| Summary: | chromium-browser-stable new security issues fixed in 116.0.5845.140 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | christian barranco <chb0> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | andrewsfarm, brtians1, davidwhodgins, fri, sysadmin-bugs |
| Version: | 9 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA9-64-OK | ||
| Source RPM: | chromium-browser-stable-116.0.5845.96-1.mga9.tainted.src.rpm | CVE: | |
| Status comment: | |||
|
Description
christian barranco
2023-08-25 10:58:55 CEST
Strange, I do not see it in i.e https://ftp.acc.umu.se/mirror/mageia/distrib/9/x86_64/media/tainted/updates_testing/ CC:
(none) =>
fri thats because its only built in cauldron testing before I locked it down for svn branching...
Morgan Leijström
2023-08-27 13:16:16 CEST
Whiteboard:
(none) =>
MGA9TOO Assigning back to packager to fix up mga9 update. (I see you pushed a rebuild of 116.0.5845.96 to updates_testing, but that one is already in mga9 release. also, remember when assigning updates to QA, you _must_ list packages to test... not point to an upstream blog about a new version... cauldron 116.0.5845.110 package is moved to release from testing Assignee:
qa-bugs =>
chb0 (In reply to Thomas Backlund from comment #4) > Assigning back to packager to fix up mga9 update. > > (I see you pushed a rebuild of 116.0.5845.96 to updates_testing, but that > one is already in mga9 release. > > also, remember when assigning updates to QA, you _must_ list packages to > test... not point to an upstream blog about a new version... > > > > cauldron 116.0.5845.110 package is moved to release from testing Hi. Yes, sorry for that. I usually do so but I was too quick here. Here you go then. However, sorry for my ignorance, I am a bit lost here. 116.0.5845.110 was built for MGA9 some days ago. I thought resubmitting would be enough but I overlooked at it. Should I resubmit it or not? ADVISORY NOTICE PROPOSAL ======================== New chromium-browser-stable 116.0.5845.110 fixes bugs and vulnerabilities Description The chromium-browser-stable package has been updated to the 116.0.5845.110 release, fixing 5 vulnerabilities. High CVE-2023-4430: Use after free in Vulkan. Reported by Cassidy Kim(@cassidy6564) on 2023-08-02 High CVE-2023-4429: Use after free in Loader. Reported by Anonymous on 2023-08-03 High CVE-2023-4428: Out of bounds memory access in CSS. Reported by Francisco Alonso (@revskills) on 2023-08-06 High CVE-2023-4427: Out of bounds memory access in V8. Reported by Sergei Glazunov of Google Project Zero on 2023-08-07 Medium CVE-2023-4431: Out of bounds memory access in Fonts. Reported by Microsoft Security Researcher on 2023-08-01 References https://bugs.mageia.org/show_bug.cgi?id=32193 https://chromereleases.googleblog.com/2023/08/chrome-desktop-stable-update.html SRPMS 9/tainted chromium-browser-stable-116.0.5845.110-1.mga9.tainted.src.rpm PROVIDED PACKAGES ================= x86_64 chromium-browser-116.0.5845.110-1.mga9.tainted.x86_64.rpm chromium-browser-stable-116.0.5845.110-1.mga9.tainted.x86_64.rpm i586 chromium-browser-116.0.5845.110-1.mga9.tainted.i586.rpm chromium-browser-stable-116.0.5845.110-1.mga9.tainted.i586.rpm Anyway, let us go now for 116.0.5845.140 https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_29.html Summary:
chromium-browser-stable new security issues fixed in 116.0.5845.110 =>
chromium-browser-stable new security issues fixed in 116.0.5845.140 ADVISORY NOTICE PROPOSAL ======================== New chromium-browser-stable 116.0.5845.140 fixes bugs and vulnerabilities Description The chromium-browser-stable package has been updated to the 116.0.5845.140 release, fixing 5 vulnerabilities. High CVE-2023-4430: Use after free in Vulkan. Reported by Cassidy Kim(@cassidy6564) on 2023-08-02 High CVE-2023-4429: Use after free in Loader. Reported by Anonymous on 2023-08-03 High CVE-2023-4428: Out of bounds memory access in CSS. Reported by Francisco Alonso (@revskills) on 2023-08-06 High CVE-2023-4427: Out of bounds memory access in V8. Reported by Sergei Glazunov of Google Project Zero on 2023-08-07 Medium CVE-2023-4431: Out of bounds memory access in Fonts. Reported by Microsoft Security Researcher on 2023-08-01 High CVE-2023-4572: Use after free in MediaStream. Reported by fwnfwn(@_fwnfwn) on 2023-08-12 References https://bugs.mageia.org/show_bug.cgi?id=32193 https://chromereleases.googleblog.com/2023/08/chrome-desktop-stable-update.html https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_29.html SRPMS 9/tainted chromium-browser-stable-116.0.5845.140-1.mga9.tainted.src.rpm PROVIDED PACKAGES ================= x86_64 chromium-browser-116.0.5845.140-1.mga9.tainted.x86_64.rpm chromium-browser-stable-116.0.5845.140-1.mga9.tainted.x86_64.rpm i586 chromium-browser-116.0.5845.140-1.mga9.tainted.i586.rpm chromium-browser-stable-116.0.5845.140-1.mga9.tainted.i586.rpm MGA9 - x86_64, Xfce installed - testing working for me. youtube, audio, basic pages. CC:
(none) =>
brtians1 Validating. Advisory in comment 7. Keywords:
(none) =>
validated_update mga8-64 Plasma, nvidia-current: thumbs up from me too.
Dave Hodgins
2023-09-11 03:14:15 CEST
CC:
(none) =>
davidwhodgins An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2023-0256.html Status:
NEW =>
RESOLVED |