| Summary: | Chromium updated to 103.0.5060.134, fixes bugs and security vulnerabilitie | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | christian barranco <chb0> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | major | ||
| Priority: | Normal | CC: | brtians1, cjw, davidwhodgins, fri, lewyssmith, sysadmin-bugs |
| Version: | 8 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA8-64-OK | ||
| Source RPM: | chromium-browser-stable-103.0.5060.53-1.mga8.src.rpm | CVE: | |
| Status comment: | |||
| Bug Depends on: | 30658 | ||
| Bug Blocks: | |||
|
Description
christian barranco
2022-07-20 13:20:12 CEST
(In reply to christian barranco from comment #0) > Upstream just released the 103.0.5060.153 version, fixing bugs and 11 > security vulnerabilities. > https://chromereleases.googleblog.com/2022/07/stable-channel-update-for- > desktop_19.html sorry, typo mistake: 103.0.5060.134 version Cauldron should be up-to-date soon. However, MGA8 update is currently blocked by https://bugs.mageia.org/show_bug.cgi?id=30658
christian barranco
2022-07-20 22:35:53 CEST
CC:
(none) =>
cjw, lewyssmith
Morgan Leijström
2022-07-21 05:58:14 CEST
Depends on:
(none) =>
30658 Hi. Ready for QA in core/updates_tesing ADVISORY NOTICE PROPOSAL ======================== New chromium-browser-stable branch fixes bugs and security vulnerabilities Description The chromium-browser-stable package has been updated to the new 103.0.5060.134 branch, fixing many bugs and 11 CVE. Some of them are listed below: [1336266] High CVE-2022-2477 : Use after free in Guest View. Reported by anonymous on 2022-06-14 [1335861] High CVE-2022-2478 : Use after free in PDF. Reported by triplepwns on 2022-06-13 [1329987] High CVE-2022-2479 : Insufficient validation of untrusted input in File. Reported by anonymous on 2022-05-28 [1339844] High CVE-2022-2480 : Use after free in Service Worker API. Reported by Sergei Glazunov of Google Project Zero on 2022-06-27 [1341603] High CVE-2022-2481: Use after free in Views. Reported by YoungJoo Lee(@ashuu_lee) of CompSecLab at Seoul National University on 2022-07-04 [1308341] Low CVE-2022-2163: Use after free in Cast UI and Toolbar. Reported by Chaoyuan Peng (@ret2happy) on 2022-03-2 [1345513] Various fixes from internal audits, fuzzing and other initiatives References https://bugs.mageia.org/show_bug.cgi?id=30655 https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop_19.html https://blog.chromium.org/2022/05/chrome-103-beta-early-navigation-hints.html SRPMS 8/core chromium-browser-stable-103.0.5060.134-1.mga8 PROVIDED PACKAGES ================= x86_64 chromium-browser-103.0.5060.134-1.mga8.x86_64.rpm chromium-browser-stable-103.0.5060.134-1.mga8.x86_64.rpm i586 chromium-browser-103.0.5060.134-1.mga8.i586.rpm chromium-browser-stable-103.0.5060.134-1.mga8.i586.rpm Assignee:
chb0 =>
qa-bugs mga8-64 OK Plasma, nvidia-current, 4k screen, i7 Localisation Swedish Restored saved tabs Browsing some sites with video and different logins No regression noted. MGA8 x86_64, desktop PC, Plasma Fresh installation via QA repo Locale fr browsing ok video ok search engine ok MGA8-64, Gnome, laptop The following 2 packages are going to be installed: - chromium-browser-103.0.5060.134-1.mga8.x86_64 - chromium-browser-stable-103.0.5060.134-1.mga8.x86_64 ----- youtube works jitsi meet works slashdot works working for me CC:
(none) =>
brtians1 No regressions noticed. Validating the update. Whiteboard:
(none) =>
MGA8-64-OK
Dave Hodgins
2022-07-29 19:48:54 CEST
Keywords:
(none) =>
advisory An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0268.html Status:
NEW =>
RESOLVED |