--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2016-bf8c64a060
2016-09-10 17:27:07.026364
--------------------------------------------------------------------------------

Name        : chromium
Product     : Fedora 24
Version     : 53.0.2785.101
Release     : 1.fc24
URL         : https://www.chromium.org/Home/
Summary     : A WebKit (Blink) powered web browser
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).

--------------------------------------------------------------------------------
Update Information:

Stable update to 53.0.2785.101.  Security fix for CVE-2016-5147, CVE-2016-5148,
CVE-2016-5149, CVE-2016-5150, CVE-2016-5151, CVE-2016-5152, CVE-2016-5153,
CVE-2016-5154, CVE-2016-5155, CVE-2016-5156, CVE-2016-5157, CVE-2016-5158,
CVE-2016-5159, CVE-2016-5161, CVE-2016-5162, CVE-2016-5163, CVE-2016-5164,
CVE-2016-5165, CVE-2016-5166, CVE-2016-5160, CVE-2016-5167  Also applies fix for
chrome-remote-desktop where HOME env variable was not properly set via systemd
service.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1372229 - CVE-2016-5167 chromium-browser: various fixes from internal audits
        https://bugzilla.redhat.com/show_bug.cgi?id=1372229
  [ 2 ] Bug #1372228 - CVE-2016-5160 chromium-browser: extensions web accessible resources bypass
        https://bugzilla.redhat.com/show_bug.cgi?id=1372228
  [ 3 ] Bug #1372227 - CVE-2016-5166 chromium-browser: smb relay attack via save page as
        https://bugzilla.redhat.com/show_bug.cgi?id=1372227
  [ 4 ] Bug #1372225 - CVE-2016-5165 chromium-browser: script injection in devtools
        https://bugzilla.redhat.com/show_bug.cgi?id=1372225
  [ 5 ] Bug #1372224 - CVE-2016-5164 chromium-browser: universal xss using devtools
        https://bugzilla.redhat.com/show_bug.cgi?id=1372224
  [ 6 ] Bug #1372223 - CVE-2016-5163 chromium-browser: address bar spoofing
        https://bugzilla.redhat.com/show_bug.cgi?id=1372223
  [ 7 ] Bug #1372222 - CVE-2016-5162 chromium-browser: extensions web accessible resources bypass
        https://bugzilla.redhat.com/show_bug.cgi?id=1372222
  [ 8 ] Bug #1372221 - CVE-2016-5161 chromium-browser: type confusion in blink
        https://bugzilla.redhat.com/show_bug.cgi?id=1372221
  [ 9 ] Bug #1372220 - CVE-2016-5159 chromium-browser: heap overflow in pdfium
        https://bugzilla.redhat.com/show_bug.cgi?id=1372220
  [ 10 ] Bug #1372219 - CVE-2016-5158 chromium-browser: heap overflow in pdfium
        https://bugzilla.redhat.com/show_bug.cgi?id=1372219
  [ 11 ] Bug #1372218 - CVE-2016-5157 chromium-browser: heap overflow in pdfium
        https://bugzilla.redhat.com/show_bug.cgi?id=1372218
  [ 12 ] Bug #1372217 - CVE-2016-5156 chromium-browser: use after free in event bindings
        https://bugzilla.redhat.com/show_bug.cgi?id=1372217
  [ 13 ] Bug #1372216 - CVE-2016-5155 chromium-browser: address bar spoofing
        https://bugzilla.redhat.com/show_bug.cgi?id=1372216
  [ 14 ] Bug #1372215 - CVE-2016-5154 chromium-browser: heap overflow in pdfium
        https://bugzilla.redhat.com/show_bug.cgi?id=1372215
  [ 15 ] Bug #1372214 - CVE-2016-5153 chromium-browser: use after destruction in blink
        https://bugzilla.redhat.com/show_bug.cgi?id=1372214
  [ 16 ] Bug #1372213 - CVE-2016-5152 chromium-browser: heap overflow in pdfium
        https://bugzilla.redhat.com/show_bug.cgi?id=1372213
  [ 17 ] Bug #1372212 - CVE-2016-5151 chromium-browser: use after free in pdfium
        https://bugzilla.redhat.com/show_bug.cgi?id=1372212
  [ 18 ] Bug #1372210 - CVE-2016-5150 chromium-browser: use after free in blink
        https://bugzilla.redhat.com/show_bug.cgi?id=1372210
  [ 19 ] Bug #1372209 - CVE-2016-5149 chromium-browser: script injection in extensions
        https://bugzilla.redhat.com/show_bug.cgi?id=1372209
  [ 20 ] Bug #1372208 - CVE-2016-5148 chromium-browser: universal xss in blink
        https://bugzilla.redhat.com/show_bug.cgi?id=1372208
  [ 21 ] Bug #1372207 - CVE-2016-5147 chromium-browser: universal xss in blink
        https://bugzilla.redhat.com/show_bug.cgi?id=1372207
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program. Use
su -c 'yum update chromium' at the command line.
For more information, refer to "Managing Software with yum",
available at .

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://lists.fedoraproject.org/admin/lists/package-announce@lists.fedoraproject.org/

Fedora 24: chromium Security Update 2016-bf8c64a060

September 10, 2016
Stable update to 53.0.2785.101

Summary

Chromium is an open-source web browser, powered by WebKit (Blink).

Update Information:

Stable update to 53.0.2785.101. Security fix for CVE-2016-5147, CVE-2016-5148, CVE-2016-5149, CVE-2016-5150, CVE-2016-5151, CVE-2016-5152, CVE-2016-5153, CVE-2016-5154, CVE-2016-5155, CVE-2016-5156, CVE-2016-5157, CVE-2016-5158, CVE-2016-5159, CVE-2016-5161, CVE-2016-5162, CVE-2016-5163, CVE-2016-5164, CVE-2016-5165, CVE-2016-5166, CVE-2016-5160, CVE-2016-5167 Also applies fix for chrome-remote-desktop where HOME env variable was not properly set via systemd service.

Change Log

References

[ 1 ] Bug #1372229 - CVE-2016-5167 chromium-browser: various fixes from internal audits https://bugzilla.redhat.com/show_bug.cgi?id=1372229 [ 2 ] Bug #1372228 - CVE-2016-5160 chromium-browser: extensions web accessible resources bypass https://bugzilla.redhat.com/show_bug.cgi?id=1372228 [ 3 ] Bug #1372227 - CVE-2016-5166 chromium-browser: smb relay attack via save page as https://bugzilla.redhat.com/show_bug.cgi?id=1372227 [ 4 ] Bug #1372225 - CVE-2016-5165 chromium-browser: script injection in devtools https://bugzilla.redhat.com/show_bug.cgi?id=1372225 [ 5 ] Bug #1372224 - CVE-2016-5164 chromium-browser: universal xss using devtools https://bugzilla.redhat.com/show_bug.cgi?id=1372224 [ 6 ] Bug #1372223 - CVE-2016-5163 chromium-browser: address bar spoofing https://bugzilla.redhat.com/show_bug.cgi?id=1372223 [ 7 ] Bug #1372222 - CVE-2016-5162 chromium-browser: extensions web accessible resources bypass https://bu...

Read the Full Advisory

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update chromium' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
Name : chromium
Product : Fedora 24
Version : 53.0.2785.101
Release : 1.fc24
URL : https://www.chromium.org/Home/
Summary : A WebKit (Blink) powered web browser

Related News

The End of the Road for Linux 6.11: A Call to Upgrade to Kernel 6.12
3 - 5 min read
The Linux kernel community recently issued an EOL announcement regarding the 6.11 kernel series, urging sysadmins to upgrade quickly to 6.12 . This
A Linux Admin
3 - 6 min read
As 2025 approaches, we Linux admins are facing new and often unseen cloud-native security obstacles. While skilled at mitigating known risks,
Leveraging Insights from the Linux Foundation
3 - 5 min read
The Linux Foundation's recent Census III report provides critical insights for Linux administrators, information security professionals, and anyone
Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns
3 - 6 min read
Google recently unveiled a critical security update to their popular web browser, Google Chrome, addressing over a dozen significant security
From Wayland Fixes to Security Boosts: Examining Qt 6.8.1
3 - 6 min read
The recent Qt 6.8.1 release brings significant updates and improvements, strengthening its reputation as a secure and reliable application
Exploring Arch Linux 2024.12.01: Security Implications & Notable Enhancements for Linux Admins
3 - 6 min read
The Arch Linux 2024.12.01 ISO release marks an impressive milestone, offering cutting-edge updates that enhance functionality, streamline
Deck the Halls with Enhanced Security: Linux Kernel 6.13
3 - 5 min read
As Linux admins and infosec professionals prepare for the holiday season, there's much cause for celebration this year! Linus Torvalds recently made
Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions
3 - 5 min read
New Linux security threats mark critical junctures that challenge existing policies and test security protocols to their limit. One such milestone

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved