[FEDORA-2020-4e8e48da22] Fedora 33: chromium
Severity
High
Affected Packages
1
CVEs
36
Update to 86.0.4240.183. Fixes the following security issues: CVE-2020-16004
CVE-2020-16005 CVE-2020-16006 CVE-2020-16008 CVE-2020-16009 Also disables the
very verbose output going to stdout. ---- Update to Chromium 86. A few big
things here: 1. Upstream has made hardware accelerated video support (VAAPI)
for Linux possible without patches. One key difference is that the patchset used
previously in Fedora enabled it by default and upstream's approach disables it
by default. To enable Hardware accelerated video in chromium, open this link in
chromium: chrome://flags/#enable-accelerated-video-decode Be sure it is turned
on. Note that not all GPUs are supported. 2. All the security fixes you expect
with a major release: CVE-2020-15967 CVE-2020-15968 CVE-2020-15969
CVE-2020-15970 CVE-2020-15971 CVE-2020-15972 CVE-2020-15990 CVE-2020-15991
CVE-2020-15973 CVE-2020-15974 CVE-2020-15975 CVE-2020-15976 CVE-2020-6557
CVE-2020-15977 CVE-2020-15978 CVE-2020-15979 CVE-2020-15980 CVE-2020-15981
CVE-2020-15982 CVE-2020-15983 CVE-2020-15984 CVE-2020-15985 CVE-2020-15986
CVE-2020-15987 CVE-2020-15992 CVE-2020-15988 CVE-2020-15989 CVE-2020-16000
CVE-2020-16001 CVE-2020-16002 CVE-2020-16003 3. Without bats acting as
pollinators, agave and cacao plants would struggle. That means that bats are
responsible for tequila and chocolate.
| Package | Affected Version |
|---|---|
 pkg:rpm/fedora/chromium?distro=fedora-33
|
< 86.0.4240.183.1.fc33 |
- ID
- FEDORA-2020-4e8e48da22
- Severity
- high
- Severity from
- CVE-2020-16004
- URL
- https://bodhi.fedoraproject.org/updates/FEDORA-2020-4e8e48da22
- Published
-
2020-11-14T01:13:13
(3 years ago) - Modified
-
2020-11-14T01:13:13
(3 years ago) - Rights
- Copyright 2020 Red Hat, Inc.
- Other Advisories
-
-
ALAS2-2020-1572
-
ALPINE:CVE-2020-15969
-
ASA-202010-1
-
ASA-202011-1
-
ASA-202011-2
-
CISA-2021:1103
-
DSA-4778-1
-
DSA-4780-1
-
DSA-4824-1
-
ELSA-2020-4310
-
ELSA-2020-4317
-
ELSA-2020-4909
-
ELSA-2020-4913
-
ELSA-2020-4947
-
FEDORA-2020-127d40f1ab
-
FEDORA-2020-3e005ce2e0
-
FEDORA-2020-8aca25b5c8
-
FREEBSD:3EC6AB59-1E0C-11EB-A428-3065EC8FD3EC
-
FREEBSD:64988354-0889-11EB-A01B-E09467587C17
-
FREEBSD:BED5D41A-F2B4-11EA-A878-E09467587C17
-
FREEBSD:F4722927-1375-11EB-8711-3065EC8FD3EC
-
GLSA-202010-01
-
GLSA-202010-08
-
GLSA-202011-12
-
GLSA-202101-30
-
MFSA-2020-45
-
MFSA-2020-46
-
MFSA-2020-47
-
openSUSE-SU-2020:1705-1
-
openSUSE-SU-2020:1715-1
-
openSUSE-SU-2020:1718-1
-
openSUSE-SU-2020:1731-1
-
openSUSE-SU-2020:1732-1
-
openSUSE-SU-2020:1737-1
-
openSUSE-SU-2020:1748-1
-
openSUSE-SU-2020:1780-1
-
openSUSE-SU-2020:1785-1
-
openSUSE-SU-2020:1829-1
-
openSUSE-SU-2020:1831-1
-
openSUSE-SU-2020:1937-1
-
openSUSE-SU-2020:1952-1
-
RHSA-2020:4235
-
RHSA-2020:4310
-
RHSA-2020:4317
-
RHSA-2020:4330
-
RHSA-2020:4351
-
RHSA-2020:4909
-
RHSA-2020:4913
-
RHSA-2020:4947
-
RHSA-2020:4974
-
SUSE-SU-2020:3021-1
-
SUSE-SU-2020:3022-1
-
SUSE-SU-2020:3053-1
-
SUSE-SU-2020:3091-1
-
USN-4599-1
-
USN-4599-2
-
USN-4647-1
-
| Source | # ID | Name | URL |
|---|---|---|---|
| Bugzilla | 1885894 | Bug #1885894 - CVE-2020-15976 chromium-browser: Use after free in WebXR |
|
| Bugzilla | 1885906 | Bug #1885906 - CVE-2020-15984 chromium-browser: Insufficient policy enforcement in Omnibox |
|
| Bugzilla | 1885892 | Bug #1885892 - CVE-2020-15974 chromium-browser: Integer overflow in Blink |
|
| Bugzilla | 1885889 | Bug #1885889 - CVE-2020-15990 chromium-browser: Use after free in autofill |
|
| Bugzilla | 1890268 | Bug #1890268 - CVE-2020-16002 chromium-browser: Use after free in PDFium |
|
| Bugzilla | 1885890 | Bug #1885890 - CVE-2020-15991 chromium-browser: Use after free in password manager |
|
| Bugzilla | 1885907 | Bug #1885907 - CVE-2020-15985 chromium-browser: Inappropriate implementation in Blink |
|
| Bugzilla | 1885909 | Bug #1885909 - CVE-2020-15987 chromium-browser: Use after free in WebRTC |
|
| Bugzilla | 1894198 | Bug #1894198 - CVE-2020-16005 chromium-browser: Insufficient policy enforcement in ANGLE |
|
| Bugzilla | 1885896 | Bug #1885896 - CVE-2020-6557 chromium-browser: Inappropriate implementation in networking |
|
| Bugzilla | 1885905 | Bug #1885905 - CVE-2020-15983 chromium-browser: Insufficient data validation in webUI |
|
| Bugzilla | 1885904 | Bug #1885904 - CVE-2020-15982 chromium-browser: Side-channel information leakage in cache |
|
| Bugzilla | 1885902 | Bug #1885902 - CVE-2020-15980 chromium-browser: Insufficient policy enforcement in Intents |
|
| Bugzilla | 1885910 | Bug #1885910 - CVE-2020-15992 chromium-browser: Insufficient policy enforcement in networking |
|
| Bugzilla | 1885886 | Bug #1885886 - CVE-2020-15970 chromium-browser: Use after free in NFC |
|
| Bugzilla | 1885899 | Bug #1885899 - CVE-2020-15978 chromium-browser: Insufficient data validation in navigation |
|
| Bugzilla | 1885903 | Bug #1885903 - CVE-2020-15981 chromium-browser: Out of bounds read in audio |
|
| Bugzilla | 1885908 | Bug #1885908 - CVE-2020-15986 chromium-browser: Integer overflow in media |
|
| Bugzilla | 1885888 | Bug #1885888 - CVE-2020-15972 chromium-browser: Use after free in audio |
|
| Bugzilla | 1894202 | Bug #1894202 - CVE-2020-16009 chromium-browser: Inappropriate implementation in V8 |
|
| Bugzilla | 1885885 | Bug #1885885 - CVE-2020-15969 chromium-browser: Use after free in WebRTC |
|
| Bugzilla | 1885911 | Bug #1885911 - CVE-2020-15988 chromium-browser: Insufficient policy enforcement in downloads |
|
| Bugzilla | 1894201 | Bug #1894201 - CVE-2020-16008 chromium-browser: Stack buffer overflow in WebRTC |
|
| Bugzilla | 1894199 | Bug #1894199 - CVE-2020-16006 chromium-browser: Inappropriate implementation in V8 |
|
| Bugzilla | 1885883 | Bug #1885883 - CVE-2020-15967 chromium-browser: Use after free in payments |
|
| Bugzilla | 1890267 | Bug #1890267 - CVE-2020-16001 chromium-browser: Use after free in media |
|
| Bugzilla | 1885901 | Bug #1885901 - CVE-2020-15979 chromium-browser: Inappropriate implementation in V8 |
|
| Bugzilla | 1885912 | Bug #1885912 - CVE-2020-15989 chromium-browser: Uninitialized use in PDFium |
|
| Bugzilla | 1885897 | Bug #1885897 - CVE-2020-15977 chromium-browser: Insufficient data validation in dialogs |
|
| Bugzilla | 1885893 | Bug #1885893 - CVE-2020-15975 chromium-browser: Integer overflow in SwiftShader |
|
| Bugzilla | 1890266 | Bug #1890266 - CVE-2020-16000 chromium-browser: Inappropriate implementation in Blink |
|
| Bugzilla | 1885891 | Bug #1885891 - CVE-2020-15973 chromium-browser: Insufficient policy enforcement in extensions |
|
| Bugzilla | 1890269 | Bug #1890269 - CVE-2020-16003 chromium-browser: Use after free in printing |
|
| Bugzilla | 1894197 | Bug #1894197 - CVE-2020-16004 chromium-browser: Use after free in user interface |
|
| Bugzilla | 1885884 | Bug #1885884 - CVE-2020-15968 chromium-browser: Use after free in Blink |
|
| Bugzilla | 1885887 | Bug #1885887 - CVE-2020-15971 chromium-browser: Use after free in printing |
|
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:rpm/fedora/chromium?distro=fedora-33 | fedora |
chromium
|
< 86.0.4240.183.1.fc33 | fedora-33 |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |