ#1801165 CVE-2020-6389 chromium-browser: Out of bounds write in WebRTC

BZ#1801166 CVE-2020-6390 chromium-browser: Out of bounds memory access in streams

BZ#1801167 CVE-2020-6391 chromium-browser: Insufficient validation of untrusted input in Blink

BZ#1801168 CVE-2020-6392 chromium-browser: Insufficient policy enforcement in extensions

BZ#1801169 CVE-2020-6393 chromium-browser: Insufficient policy enforcement in Blink

BZ#1801170 CVE-2020-6394 chromium-browser: Insufficient policy enforcement in Blink

BZ#1801171 CVE-2020-6395 chromium-browser: Out of bounds read in JavaScript

BZ#1801172 CVE-2020-6396 chromium-browser: Inappropriate implementation in Skia

BZ#1801173 CVE-2020-6397 chromium-browser: Incorrect security UI in sharing

BZ#1801174 CVE-2020-6398 chromium-browser: Uninitialized use in PDFium

BZ#1801175 CVE-2020-6399 chromium-browser: Insufficient policy enforcement in AppCache

BZ#1801176 CVE-2020-6400 chromium-browser: Inappropriate implementation in CORS

BZ#1801177 CVE-2020-6401 chromium-browser: Insufficient validation of untrusted input in Omnibox

BZ#1801178 CVE-2020-6402 chromium-browser: Insufficient policy enforcement in downloads

BZ#1801179 CVE-2020-6403 chromium-browser: Incorrect security UI in Omnibox

BZ#1801180 CVE-2020-6404 chromium-browser: Inappropriate implementation in Blink

BZ#1801181 CVE-2020-6405 sqlite: Out-of-bounds read in SELECT with ON/USING clause

BZ#1801182 CVE-2020-6406 chromium-browser: Use after free in audio

BZ#1801184 CVE-2020-6408 chromium-browser: Insufficient policy enforcement in CORS

BZ#1801185 CVE-2020-6409 chromium-browser: Inappropriate implementation in Omnibox

BZ#1801186 CVE-2020-6410 chromium-browser: Insufficient policy enforcement in navigation

BZ#1801187 CVE-2020-6411 chromium-browser: Insufficient validation of untrusted input in Omnibox

BZ#1801188 CVE-2020-6412 chromium-browser: Insufficient validation of untrusted input in Omnibox

BZ#1801189 CVE-2020-6413 chromium-browser: Inappropriate implementation in Blink

BZ#1801190 CVE-2020-6414 chromium-browser: Insufficient policy enforcement in Safe Browsing

BZ#1801191 CVE-2020-6415 chromium-browser: Inappropriate implementation in JavaScript

BZ#1801192 CVE-2020-6416 chromium-browser: Insufficient data validation in streams

BZ#1801193 CVE-2020-6417 chromium-browser: Inappropriate implementation in installer

BZ#1801839 CVE-2020-6381 CVE-2020-6382 CVE-2020-6385 CVE-2020-6387 CVE-2020-6388 CVE-2020-6389 CVE-2020-6390 CVE-2020-6391 CVE-2020-6392 CVE-2020-6393 CVE-2020-6394 CVE-2020-6395 CVE-2020-6396 CVE-2020-6397 CVE-2020-6398 ... chromium: various flaws [epel-7]

BZ#1807341 chromium-browser: Out of bounds memory access in streams

BZ#1807343 CVE-2020-6418 chromium-browser: Type confusion in V8

BZ#1807349 CVE-2020-10531 ICU: Integer overflow in UnicodeString::doAppend()

BZ#1807355 chromium: chromium-browser: Out of bounds memory access in streams [epel-all]

BZ#1807357 CVE-2020-6418 chromium: chromium-browser: type confusion in V8 [epel-all]

BZ#1807359 CVE-2020-10531 chromium: ICU: Integer overflow in UnicodeString::doAppend() [epel-all]

BZ#1807381 CVE-2020-6407 chromium-browser: Out of bounds memory access in streams

BZ#1807383 CVE-2020-6407 chromium: chromium-browser: out of bounds memory access in streams [epel-all]

BZ#1807498 CVE-2020-6383 chromium-browser: Type confusion in V8

BZ#1807499 CVE-2020-6384 chromium-browser: Use after free in WebAudio

BZ#1807500 CVE-2020-6386 chromium-browser: Use after free in speech

BZ#1807504 CVE-2020-6383 CVE-2020-6384 CVE-2020-6386 chromium: various flaws [epel-all]

BZ#1811073 CVE-2020-6420 chromium-browser: Insufficient policy enforcement in media

BZ#1811075 CVE-2020-6420 chromium: chromium-browser: Insufficient policy enforcement in media [epel-all]

chromium-80.0.3987.132-1.el8

Automated Test Results

ignored