| Summary: | chromium-browser-stable security issues fixed in 77.0.3865.120 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | Christiaan Welvaart <cjw> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | andrewsfarm, brtians1, cjw, sysadmin-bugs, tarazed25, tmb |
| Version: | 7 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA7-64-OK | ||
| Source RPM: | chromium-browser-stable-77.0.3865.90-1.mga7.src.rpm | CVE: | |
| Status comment: | |||
|
Description
Christiaan Welvaart
2019-10-16 21:10:34 CEST
Updated packages are available for testing: MGA7 SRPM: chromium-browser-stable-77.0.3865.120-1.mga7.src.rpm RPMS: chromium-browser-77.0.3865.120-1.mga7.i586.rpm chromium-browser-stable-77.0.3865.120-1.mga7.i586.rpm chromium-browser-77.0.3865.120-1.mga7.x86_64.rpm chromium-browser-stable-77.0.3865.120-1.mga7.x86_64.rpm Advisory: Chromium-browser 77.0.3865.120 fixes security issues: Four use-after-free bugs were found in Chromium 77.0.3865.90: one in the IndexedDB component (CVE-2019-13693), one in the WebRTC component (CVE-2019-13694), one in the audio component (CVE-2019-13695), and one in the V8 component (CVE-2019-13696). A cross-origin size leak (CVE-2019-13697) was also fixed, as well as various problems found using internal audits, fuzzing and other initiatives. References: https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13693 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13694 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13695 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13696 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13697 CC:
(none) =>
cjw $ uname -a Linux localhost 5.3.6-desktop-2.mga7 #1 SMP Sun Oct 13 18:22:10 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux The following 10 packages are going to be installed: - chromium-browser-77.0.3865.120-1.mga7.x86_64 - chromium-browser-stable-77.0.3865.120-1.mga7.x86_64 - lib64jsoncpp19-1.8.4-2.mga7.x86_64 - lib64minizip1-1.2.11-7.mga7.x86_64 - lib64rpm8-4.14.2.1-12.1.mga7.x86_64 - python3-rpm-4.14.2.1-12.1.mga7.x86_64 - rpm-4.14.2.1-12.1.mga7.x86_64 - rpm-build-4.14.2.1-12.1.mga7.x86_64 - rpm-plugin-syslog-4.14.2.1-12.1.mga7.x86_64 - rpm-plugin-systemd-inhibit-4.14.2.1-12.1.mga7.x86_64 --- Did Email and watched youtube videos. Sound, video and formatting is all working as designed. Whiteboard:
(none) =>
MGA7-64-OK Mageia 7, x86_64 Installed all the packages in comment 2. Launched the browser from the systems menu. Visited a few sites including gmail account. Started to synchronize with firefox bookmarks - first shut down firefox then started synch. That brought up a red box in the top right-hand corner which reported that synchronization was not working. Tried signing into Google but that wanted a pass-phrase - no idea what to enter but after a long search discovered something from long ago regarding synchronizing "devices" which it seemed to accept but the red box remained. A tab appeared in the menu which opened out into a cascading menu of all the firefox bookmarks. There does not seem to be any way to install those as a side-bar like in firefox so there is always a lot of clicking to find a particular entry (three tiers and a total of maybe 2000 bookmarks). So, it does work, sort of. As in firefox, the Ctrl +/- operation allows zooming. CC:
(none) =>
tarazed25 Validating. Advisory in Comment 1. Keywords:
(none) =>
validated_update
Thomas Backlund
2019-10-23 19:34:21 CEST
CC:
(none) =>
tmb An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2019-0304.html Status:
NEW =>
RESOLVED |