Fedora Linux 8791 Published by

Updated chromium packages are available for Fedora Linux 40:

[SECURITY] Fedora 40 Update: chromium-127.0.6533.99-1.fc40




[SECURITY] Fedora 40 Update: chromium-127.0.6533.99-1.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-0462a59d45
2024-08-14 06:25:46.410181
--------------------------------------------------------------------------------

Name : chromium
Product : Fedora 40
Version : 127.0.6533.99
Release : 1.fc40
URL : http://www.chromium.org/Home
Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).

--------------------------------------------------------------------------------
Update Information:

Update to 127.0.6533.99
* Critical CVE-2024-7532: Out of bounds memory access in ANGLE
* High CVE-2024-7533: Use after free in Sharing
* High CVE-2024-7550: Type Confusion in V8
* High CVE-2024-7534: Heap buffer overflow in Layout
* High CVE-2024-7535: Inappropriate implementation in V8
* High CVE-2024-7536: Use after free in WebAudio
--------------------------------------------------------------------------------
ChangeLog:

* Wed Aug 7 2024 Than Ngo [than@redhat.com] - 127.0.6533.99-1
- update to 127.0.6533.99
* Critical CVE-2024-7532: Out of bounds memory access in ANGLE
* High CVE-2024-7533: Use after free in Sharing
* High CVE-2024-7550: Type Confusion in V8
* High CVE-2024-7534: Heap buffer overflow in Layout
* High CVE-2024-7535: Inappropriate implementation in V8
* High CVE-2024-7536: Use after free in WebAudio
* Tue Aug 6 2024 Than Ngo [than@redhat.com] - 127.0.6533.88-3
- fix rhbz#2294773 - Allow enabling vulkan on ozone wayland for AMD vaapi
- add ppc64le patch to fix runtime assertion trap on ppc64el systems
- refresh ppc64le patch to work around broken 64k allocator code on arm64
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2303050 - CVE-2024-7055 chromium: From NVD collector [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2303050
[ 2 ] Bug #2303343 - CVE-2024-6988 chromium: Use after free in Downloads [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2303343
[ 3 ] Bug #2303344 - CVE-2024-6988 chromium: Use after free in Downloads [fedora-39]
https://bugzilla.redhat.com/show_bug.cgi?id=2303344
[ 4 ] Bug #2303345 - CVE-2024-6988 chromium: Use after free in Downloads [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2303345
[ 5 ] Bug #2303348 - CVE-2024-7533 chromium: Use after free in Sharing [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2303348
[ 6 ] Bug #2303349 - CVE-2024-7533 chromium: Use after free in Sharing [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2303349
[ 7 ] Bug #2303350 - CVE-2024-7550 chromium: Type Confusion in V8 [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2303350
[ 8 ] Bug #2303351 - CVE-2024-7550 chromium: Type Confusion in V8 [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2303351
[ 9 ] Bug #2303352 - CVE-2024-7534 chromium: Heap buffer overflow in Layout [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2303352
[ 10 ] Bug #2303353 - CVE-2024-7534 chromium: Heap buffer overflow in Layout [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2303353
[ 11 ] Bug #2303354 - CVE-2024-6989 chromium: Use after free in Loader [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2303354
[ 12 ] Bug #2303355 - CVE-2024-6989 chromium: Use after free in Loader [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2303355
[ 13 ] Bug #2303356 - CVE-2024-7535 chromium: Inappropriate implementation in V8 [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2303356
[ 14 ] Bug #2303357 - CVE-2024-7535 chromium: Inappropriate implementation in V8 [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2303357
[ 15 ] Bug #2303359 - CVE-2024-7536 chromium: Use after free in WebAudio [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2303359
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-0462a59d45' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--