Bug 26494

Summary: chromium-browser-stable new security issue fixed in 81.0.4044.122
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: critical    
Priority: Normal CC: andrewsfarm, cjw, sysadmin-bugs, tmb, wrw105
Version: 7Keywords: advisory, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: mga7-64-ok mga7-32-ok
Source RPM: chromium-browser-stable-81.0.4044.92-1.mga7.src.rpm CVE:
Status comment:

Description David Walser 2020-04-18 04:04:26 CEST 
Upstream has released version 81.0.4044.113 on April 15:
https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_15.html

This is the current version in the stable channel:
http://googlechromereleases.blogspot.com/search/label/Stable%20updates

It fixes a new security issue.
Comment 1 katnatek 2020-04-22 21:10:57 CEST 
Upstream has released version 81.0.4044.122 on April 21
https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_21.html

This is the current version in the stable channel:
http://googlechromereleases.blogspot.com/search/label/Stable%20updates

It fixes a new security issue.

Summary: chromium-browser-stable new security issue fixed in 81.0.4044.113 => chromium-browser-stable new security issue fixed in 81.0.4044.122

Comment 2 David Walser 2020-04-22 21:15:55 CEST 
Thanks katnatek!

Christiaan, the .113 update has gotten attention in the press.  I'm not entirely sure if it's any more critical than normal, but it would be nice to get moving on this.
Comment 3 Christiaan Welvaart 2020-04-24 09:47:54 CEST 
Updated packages are available for testing:

MGA7
SRPM:
chromium-browser-stable-81.0.4044.122-1.mga7.src.rpm
RPMS:
chromium-browser-81.0.4044.122-1.mga7.i586.rpm
chromium-browser-stable-81.0.4044.122-1.mga7.i586.rpm
chromium-browser-81.0.4044.122-1.mga7.x86_64.rpm
chromium-browser-stable-81.0.4044.122-1.mga7.x86_64.rpm



Advisory:



Chromium-browser 81.0.4044.122 fixes security issues:

Multiple flaws were found in the way Chromium 81.0.4044.92 processes various types of web content, where loading a web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information. (CVE-2020-6457, CVE-2020-6458, CVE-2020-6459, CVE-2020-6460)


References:
https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_15.html
https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_21.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6457
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6458
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6459
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6460

Assignee: cjw => qa-bugs
CC: (none) => cjw

Comment 4 Bill Wilkinson 2020-04-25 00:42:02 CEST 
tested mga7-64
general browsing, jetstream for javascript, youtube videos, all ok.

Whiteboard: (none) => mga-7-64-ok
CC: (none) => wrw105

Bill Wilkinson 2020-04-25 00:48:17 CEST

Whiteboard: mga-7-64-ok => mga7-64-ok

Comment 5 Bill Wilkinson 2020-04-25 02:21:30 CEST 
tested mga7-32 as above, all ok

ready for validation when advisory uploaded

Whiteboard: mga7-64-ok => mga7-64-ok mga7-32-ok

Comment 6 Thomas Andrews 2020-04-26 01:41:18 CEST 
Thanks, Bill. Validating. Advisory in Comment 3.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

Thomas Backlund 2020-04-26 16:16:34 CEST

Keywords: (none) => advisory
CC: (none) => tmb

Comment 7 Mageia Robot 2020-04-26 16:40:33 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2020-0185.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED