Bug 26103

Summary: chromium-browser-stable security issues fixed in 79.0.3945.130
Product: Mageia Reporter: Christiaan Welvaart <cjw>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: andrewsfarm, brtians1, cjw, sysadmin-bugs, tmb
Version: 7Keywords: advisory, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA7-32-OK MGA7-64-OK
Source RPM: chromium-browser-stable-78.0.3904.108-1.mga7.src.rpm CVE:
Status comment:

Comment 1 Christiaan Welvaart 2020-01-18 18:24:23 CET 
Advisory:


Chromium-browser 79.0.3945.130 fixes security issues:

Multiple flaws were found in the way Chromium 78.0.3904.108 processes various types of web content, where loading a web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information. (CVE-2019-13725, CVE-2019-13726, CVE-2019-13727, CVE-2019-13728, CVE-2019-13729, CVE-2019-13730, CVE-2019-13732, CVE-2019-13734, CVE-2019-13735, CVE-2019-13736, CVE-2019-13737, CVE-2019-13738, CVE-2019-13739, CVE-2019-13740, CVE-2019-13741, CVE-2019-13742, CVE-2019-13743, CVE-2019-13744, CVE-2019-13745, CVE-2019-13746, CVE-2019-13747, CVE-2019-13748, CVE-2019-13749, CVE-2019-13750, CVE-2019-13751, CVE-2019-13752, CVE-2019-13753, CVE-2019-13754, CVE-2019-13755, CVE-2019-13756, CVE-2019-13757, CVE-2019-13758, CVE-2019-13759, CVE-2019-13761, CVE-2019-13762, CVE-2019-13763, CVE-2019-13764, CVE-2019-13767, CVE-2020-6377, CVE-2020-6378, CVE-2020-6379, CVE-2020-6380)



References:
https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html
https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop_17.html
https://chromereleases.googleblog.com/2020/01/stable-channel-update-for-desktop.html
https://chromereleases.googleblog.com/2020/01/stable-channel-update-for-desktop_16.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13725
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13726
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13727
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13728
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13729
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13730
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13732
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13734
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13735
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13736
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13737
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13738
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13739
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13740
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13741
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13742
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13743
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13744
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13745
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13746
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13747
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13748
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13749
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13750
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13751
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13752
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13753
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13754
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13755
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13756
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13757
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13758
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13759
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13761
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13762
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13763
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13764
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13767
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6377
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6378
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6379
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6380

Status: NEW => ASSIGNED

David Walser 2020-01-18 20:27:34 CET

Depends on: (none) => 26104

Comment 2 David Walser 2020-01-18 20:28:21 CET 
Four of those CVEs are actually in sqlite3, so we need to address that.
Comment 3 Christiaan Welvaart 2020-01-18 21:00:42 CET 
Chromium is not currently linked against system sqlite3, that's why I left those CVEs in the lists.
Comment 4 David Walser 2020-01-18 21:03:32 CET 
OK.  We should still fix them of course.

Depends on: 26104 => (none)

Comment 5 David Walser 2020-01-29 21:05:55 CET 
sqlite3 issues have been addressed.  Did you mean to assign this to QA?
Comment 6 Christiaan Welvaart 2020-02-01 14:26:00 CET 
The build failed with:

FAILED: obj/chrome/browser/ui/ui/opaque_browser_frame_view_linux.o 
g++ -MMD -MF obj/chrome/browser/ui/ui/opaque_browser_frame_view_linux.o.d -DUSE_DBUS -DUSE_UDEV -DUSE_AURA=1 -DUSE_GLIB=1 -DUSE_NSS_CERTS=1 -DUSE_X11=1 -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D__STDC_CONSTANT_MACROS -D__STDC_FORMAT_MACROS -DNDEBUG -DNVALGRIND -DDYNAMIC_ANNOTATIONS_ENABLED=0 -DUSE_CUPS -DGLIB_VERSION_MAX_ALLOWED=GLIB_VERSION_2_52 -DGLIB_VERSION_MIN_REQUIRED=GLIB_VERSION_2_26 -DGL_GLEXT_PROTOTYPES -DUSE_GLX -DUSE_EGL -DVK_NO_PROTOTYPES -DTOOLKIT_VIEWS=1 -DSYNC_PASSWORD_REUSE_DETECTION_ENABLED -DSYNC_PASSWORD_REUSE_WARNING_ENABLED -DON_FOCUS_PING_ENABLED -DEXPAT_RELATIVE_PATH -DGOOGLE_PROTOBUF_NO_RTTI -DGOOGLE_PROTOBUF_NO_STATIC_INITIALIZER -DHAVE_PTHREAD -DLEVELDB_PLATFORM_CHROMIUM=1 -DLEVELDB_PLATFORM_CHROMIUM=1 -DU_USING_ICU_NAMESPACE=0 -DU_ENABLE_DYLOAD=0 -DUSE_CHROMIUM_ICU=1 -DU_STATIC_IMPLEMENTATION -DICU_UTIL_DATA_IMPL=ICU_UTIL_DATA_FILE -DUCHAR_TYPE=uint16_t -DWEBRTC_NON_STATIC_TRACE_EVENT_HANDLERS=0 -DWEBRTC_CHROMIUM_BUILD -DWEBRTC_POSIX -DWEBRTC_LINUX -DABSL_ALLOCATOR_NOTHROW=1 -DNO_MAIN_THREAD_WRAPPING -DV8_USE_EXTERNAL_STARTUP_DATA -DSK_GL -DSK_HAS_PNG_LIBRARY -DSK_HAS_WEBP_LIBRARY -DSK_USER_CONFIG_HEADER=\"../../skia/config/SkUserConfig.h\" -DSK_HAS_JPEG_LIBRARY -DSK_VULKAN_HEADER=\"../../skia/config/SkVulkanConfig.h\" -DSK_VULKAN=1 -DSK_SUPPORT_GPU=1 -DSK_GPU_WORKAROUNDS_HEADER=\"gpu/config/gpu_driver_bug_workaround_autogen.h\" -DVK_NO_PROTOTYPES -DV8_DEPRECATION_WARNINGS -DI18N_ADDRESS_VALIDATION_DATA_URL=\"https://chromium-i18n.appspot.com/ssl-aggregate-address/\" -DPERFETTO_IMPLEMENTATION -DUSE_SYSTEM_ZLIB=1 -I../.. -Igen -Igen/shim_headers/zlib_shim -Igen/shim_headers/snappy_shim -I../../third_party/libyuv/include -Igen/shim_headers/libpng_shim -Igen/shim_headers/libwebp_shim -Igen/shim_headers/libdrm_shim -Igen/shim_headers/ffmpeg_shim -I../../third_party/khronos -I../../gpu -Igen/shim_headers/opus_shim -I../../third_party/vulkan/include -Igen/third_party/dawn/src/include -I../../third_party/dawn/src/include -Igen/shim_headers/minizip_shim -Igen/shim_headers/flac_shim -Igen/shim_headers/jsoncpp_shim -I../../third_party/protobuf/src -Igen/protoc_out -I../../third_party/protobuf/src -I../../third_party/boringssl/src/include -I../../third_party/cacheinvalidation/overrides -I../../third_party/cacheinvalidation/src -Igen/third_party/metrics_proto -I../../third_party/leveldatabase -I../../third_party/leveldatabase/src -I../../third_party/leveldatabase/src/include -I../../third_party/ced/src -I../../third_party/icu/source/common -I../../third_party/icu/source/i18n -I../../third_party/webrtc_overrides -I../../third_party/webrtc -Igen/third_party/webrtc -I../../third_party/abseil-cpp -I../../third_party/skia -I../../third_party/vulkan/include -I../../third_party/skia/third_party/vulkanmemoryallocator -I../../third_party/vulkan/include -I../../third_party/crashpad/crashpad -I../../third_party/crashpad/crashpad/compat/non_mac -I../../third_party/crashpad/crashpad/compat/linux -I../../third_party/crashpad/crashpad/compat/non_win -I../../third_party/libwebm/source -I../../v8/include -Igen/v8/include -I../../third_party/perfetto/include -Igen/third_party/perfetto/build_config -Igen/third_party/perfetto -Igen/third_party/perfetto -Igen/third_party/perfetto -Igen/third_party/perfetto -Igen/third_party/perfetto -Igen/third_party/perfetto -Igen/third_party/perfetto -Igen/third_party/perfetto -Igen/third_party/perfetto -Igen/components/policy/proto -I../../third_party/re2/src -I../../third_party/mesa_headers -Igen -Igen -Igen -Igen -I../../third_party/libaddressinput/src/cpp/include -Igen/components/sync/protocol -I../../third_party/flatbuffers/src/include -I../../third_party/perfetto -I../../third_party/perfetto/include -Igen/third_party/perfetto/build_config -I../../third_party/brotli/include -Igen/components/sync/protocol -I../../third_party/fontconfig/src -Igen -Igen -Igen -Igen -Igen -fno-strict-aliasing --param=ssp-buffer-size=4 -fstack-protector -funwind-tables -fPIC -pipe -pthread -Wno-builtin-macro-redefined -D__DATE__= -D__TIME__= -D__TIMESTAMP__= -Wall -Wno-unused-local-typedefs -Wno-deprecated-declarations -Wno-comments -Wno-packed-not-aligned -Wno-missing-field-initializers -Wno-unused-parameter -fno-omit-frame-pointer -fvisibility=hidden -I/usr/include/glib-2.0 -I/usr/lib64/glib-2.0/include -I/usr/include/nss -I/usr/include/nspr4 -I/usr/include/dbus-1.0 -I/usr/lib64/dbus-1.0/include -std=gnu++14 -Wno-narrowing -Wno-class-memaccess -fno-exceptions -fno-rtti -fvisibility-inlines-hidden -O2 -pipe -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fstack-protector --param=ssp-buffer-size=4 -fasynchronous-unwind-tables -faligned-new -Wno-attributes -Wno-error=class-memaccess -Wno-error=unknown-pragmas -Wno-error=array-bounds -c ../../chrome/browser/ui/views/frame/opaque_browser_frame_view_linux.cc -o obj/chrome/browser/ui/ui/opaque_browser_frame_view_linux.o
In file included from ../../chrome/browser/ui/views/frame/opaque_browser_frame_view_platform_specific.h:8,
                 from ../../chrome/browser/ui/views/frame/opaque_browser_frame_view_linux.h:10,
                 from ../../chrome/browser/ui/views/frame/opaque_browser_frame_view_linux.cc:5:
/usr/include/c++/8.3.1/memory: In function 'void* std::align(std::size_t, std::size_t, void*&, std::size_t&)':
/usr/include/c++/8.3.1/memory:119:17: internal compiler error: Segmentation fault
   if ((__size + __diff) > __space)
                 ^~~~~~
Please submit a full bug report,
with preprocessed source if appropriate.
See <https://bugs.mageia.org/> for instructions.
Comment 7 David Walser 2020-02-01 15:52:08 CET 
I wonder if it's one of those random crashes that doesn't happen if you just try it again or if it's a real compiler bug.

CC: (none) => tmb

Comment 8 Christiaan Welvaart 2020-02-02 14:34:50 CET 
Updated packages are available for testing:

MGA7
SRPM:
chromium-browser-stable-79.0.3945.130-1.mga7.src.rpm
RPMS:
chromium-browser-79.0.3945.130-1.mga7.i586.rpm
chromium-browser-stable-79.0.3945.130-1.mga7.i586.rpm
chromium-browser-79.0.3945.130-1.mga7.x86_64.rpm
chromium-browser-stable-79.0.3945.130-1.mga7.x86_64.rpm

Assignee: cjw => qa-bugs
CC: (none) => cjw

Comment 9 Brian Rockwell 2020-02-05 23:55:56 CET 
X86_64 - Plasma - Physical Hardware - AMD, Nvidia 760 (Nvidia 390 driver)

$ uname -a
Linux localhost 5.4.17-desktop-1.mga7 #1 SMP Sat Feb 1 21:57:04 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux

The following 3 packages are going to be installed:

- chromium-browser-79.0.3945.130-1.mga7.x86_64
- chromium-browser-stable-79.0.3945.130-1.mga7.x86_64
- lib64jsoncpp19-1.8.4-2.mga7.x86_64

---

Ran Chromium for several hours without issue, typically abusive processes.

Working as designed.

CC: (none) => brtians1

Comment 10 Brian Rockwell 2020-02-06 04:35:18 CET 
installed on laptop - xfce - a6

Seems to work fine.  I see this when I run it from the command line.  Does anyone think this is an issue?

/usr/lib64/chromium-browser/chrome
[5091:5091:0205/213143.364450:ERROR:sandbox_linux.cc(372)] InitializeSandbox() called with multiple threads in process gpu-process.
[5106:1:0205/213143.732104:ERROR:child_process_sandbox_support_impl_linux.cc(79)] FontService unique font name matching request did not receive a response.
[5106:1:0205/213143.732758:ERROR:child_process_sandbox_support_impl_linux.cc(79)] FontService unique font name matching request did not receive a response.

seems to log a lot of this.
Comment 11 Brian Rockwell 2020-02-06 23:48:05 CET 
Noticed audio problems with VM, but seems to be unique to VM only at 32bits.


32bit on AMD x2 hardware, really old nvidia (running nouveau), mate

Installed and tested.

Working correctly with videos etc.

Giving 32 and 64 okay.

Whiteboard: (none) => MGA7-32-OK MGA7-64-OK

Comment 12 Thomas Andrews 2020-02-07 19:09:40 CET 
Validating. Advisory in Comment 1.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

Comment 13 Lewis Smith 2020-02-09 11:04:22 CET 
See also bug 26177. I think this update should go out as-is.
Comment 14 Thomas Backlund 2020-02-09 17:33:01 CET 
(In reply to Lewis Smith from comment #13)
> See also bug 26177. I think this update should go out as-is.

26177 is Cauldron only, we dont push new glibc in stable releases
Thomas Backlund 2020-02-09 19:25:26 CET

Keywords: (none) => advisory

Comment 15 Mageia Robot 2020-02-09 20:15:06 CET 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2020-0078.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED