[SECURITY] Fedora EPEL 8 Update: chromium-87.0.4280.88-1.el8

Tue, 22 Dec 2020 16:36:14 -0800 

--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2020-37ef75d1ce
2020-12-23 00:33:11.666612
--------------------------------------------------------------------------------

Name        : chromium
Product     : Fedora EPEL 8
Version     : 87.0.4280.88
Release     : 1.el8
URL         : http://www.chromium.org/Home
Summary     : A WebKit (Blink) powered web browser
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).

--------------------------------------------------------------------------------
Update Information:

Update to 87.0.4280.88. Fixes bugs and security issues, including:
CVE-2020-16037 CVE-2020-16038 CVE-2020-16039 CVE-2020-16040 CVE-2020-16041
CVE-2020-16042  ----  Update to 87.0.4280.66. Fixes the following security
issues:  CVE-2020-16012 CVE-2020-16018 CVE-2020-16019 CVE-2020-16020
CVE-2020-16021 CVE-2020-16022 CVE-2020-16015  CVE-2020-16014 CVE-2020-16023
CVE-2020-16024 CVE-2020-16025 CVE-2020-16026 CVE-2020-16027 CVE-2020-16028
CVE-2020-16029 CVE-2020-16030 CVE-2020-16031 CVE-2020-16032 CVE-2020-16033
CVE-2020-16034 CVE-2020-16035  CVE-2020-16036  ----  Update to 86.0.4240.198.
Fixes the following security issues:  CVE-2020-16013  CVE-2020-16016
CVE-2020-16017  ----  Update to 86.0.4240.183.   Fixes the following security
issues: CVE-2020-16004 CVE-2020-16005 CVE-2020-16006 CVE-2020-16008
CVE-2020-16009  Also disables the very verbose output going to stdout.  ----
Update to Chromium 86. A few big things here:  1. Upstream has made hardware
accelerated video support (VAAPI) for Linux possible without patches. One key
difference is that the patchset used previously in Fedora enabled it by default
and upstream's approach disables it by default. To enable Hardware accelerated
video in chromium, open this link in chromium:  chrome://flags/#enable-
accelerated-video-decode  Be sure it is turned on. Note that not all GPUs are
supported.  2. All the security fixes you expect with a major release:
CVE-2020-15967 CVE-2020-15968 CVE-2020-15969 CVE-2020-15970 CVE-2020-15971
CVE-2020-15972 CVE-2020-15990  CVE-2020-15991 CVE-2020-15973 CVE-2020-15974
CVE-2020-15975 CVE-2020-15976 CVE-2020-6557  CVE-2020-15977  CVE-2020-15978
CVE-2020-15979 CVE-2020-15980 CVE-2020-15981 CVE-2020-15982 CVE-2020-15983
CVE-2020-15984  CVE-2020-15985 CVE-2020-15986 CVE-2020-15987 CVE-2020-15992
CVE-2020-15988 CVE-2020-15989 CVE-2020-16000  CVE-2020-16001 CVE-2020-16002
CVE-2020-16003  3. The EPEL-7 build no longer requires minizip, because Red Hat
removed that package in RHEL 7.9.  4. Without bats acting as pollinators, agave
and cacao plants would struggle. That means that bats are responsible for
tequila and chocolate.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Dec  3 2020 Tom Callaway <[email protected]> - 87.0.4280.88-1
- update to 87.0.4280.88
* Wed Nov 18 2020 Tom Callaway <[email protected]> - 87.0.4280.66-1
- update to 87.0.4280.66
* Thu Nov 12 2020 Jeff Law <[email protected]> - 86.0.4240.198-1
- Fix missing #inclues for gcc-11
- Fix bogus volatile caught by gcc-11
* Thu Nov 12 2020 Tom Callaway <[email protected]> - 86.0.4240.198-1
- update to 86.0.4240.198
* Tue Nov 10 2020 Tom Callaway <[email protected]> - 86.0.4240.193-1
- update to 86.0.4240.193
* Wed Nov  4 2020 Tom Callaway <[email protected]> - 86.0.4240.183-1
- update to 86.0.4240.183
* Mon Nov  2 2020 Tom Callaway <[email protected]> - 86.0.4240.111-2
- fix conditional typo that was causing console logging to be turned on
* Wed Oct 21 2020 Tom Callaway <[email protected]> - 86.0.4240.111-1
- update to 86.0.4240.111
* Tue Oct 20 2020 Tom Callaway <[email protected]> - 86.0.4240.75-2
- use bundled zlib/minizip on el7 (thanks Red Hat. :P)
* Wed Oct 14 2020 Tom Callaway <[email protected]> - 86.0.4240.75-1
- update to 86.0.4240.75
* Mon Sep 28 2020 Tom Callaway <[email protected]> - 85.0.4183.121-2
- rebuild for libevent
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1885883 - CVE-2020-15967 chromium-browser: Use after free in 
payments
        https://bugzilla.redhat.com/show_bug.cgi?id=1885883
  [ 2 ] Bug #1885884 - CVE-2020-15968 chromium-browser: Use after free in Blink
        https://bugzilla.redhat.com/show_bug.cgi?id=1885884
  [ 3 ] Bug #1885885 - CVE-2020-15969 chromium-browser: Use after free in WebRTC
        https://bugzilla.redhat.com/show_bug.cgi?id=1885885
  [ 4 ] Bug #1885886 - CVE-2020-15970 chromium-browser: Use after free in NFC
        https://bugzilla.redhat.com/show_bug.cgi?id=1885886
  [ 5 ] Bug #1885887 - CVE-2020-15971 chromium-browser: Use after free in 
printing
        https://bugzilla.redhat.com/show_bug.cgi?id=1885887
  [ 6 ] Bug #1885888 - CVE-2020-15972 chromium-browser: Use after free in audio
        https://bugzilla.redhat.com/show_bug.cgi?id=1885888
  [ 7 ] Bug #1885889 - CVE-2020-15990 chromium-browser: Use after free in 
autofill
        https://bugzilla.redhat.com/show_bug.cgi?id=1885889
  [ 8 ] Bug #1885890 - CVE-2020-15991 chromium-browser: Use after free in 
password manager
        https://bugzilla.redhat.com/show_bug.cgi?id=1885890
  [ 9 ] Bug #1885891 - CVE-2020-15973 chromium-browser: Insufficient policy 
enforcement in extensions
        https://bugzilla.redhat.com/show_bug.cgi?id=1885891
  [ 10 ] Bug #1885892 - CVE-2020-15974 chromium-browser: Integer overflow in 
Blink
        https://bugzilla.redhat.com/show_bug.cgi?id=1885892
  [ 11 ] Bug #1885893 - CVE-2020-15975 chromium-browser: Integer overflow in 
SwiftShader
        https://bugzilla.redhat.com/show_bug.cgi?id=1885893
  [ 12 ] Bug #1885894 - CVE-2020-15976 chromium-browser: Use after free in WebXR
        https://bugzilla.redhat.com/show_bug.cgi?id=1885894
  [ 13 ] Bug #1885896 - CVE-2020-6557 chromium-browser: Inappropriate 
implementation in networking
        https://bugzilla.redhat.com/show_bug.cgi?id=1885896
  [ 14 ] Bug #1885897 - CVE-2020-15977 chromium-browser: Insufficient data 
validation in dialogs
        https://bugzilla.redhat.com/show_bug.cgi?id=1885897
  [ 15 ] Bug #1885899 - CVE-2020-15978 chromium-browser: Insufficient data 
validation in navigation
        https://bugzilla.redhat.com/show_bug.cgi?id=1885899
  [ 16 ] Bug #1885901 - CVE-2020-15979 chromium-browser: Inappropriate 
implementation in V8
        https://bugzilla.redhat.com/show_bug.cgi?id=1885901
  [ 17 ] Bug #1885902 - CVE-2020-15980 chromium-browser: Insufficient policy 
enforcement in Intents
        https://bugzilla.redhat.com/show_bug.cgi?id=1885902
  [ 18 ] Bug #1885903 - CVE-2020-15981 chromium-browser: Out of bounds read in 
audio
        https://bugzilla.redhat.com/show_bug.cgi?id=1885903
  [ 19 ] Bug #1885904 - CVE-2020-15982 chromium-browser: Side-channel 
information leakage in cache
        https://bugzilla.redhat.com/show_bug.cgi?id=1885904
  [ 20 ] Bug #1885905 - CVE-2020-15983 chromium-browser: Insufficient data 
validation in webUI
        https://bugzilla.redhat.com/show_bug.cgi?id=1885905
  [ 21 ] Bug #1885906 - CVE-2020-15984 chromium-browser: Insufficient policy 
enforcement in Omnibox
        https://bugzilla.redhat.com/show_bug.cgi?id=1885906
  [ 22 ] Bug #1885907 - CVE-2020-15985 chromium-browser: Inappropriate 
implementation in Blink
        https://bugzilla.redhat.com/show_bug.cgi?id=1885907
  [ 23 ] Bug #1885908 - CVE-2020-15986 chromium-browser: Integer overflow in 
media
        https://bugzilla.redhat.com/show_bug.cgi?id=1885908
  [ 24 ] Bug #1885909 - CVE-2020-15987 chromium-browser: Use after free in 
WebRTC
        https://bugzilla.redhat.com/show_bug.cgi?id=1885909
  [ 25 ] Bug #1885910 - CVE-2020-15992 chromium-browser: Insufficient policy 
enforcement in networking
        https://bugzilla.redhat.com/show_bug.cgi?id=1885910
  [ 26 ] Bug #1885911 - CVE-2020-15988 chromium-browser: Insufficient policy 
enforcement in downloads
        https://bugzilla.redhat.com/show_bug.cgi?id=1885911
  [ 27 ] Bug #1885912 - CVE-2020-15989 chromium-browser: Uninitialized use in 
PDFium
        https://bugzilla.redhat.com/show_bug.cgi?id=1885912
  [ 28 ] Bug #1890266 - CVE-2020-16000 chromium-browser: Inappropriate 
implementation in Blink
        https://bugzilla.redhat.com/show_bug.cgi?id=1890266
  [ 29 ] Bug #1890267 - CVE-2020-16001 chromium-browser: Use after free in media
        https://bugzilla.redhat.com/show_bug.cgi?id=1890267
  [ 30 ] Bug #1890268 - CVE-2020-16002 chromium-browser: Use after free in 
PDFium
        https://bugzilla.redhat.com/show_bug.cgi?id=1890268
  [ 31 ] Bug #1890269 - CVE-2020-16003 chromium-browser: Use after free in 
printing
        https://bugzilla.redhat.com/show_bug.cgi?id=1890269
  [ 32 ] Bug #1894197 - CVE-2020-16004 chromium-browser: Use after free in user 
interface
        https://bugzilla.redhat.com/show_bug.cgi?id=1894197
  [ 33 ] Bug #1894198 - CVE-2020-16005 chromium-browser: Insufficient policy 
enforcement in ANGLE
        https://bugzilla.redhat.com/show_bug.cgi?id=1894198
  [ 34 ] Bug #1894199 - CVE-2020-16006 chromium-browser: Inappropriate 
implementation in V8
        https://bugzilla.redhat.com/show_bug.cgi?id=1894199
  [ 35 ] Bug #1894201 - CVE-2020-16008 chromium-browser: Stack buffer overflow 
in WebRTC
        https://bugzilla.redhat.com/show_bug.cgi?id=1894201
  [ 36 ] Bug #1894202 - CVE-2020-16009 chromium-browser: Inappropriate 
implementation in V8
        https://bugzilla.redhat.com/show_bug.cgi?id=1894202
  [ 37 ] Bug #1896641 - CVE-2020-16016 chromium-browser: Inappropriate 
implementation in base
        https://bugzilla.redhat.com/show_bug.cgi?id=1896641
  [ 38 ] Bug #1897206 - CVE-2020-16013 chromium-browser: Inappropriate 
implementation in V8
        https://bugzilla.redhat.com/show_bug.cgi?id=1897206
  [ 39 ] Bug #1897207 - CVE-2020-16017 chromium-browser: Use after free in site 
isolation
        https://bugzilla.redhat.com/show_bug.cgi?id=1897207
  [ 40 ] Bug #1899222 - CVE-2020-16018 chromium-browser: Use after free in 
payments
        https://bugzilla.redhat.com/show_bug.cgi?id=1899222
  [ 41 ] Bug #1899223 - CVE-2020-16019 chromium-browser: Inappropriate 
implementation in filesystem
        https://bugzilla.redhat.com/show_bug.cgi?id=1899223
  [ 42 ] Bug #1899224 - CVE-2020-16020 chromium-browser: Inappropriate 
implementation in cryptohome
        https://bugzilla.redhat.com/show_bug.cgi?id=1899224
  [ 43 ] Bug #1899225 - CVE-2020-16021 chromium-browser: Race in ImageBurner
        https://bugzilla.redhat.com/show_bug.cgi?id=1899225
  [ 44 ] Bug #1899226 - CVE-2020-16022 chromium-browser: Insufficient policy 
enforcement in networking
        https://bugzilla.redhat.com/show_bug.cgi?id=1899226
  [ 45 ] Bug #1899227 - CVE-2020-16015 chromium-browser: Insufficient data 
validation in WASM
        https://bugzilla.redhat.com/show_bug.cgi?id=1899227
  [ 46 ] Bug #1899228 - CVE-2020-16014 chromium-browser: Use after free in PPAPI
        https://bugzilla.redhat.com/show_bug.cgi?id=1899228
  [ 47 ] Bug #1899229 - CVE-2020-16023 chromium-browser: Use after free in 
WebCodecs
        https://bugzilla.redhat.com/show_bug.cgi?id=1899229
  [ 48 ] Bug #1899230 - CVE-2020-16024 chromium-browser: Heap buffer overflow 
in UI
        https://bugzilla.redhat.com/show_bug.cgi?id=1899230
  [ 49 ] Bug #1899231 - CVE-2020-16025 chromium-browser: Heap buffer overflow 
in clipboard
        https://bugzilla.redhat.com/show_bug.cgi?id=1899231
  [ 50 ] Bug #1899232 - CVE-2020-16026 chromium-browser: Use after free in 
WebRTC
        https://bugzilla.redhat.com/show_bug.cgi?id=1899232
  [ 51 ] Bug #1899233 - CVE-2020-16027 chromium-browser: Insufficient policy 
enforcement in developer tools
        https://bugzilla.redhat.com/show_bug.cgi?id=1899233
  [ 52 ] Bug #1899234 - CVE-2020-16028 chromium-browser: Heap buffer overflow 
in WebRTC
        https://bugzilla.redhat.com/show_bug.cgi?id=1899234
  [ 53 ] Bug #1899235 - CVE-2020-16029 chromium-browser: Inappropriate 
implementation in PDFium
        https://bugzilla.redhat.com/show_bug.cgi?id=1899235
  [ 54 ] Bug #1899237 - CVE-2020-16030 chromium-browser: Insufficient data 
validation in Blink
        https://bugzilla.redhat.com/show_bug.cgi?id=1899237
  [ 55 ] Bug #1899239 - CVE-2019-8075 flash-plugin: Same origin policy bypass 
leading to information disclosure
        https://bugzilla.redhat.com/show_bug.cgi?id=1899239
  [ 56 ] Bug #1899240 - CVE-2020-16031 chromium-browser: Incorrect security UI 
in tab preview
        https://bugzilla.redhat.com/show_bug.cgi?id=1899240
  [ 57 ] Bug #1899241 - CVE-2020-16032 chromium-browser: Incorrect security UI 
in sharing
        https://bugzilla.redhat.com/show_bug.cgi?id=1899241
  [ 58 ] Bug #1899242 - CVE-2020-16033 chromium-browser: Incorrect security UI 
in WebUSB
        https://bugzilla.redhat.com/show_bug.cgi?id=1899242
  [ 59 ] Bug #1899243 - CVE-2020-16034 chromium-browser: Inappropriate 
implementation in WebRTC
        https://bugzilla.redhat.com/show_bug.cgi?id=1899243
  [ 60 ] Bug #1899244 - CVE-2020-16035 chromium-browser: Insufficient data 
validation in cros-disks
        https://bugzilla.redhat.com/show_bug.cgi?id=1899244
  [ 61 ] Bug #1899245 - CVE-2020-16036 chromium-browser: Inappropriate 
implementation in cookies
        https://bugzilla.redhat.com/show_bug.cgi?id=1899245
  [ 62 ] Bug #1904510 - CVE-2020-16037 chromium-browser: Use after free in 
clipboard
        https://bugzilla.redhat.com/show_bug.cgi?id=1904510
  [ 63 ] Bug #1904511 - CVE-2020-16038 chromium-browser: Use after free in media
        https://bugzilla.redhat.com/show_bug.cgi?id=1904511
  [ 64 ] Bug #1904512 - CVE-2020-16039 chromium-browser: Use after free in 
extensions
        https://bugzilla.redhat.com/show_bug.cgi?id=1904512
  [ 65 ] Bug #1904513 - CVE-2020-16040 chromium-browser: Insufficient data 
validation in V8
        https://bugzilla.redhat.com/show_bug.cgi?id=1904513
  [ 66 ] Bug #1904514 - CVE-2020-16041 chromium-browser: Out of bounds read in 
networking
        https://bugzilla.redhat.com/show_bug.cgi?id=1904514
  [ 67 ] Bug #1904515 - CVE-2020-16042 chromium-browser: Uninitialized Use in V8
        https://bugzilla.redhat.com/show_bug.cgi?id=1904515
--------------------------------------------------------------------------------

This update can be installed with the "yum" update programs.  Use
su -c 'yum update chromium' at the command line.
For more information, refer to "YUM", available at
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7\
/html/System_Administrators_Guide/ch-yum.html

All packages are signed with the Fedora EPEL GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
epel-package-announce mailing list -- 
[email protected]
To unsubscribe send an email to 
[email protected]
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/[email protected]

Reply via email to