Fedora Linux 8552 Published by

To address security issues, updated Chromium and Poppler packages are now available for Fedora Linux 37:

Fedora 37 Update: chromium-119.0.6045.199-1.fc37
Fedora 37 Update: poppler-22.08.0-5.fc37




Fedora 37 Update: chromium-119.0.6045.199-1.fc37


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2023-ceaa6b19c1
2023-12-05 16:27:20.051939
--------------------------------------------------------------------------------

Name : chromium
Product : Fedora 37
Version : 119.0.6045.199
Release : 1.fc37
URL : http://www.chromium.org/Home
Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).

--------------------------------------------------------------------------------
Update Information:

update to 119.0.6045.199, upstream security release * High CVE-2023-6345:
Integer overflow in Skia * High CVE-2023-6346: Use after free in WebAudio * High
CVE-2023-6347: Use after free in Mojo * High CVE-2023-6348: Type Confusion in
Spellcheck * High CVE-2023-6350: Out of bounds memory access in libavif * High
CVE-2023-6351: Use after free in libavif
--------------------------------------------------------------------------------
ChangeLog:

* Wed Nov 29 2023 Than Ngo [than@redhat.com] - 119.0.6045.199-1
- update to 119.0.6045.199
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2023-ceaa6b19c1' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 37 Update: poppler-22.08.0-5.fc37


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2023-f0be0daaa5
2023-12-05 16:27:20.051810
--------------------------------------------------------------------------------

Name : poppler
Product : Fedora 37
Version : 22.08.0
Release : 5.fc37
URL : http://poppler.freedesktop.org/
Summary : PDF rendering library
Description :
poppler is a PDF rendering library.

--------------------------------------------------------------------------------
Update Information:

Security fix for CVE-2023-34872.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Nov 21 2023 Marek Kasik [mkasik@redhat.com] - 22.08.0-5
- Fix a crash on malformed files
- Resolves: #2250823
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2227884 - CVE-2023-34872 poppler: Denial of Service (DoS) (crash) via a crafted PDF file in OutlineItem::open.
https://bugzilla.redhat.com/show_bug.cgi?id=2227884
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2023-f0be0daaa5' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--