-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2016-2e50862950 2016-10-12 18:56:55.304630 --------------------------------------------------------------------------------
Name : chromium Product : Fedora 23 Version : 53.0.2785.143 Release : 1.fc23 URL : http://www.chromium.org/Home Summary : A WebKit (Blink) powered web browser Description : Chromium is an open-source web browser, powered by WebKit (Blink). -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2016-5177, CVE-2016-5178 https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for- desktop_29.html ---- Update to 53.0.2785.116. https://chromium.googlesource.c om/chromium/src/+log/53.0.2785.113..53.0.2785.116?pretty=fuller&n=10000 ---- Update to 53.0.2785.113 Security fix for CVE-2016-5170, CVE-2016-5171, CVE-2016-5172, CVE-2016-5173, CVE-2016-5174, CVE-2016-5175 ---- Stable update to 53.0.2785.101. Security fix for CVE-2016-5147, CVE-2016-5148, CVE-2016-5149, CVE-2016-5150, CVE-2016-5151, CVE-2016-5152, CVE-2016-5153, CVE-2016-5154, CVE-2016-5155, CVE-2016-5156, CVE-2016-5157, CVE-2016-5158, CVE-2016-5159, CVE-2016-5161, CVE-2016-5162, CVE-2016-5163, CVE-2016-5164, CVE-2016-5165, CVE-2016-5166, CVE-2016-5160, CVE-2016-5167 Also applies fix for chrome-remote- desktop where HOME env variable was not properly set via systemd service. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1380632 - CVE-2016-5178 chromium-browser: various fixes from internal audits https://bugzilla.redhat.com/show_bug.cgi?id=1380632 [ 2 ] Bug #1380631 - CVE-2016-5177 chromium-browser: use after free in v8 https://bugzilla.redhat.com/show_bug.cgi?id=1380631 [ 3 ] Bug #1375868 - CVE-2016-5175 chromium-browser: various fixes from internal audits https://bugzilla.redhat.com/show_bug.cgi?id=1375868 [ 4 ] Bug #1375867 - CVE-2016-5174 chromium-browser: popup not correctly suppressed https://bugzilla.redhat.com/show_bug.cgi?id=1375867 [ 5 ] Bug #1375866 - CVE-2016-5173 chromium-browser: extension resource access https://bugzilla.redhat.com/show_bug.cgi?id=1375866 [ 6 ] Bug #1375865 - CVE-2016-5172 chromium-browser: arbitrary memory read in v8 https://bugzilla.redhat.com/show_bug.cgi?id=1375865 [ 7 ] Bug #1375864 - CVE-2016-5171 chromium-browser: use after free in blink https://bugzilla.redhat.com/show_bug.cgi?id=1375864 [ 8 ] Bug #1375863 - CVE-2016-5170 chromium-browser: use after free in blink https://bugzilla.redhat.com/show_bug.cgi?id=1375863 [ 9 ] Bug #1372229 - CVE-2016-5167 chromium-browser: various fixes from internal audits https://bugzilla.redhat.com/show_bug.cgi?id=1372229 [ 10 ] Bug #1372228 - CVE-2016-5160 chromium-browser: extensions web accessible resources bypass https://bugzilla.redhat.com/show_bug.cgi?id=1372228 [ 11 ] Bug #1372227 - CVE-2016-5166 chromium-browser: smb relay attack via save page as https://bugzilla.redhat.com/show_bug.cgi?id=1372227 [ 12 ] Bug #1372225 - CVE-2016-5165 chromium-browser: script injection in devtools https://bugzilla.redhat.com/show_bug.cgi?id=1372225 [ 13 ] Bug #1372224 - CVE-2016-5164 chromium-browser: universal xss using devtools https://bugzilla.redhat.com/show_bug.cgi?id=1372224 [ 14 ] Bug #1372223 - CVE-2016-5163 chromium-browser: address bar spoofing https://bugzilla.redhat.com/show_bug.cgi?id=1372223 [ 15 ] Bug #1372222 - CVE-2016-5162 chromium-browser: extensions web accessible resources bypass https://bugzilla.redhat.com/show_bug.cgi?id=1372222 [ 16 ] Bug #1372221 - CVE-2016-5161 chromium-browser: type confusion in blink https://bugzilla.redhat.com/show_bug.cgi?id=1372221 [ 17 ] Bug #1372220 - CVE-2016-5159 chromium-browser: heap overflow in pdfium https://bugzilla.redhat.com/show_bug.cgi?id=1372220 [ 18 ] Bug #1372219 - CVE-2016-5158 chromium-browser: heap overflow in pdfium https://bugzilla.redhat.com/show_bug.cgi?id=1372219 [ 19 ] Bug #1372218 - CVE-2016-5157 chromium-browser: heap overflow in pdfium https://bugzilla.redhat.com/show_bug.cgi?id=1372218 [ 20 ] Bug #1372217 - CVE-2016-5156 chromium-browser: use after free in event bindings https://bugzilla.redhat.com/show_bug.cgi?id=1372217 [ 21 ] Bug #1372216 - CVE-2016-5155 chromium-browser: address bar spoofing https://bugzilla.redhat.com/show_bug.cgi?id=1372216 [ 22 ] Bug #1372215 - CVE-2016-5154 chromium-browser: heap overflow in pdfium https://bugzilla.redhat.com/show_bug.cgi?id=1372215 [ 23 ] Bug #1372214 - CVE-2016-5153 chromium-browser: use after destruction in blink https://bugzilla.redhat.com/show_bug.cgi?id=1372214 [ 24 ] Bug #1372213 - CVE-2016-5152 chromium-browser: heap overflow in pdfium https://bugzilla.redhat.com/show_bug.cgi?id=1372213 [ 25 ] Bug #1372212 - CVE-2016-5151 chromium-browser: use after free in pdfium https://bugzilla.redhat.com/show_bug.cgi?id=1372212 [ 26 ] Bug #1372210 - CVE-2016-5150 chromium-browser: use after free in blink https://bugzilla.redhat.com/show_bug.cgi?id=1372210 [ 27 ] Bug #1372209 - CVE-2016-5149 chromium-browser: script injection in extensions https://bugzilla.redhat.com/show_bug.cgi?id=1372209 [ 28 ] Bug #1372208 - CVE-2016-5148 chromium-browser: universal xss in blink https://bugzilla.redhat.com/show_bug.cgi?id=1372208 [ 29 ] Bug #1372207 - CVE-2016-5147 chromium-browser: universal xss in blink https://bugzilla.redhat.com/show_bug.cgi?id=1372207 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update chromium' at the command line. For more information, refer to "Managing Software with yum", available at https://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-le...@lists.fedoraproject.org