You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa chromium

Sigurnosni nedostaci programskog paketa chromium

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LFE

——————————————————————————–
Fedora Update Notification
FEDORA-2019-1a10c04281
2019-12-18 01:52:04.721318
——————————————————————————–

Name : chromium
Product : Fedora 31
Version : 79.0.3945.79
Release : 1.fc31
URL : http://www.chromium.org/Home
Summary : A WebKit (Blink) powered web browser
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).

——————————————————————————–
Update Information:

Update to Chromium 79. Fixes the usual giant pile of bugs and security issues.
This time, the list is: CVE-2019-13725 CVE-2019-13726 CVE-2019-13727
CVE-2019-13728 CVE-2019-13729 CVE-2019-13730 CVE-2019-13732 CVE-2019-13734
CVE-2019-13735 CVE-2019-13764 CVE-2019-13736 CVE-2019-13737 CVE-2019-13738
CVE-2019-13739 CVE-2019-13740 CVE-2019-13741 CVE-2019-13742 CVE-2019-13743
CVE-2019-13744 CVE-2019-13745 CVE-2019-13746 CVE-2019-13747 CVE-2019-13748
CVE-2019-13749 CVE-2019-13750 CVE-2019-13751 CVE-2019-13752 CVE-2019-13753
CVE-2019-13754 CVE-2019-13755 CVE-2019-13756 CVE-2019-13757 CVE-2019-13758
CVE-2019-13759 CVE-2019-13761 CVE-2019-13762 CVE-2019-13763
——————————————————————————–
ChangeLog:

* Tue Dec 10 2019 Tom Callaway <spot@fedoraproject.org> – 79.0.3945.79-1
– update to 79.0.3945.79
* Wed Dec 4 2019 Tom Callaway <spot@fedoraproject.org> – 79.0.3945.56-2
– fix lib provides filtering
* Tue Dec 3 2019 Tom Callaway <spot@fedoraproject.org> – 79.0.3945.56-1
– update to current beta (rawhide only)
– switch to upstream patch for clock_nanosleep fix
* Mon Nov 25 2019 Tom Callaway <spot@fedoraproject.org> – 78.0.3904.108-1
– update to 78.0.3904.108
* Sun Nov 17 2019 Tom Callaway <spot@fedoraproject.org> – 78.0.3904.97-2
– allow clock_nanosleep through seccomp (bz #1773289)
* Thu Nov 7 2019 Tom Callaway <spot@fedoraproject.org> – 78.0.3904.97-1
– update to 78.0.3904.97
* Fri Nov 1 2019 Tom Callaway <spot@fedoraproject.org> – 78.0.3904.87-1
– update to 78.0.3904.87
– apply most of the freeworld changes in PR 23/24/25
* Wed Oct 23 2019 Tom Callaway <spot@fedoraproject.org> – 78.0.3904.80-1
– update to 78.0.3904.80
* Wed Oct 16 2019 Tom Callaway <spot@fedoraproject.org> – 77.0.3865.120-4
– upstream fix for zlib symbol exports with gcc
* Wed Oct 16 2019 Tom Callaway <spot@fedoraproject.org> – 77.0.3865.120-3
– silence outdated build noise (bz1745745)
* Tue Oct 15 2019 Tom Callaway <spot@fedoraproject.org> – 77.0.3865.120-2
– fix node handling for EPEL-8
* Mon Oct 14 2019 Tomas Popela <tpopela@redhat.com> – 77.0.3865.120-1
– Update to 77.0.3865.120
* Thu Oct 10 2019 Tom Callaway <spot@fedoraproject.org> – 77.0.3865.90-4
– enable aarch64 for EPEL-8
* Wed Oct 9 2019 Tom Callaway <spot@fedoraproject.org> – 77.0.3865.90-3
– spec cleanups and changes to make EPEL8 try to build
——————————————————————————–
References:

[ 1 ] Bug #1782008 – CVE-2019-13763 chromium-browser: Insufficient policy enforcement in payments
https://bugzilla.redhat.com/show_bug.cgi?id=1782008
[ 2 ] Bug #1782007 – CVE-2019-13762 chromium-browser: Insufficient policy enforcement in downloads
https://bugzilla.redhat.com/show_bug.cgi?id=1782007
[ 3 ] Bug #1782006 – CVE-2019-13761 chromium-browser: Incorrect security UI in Omnibox
https://bugzilla.redhat.com/show_bug.cgi?id=1782006
[ 4 ] Bug #1782005 – CVE-2019-13759 chromium-browser: Incorrect security UI in interstitials
https://bugzilla.redhat.com/show_bug.cgi?id=1782005
[ 5 ] Bug #1782004 – CVE-2019-13757 chromium-browser: Incorrect security UI in Omnibox
https://bugzilla.redhat.com/show_bug.cgi?id=1782004
[ 6 ] Bug #1782000 – CVE-2019-13753 sqlite: fts3: incorrectly removed corruption check
https://bugzilla.redhat.com/show_bug.cgi?id=1782000
[ 7 ] Bug #1782003 – CVE-2019-13756 chromium-browser: Incorrect security UI in printing
https://bugzilla.redhat.com/show_bug.cgi?id=1782003
[ 8 ] Bug #1782002 – CVE-2019-13755 chromium-browser: Insufficient policy enforcement in extensions
https://bugzilla.redhat.com/show_bug.cgi?id=1782002
[ 9 ] Bug #1782001 – CVE-2019-13754 chromium-browser: Insufficient policy enforcement in extensions
https://bugzilla.redhat.com/show_bug.cgi?id=1782001
[ 10 ] Bug #1781998 – CVE-2019-13751 sqlite: fts3: improve detection of corrupted records
https://bugzilla.redhat.com/show_bug.cgi?id=1781998
[ 11 ] Bug #1781999 – CVE-2019-13752 sqlite: fts3: improve shadow table corruption detection
https://bugzilla.redhat.com/show_bug.cgi?id=1781999
[ 12 ] Bug #1781995 – CVE-2019-13749 chromium-browser: Incorrect security UI in Omnibox
https://bugzilla.redhat.com/show_bug.cgi?id=1781995
[ 13 ] Bug #1781993 – CVE-2019-13747 chromium-browser: Uninitialized Use in rendering
https://bugzilla.redhat.com/show_bug.cgi?id=1781993
[ 14 ] Bug #1781997 – CVE-2019-13750 sqlite: dropping of shadow tables not restricted in defensive mode
https://bugzilla.redhat.com/show_bug.cgi?id=1781997
[ 15 ] Bug #1781992 – CVE-2019-13746 chromium-browser: Insufficient policy enforcement in Omnibox
https://bugzilla.redhat.com/show_bug.cgi?id=1781992
[ 16 ] Bug #1781994 – CVE-2019-13748 chromium-browser: Insufficient policy enforcement in developer tools
https://bugzilla.redhat.com/show_bug.cgi?id=1781994
[ 17 ] Bug #1781991 – CVE-2019-13745 chromium-browser: Insufficient policy enforcement in audio
https://bugzilla.redhat.com/show_bug.cgi?id=1781991
[ 18 ] Bug #1781990 – CVE-2019-13743 chromium-browser: Incorrect security UI in external protocol handling
https://bugzilla.redhat.com/show_bug.cgi?id=1781990
[ 19 ] Bug #1781987 – CVE-2019-13740 chromium-browser: Incorrect security UI in sharing
https://bugzilla.redhat.com/show_bug.cgi?id=1781987
[ 20 ] Bug #1781989 – CVE-2019-13742 chromium-browser: Incorrect security UI in Omnibox
https://bugzilla.redhat.com/show_bug.cgi?id=1781989
[ 21 ] Bug #1781988 – CVE-2019-13741 chromium-browser: Insufficient validation of untrusted input in Blink
https://bugzilla.redhat.com/show_bug.cgi?id=1781988
[ 22 ] Bug #1781986 – CVE-2019-13739 chromium-browser: Incorrect security UI in Omnibox
https://bugzilla.redhat.com/show_bug.cgi?id=1781986
[ 23 ] Bug #1781985 – CVE-2019-13738 chromium-browser: Insufficient policy enforcement in navigation
https://bugzilla.redhat.com/show_bug.cgi?id=1781985
[ 24 ] Bug #1781983 – CVE-2019-13736 chromium-browser: Integer overflow in PDFium
https://bugzilla.redhat.com/show_bug.cgi?id=1781983
[ 25 ] Bug #1781984 – CVE-2019-13737 chromium-browser: Insufficient policy enforcement in autocomplete
https://bugzilla.redhat.com/show_bug.cgi?id=1781984
[ 26 ] Bug #1781980 – CVE-2019-13734 sqlite: fts3: improve shadow table corruption detection
https://bugzilla.redhat.com/show_bug.cgi?id=1781980
[ 27 ] Bug #1781982 – CVE-2019-13764 chromium-browser: Type Confusion in V8
https://bugzilla.redhat.com/show_bug.cgi?id=1781982
[ 28 ] Bug #1781981 – CVE-2019-13735 chromium-browser: Out of bounds write in V8
https://bugzilla.redhat.com/show_bug.cgi?id=1781981
[ 29 ] Bug #1781979 – CVE-2019-13732 chromium-browser: Use after free in WebAudio
https://bugzilla.redhat.com/show_bug.cgi?id=1781979
[ 30 ] Bug #1781978 – CVE-2019-13730 chromium-browser: Type Confusion in V8
https://bugzilla.redhat.com/show_bug.cgi?id=1781978
[ 31 ] Bug #1781974 – CVE-2019-13726 chromium-browser: Heap buffer overflow in password manager
https://bugzilla.redhat.com/show_bug.cgi?id=1781974
[ 32 ] Bug #1781975 – CVE-2019-13727 chromium-browser: Insufficient policy enforcement in WebSockets
https://bugzilla.redhat.com/show_bug.cgi?id=1781975
[ 33 ] Bug #1781976 – CVE-2019-13728 chromium-browser: Out of bounds write in V8
https://bugzilla.redhat.com/show_bug.cgi?id=1781976
[ 34 ] Bug #1781977 – CVE-2019-13729 chromium-browser: Use after free in WebSockets
https://bugzilla.redhat.com/show_bug.cgi?id=1781977
[ 35 ] Bug #1781973 – CVE-2019-13725 chromium-browser: Use after free in Bluetooth
https://bugzilla.redhat.com/show_bug.cgi?id=1781973
[ 36 ] Bug #1782021 – CVE-2019-13744 chromium-browser: Insufficient policy enforcement in cookies
https://bugzilla.redhat.com/show_bug.cgi?id=1782021
[ 37 ] Bug #1782017 – CVE-2019-13758 chromium-browser: Insufficient policy enforcement in navigation
https://bugzilla.redhat.com/show_bug.cgi?id=1782017
——————————————————————————–

This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade –advisory FEDORA-2019-1a10c04281’ at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list — package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org

AutorToni Vugdelija
Cert idNCERT-REF-2019-12-0001-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
IzvorAdobe
Top
More in Preporuke
Sigurnosni nedostatak programske biblioteke libssh

Otkriven je sigurnosni nedostatak programske biblioteke libssh za operacijski sustav Fedora. Otkriveni nedostatak potencijalnim napadačima omogućuje izvršavanje proizvoljnog programskog koda....

Close