| Summary: | Updated chromium 124.0.6367.118 packages fix vulnerabilities | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | christian barranco <chb0> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | andrewsfarm, brtians1, davy.defaud, flink, fri, sysadmin-bugs |
| Version: | 9 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Linux | ||
| Whiteboard: | MGA9-64-OK | ||
| Source RPM: | chromium-browser-stable-124.0.6367.60-1.mga9.tainted.src.rpm | CVE: | CVE-2024-4331,CVE-2024-4368 |
| Status comment: | |||
|
Description
christian barranco
2024-04-27 21:21:40 CEST
OK here mga9-64
$ chromium-browser --version
Chromium 124.0.6367.91 Mageia.Org 99
Swedish localisation
Remembered settings and opened tabs
Various shops, banking, video sites
Saving files, showing pdf, printing
[morgan@svarten ~]$ inxi -SCG
System:
Host: svarten.tribun Kernel: 6.6.28-desktop-1.mga9 arch: x86_64 bits: 64
Desktop: KDE Plasma v: 5.27.10 Distro: Mageia 9
CPU:
Info: dual core model: Intel Core i7 870 bits: 64 type: MT MCP cache:
L2: 512 KiB
Speed (MHz): avg: 3481 min/max: 1200/2934 cores: 1: 3481 2: 3481 3: 3481
4: 3481
Graphics:
Device-1: NVIDIA GM107 [GeForce GTX 750] driver: nvidia v: 470.239.06
Display: x11 server: X.org v: 1.21.1.8 with: Xwayland v: 22.1.9 driver: X:
loaded: nvidia,v4l gpu: nvidia resolution: 3840x2160~60Hz
API: OpenGL v: 4.6.0 NVIDIA 470.239.06 renderer: NVIDIA GeForce GTX
750/PCIe/SSE2CC:
(none) =>
fri This version doesn’t work as a Wayland client like the previous one. I had to change the settings back to X11. Chromium is starting but not displaying its window. :-/ See: https://wiki.mageia.org/en/Mageia_9_Release_Notes#Chromium.2C_Chrome_and_Teams CC:
(none) =>
davy.defaud
katnatek
2024-04-29 19:22:47 CEST
Keywords:
(none) =>
feedback (In reply to Davy Defaud from comment #2) > This version doesn’t work as a Wayland client like the previous one. I had > to change the settings back to X11. Chromium is starting but not displaying > its window. :-/ > See: > https://wiki.mageia.org/en/Mageia_9_Release_Notes#Chromium. > 2C_Chrome_and_Teams Please, provide the version number of the latest working one. It was the previous package, so: 123.0.6312.105-1.mga9 (In reply to Davy Defaud from comment #4) > It was the previous package, so: 123.0.6312.105-1.mga9 Hi. Our current version is 124.0.6367.60 I assume you are testing that one and not the one related to this report, which is an update to 124.0.6367.91 Anyway, it looks like upstream has broken Wayland on Linux, with Chromium 124... https://www.debugpoint.com/google-chrome-no-window/ Until it is corrected upstream, I am afraid we have to live with that. I will add a note on the advisory. Keywords:
feedback =>
(none) Just noticed upstream might have solved the Wayland detection issue. https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_30.html Let us give it a try. Assignee:
qa-bugs =>
chb0 Hi Christian, I’m running version 124.0.6367.60, indeed. My experience is a little bit different than the one described in your given link: I can start Chromium as a Wayland client with --ozone-platform=wayland, but if I force the ozone-platform setting with chrome://flags to wayland (instead of auto), it doesn’t work neither. I will tell you whether the next MGA package fixes that behaviour. (In reply to Davy Defaud from comment #7) > Hi Christian, > > I’m running version 124.0.6367.60, indeed. My experience is a little bit > different than the one described in your given link: I can start Chromium as > a Wayland client with --ozone-platform=wayland, but if I force the > ozone-platform setting with chrome://flags to wayland (instead of auto), it > doesn’t work neither. > > I will tell you whether the next MGA package fixes that behaviour. Hi. Yes it is what is explained on the article: you need to set this flag to X11 Let us hope it is solved in the latest release. Ready for testing! ADVISORY NOTICE PROPOSAL ======================== New chromium-browser-stable 124.0.6367.128 security update Description The chromium-browser-stable package has been updated to the 124.0.6367.128 release. It includes 2 security fixes. Please, do note, only x86_64 is supported from now on. i586 support for linux was stopped some years ago and the community is not able to provide patches anymore for the latest Chromium code. Some of the security fixes are: * High CVE-2024-4331: Use after free in Picture In Picture. Reported by Zhenghang Xiao (@Kipreyyy) on 2024-04-16 * High CVE-2024-4368: Use after free in Dawn. Reported by wgslfuzz on 2024-04-09 References https://bugs.mageia.org/show_bug.cgi?id=33151 https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_30.html SRPMS 9/tainted chromium-browser-stable-124.0.6367.128-1.mga9.tainted.src.rpm PROVIDED PACKAGES ================= x86_64 chromium-browser-124.0.6367.128-1.mga9.tainted.x86_64.rpm chromium-browser-stable-124.0.6367.128-1.mga9.tainted.x86_64.rpm Assignee:
chb0 =>
qa-bugs
katnatek
2024-05-02 20:20:14 CEST
Keywords:
(none) =>
advisory OK here same tests as previous version in Comment 1 RH mageia 9 x86_64
LC_ALL=C urpme --auto-orphans --auto
writing /var/lib/rpm/installed-through-deps.list
No orphans to remove
[root@phoenix ~]# LC_ALL=C urpmi --auto --auto-update
medium "QA Testing (32-bit)" is up-to-date
medium "QA Testing (64-bit)" is up-to-date
medium "Core Release (distrib1)" is up-to-date
medium "Core Updates (distrib3)" is up-to-date
medium "Nonfree Release (distrib11)" is up-to-date
medium "Nonfree Updates (distrib13)" is up-to-date
medium "Tainted Release (distrib21)" is up-to-date
medium "Tainted Updates (distrib23)" is up-to-date
medium "Core 32bit Release (distrib31)" is up-to-date
medium "Core 32bit Updates (distrib32)" is up-to-date
medium "Nonfree 32bit Release (distrib36)" is up-to-date
medium "Tainted 32bit Release (distrib41)" is up-to-date
medium "Tainted 32bit Updates (distrib42)" is up-to-date
installing chromium-browser-stable-124.0.6367.118-1.mga9.tainted.x86_64.rpm from //home/katnatek/qa-testing/x86_64
Preparing... ##################################################################################################
1/1: chromium-browser-stable
##################################################################################################
1/1: removing chromium-browser-stable-124.0.6367.60-1.mga9.tainted.x86_64
##################################################################################################
Session Lxqt
Youtube OK
Facebook OK
Mageia sites OK
RH mageia 9 x86_64 Plasma Wayland Set “Preferred Ozone platform” to Wayland following https://wiki.mageia.org/en/Mageia_9_Release_Notes#Chromium.2C_Chrome_and_Teams That restart chromium and the browser starts well Youtube OK Facebook OK Mageia sites OK Odd. Using the math.princeton mirror, qarepo couldn't find chromium-browser-124.0.6367.128-1.mga9.tainted.x86_64.rpm chromium-browser-stable-124.0.6367.128-1.mga9.tainted.x86_64.rpm But when using "chromium*" it did find chromium-browser-124.0.6367.118-1.mga9.tainted.x86_64.rpm chromium-browser-stable-124.0.6367.118-1.mga9.tainted.x86_64.rpm Note the "118" it the one it found, as opposed to "128" in comment 9. What's going on? A simple typo, or something else? Currently, https://mirrors.mageia.org/status shows the Princeton mirror as "less than 12 hours old," but comment 9 is two days old, so the correct one should be there. CC:
(none) =>
andrewsfarm (In reply to Thomas Andrews from comment #13) > Odd. Using the math.princeton mirror, qarepo couldn't find > > chromium-browser-124.0.6367.128-1.mga9.tainted.x86_64.rpm > chromium-browser-stable-124.0.6367.128-1.mga9.tainted.x86_64.rpm > > But when using "chromium*" it did find > > chromium-browser-124.0.6367.118-1.mga9.tainted.x86_64.rpm > chromium-browser-stable-124.0.6367.118-1.mga9.tainted.x86_64.rpm > > Note the "118" it the one it found, as opposed to "128" in comment 9. > > What's going on? A simple typo, or something else? > > Currently, https://mirrors.mageia.org/status shows the Princeton mirror as > "less than 12 hours old," but comment 9 is two days old, so the correct one > should be there. Apologies, typo... ADVISORY NOTICE PROPOSAL ======================== New chromium-browser-stable 124.0.6367.118 security update Description The chromium-browser-stable package has been updated to the 124.0.6367.118 release. It includes 2 security fixes. Please, do note, only x86_64 is supported from now on. i586 support for linux was stopped some years ago and the community is not able to provide patches anymore for the latest Chromium code. Some of the security fixes are: * High CVE-2024-4331: Use after free in Picture In Picture. Reported by Zhenghang Xiao (@Kipreyyy) on 2024-04-16 * High CVE-2024-4368: Use after free in Dawn. Reported by wgslfuzz on 2024-04-09 References https://bugs.mageia.org/show_bug.cgi?id=33151 https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_30.html SRPMS 9/tainted chromium-browser-stable-124.0.6367.118-1.mga9.tainted.src.rpm PROVIDED PACKAGES ================= x86_64 chromium-browser-124.0.6367.118-1.mga9.tainted.x86_64.rpm chromium-browser-stable-124.0.6367.118-1.mga9.tainted.x86_64.rpm That's what I thought, but it's always best to check - and the bug report and advisory need to be correct, anyway. No installation issues, on two different machines, one Intel-based, the other AMD. Tried a few sites, no issues. The main thing I use Chromium for is banking, as the bank seems to like it better than Firefox. No issues there, either. (In reply to Davy Defaud from comment #7) > Hi Christian, > > I’m running version 124.0.6367.60, indeed. My experience is a little bit > different than the one described in your given link: I can start Chromium as > a Wayland client with --ozone-platform=wayland, but if I force the > ozone-platform setting with chrome://flags to wayland (instead of auto), it > doesn’t work neither. > > I will tell you whether the next MGA package fixes that behaviour. Please try with the new packages I set ozone platform to wayland and looks that works but Is better to be sure Intel, Xfce, wimpy laptop Installed Chromium, used or a few hours, working as expected. CC:
(none) =>
brtians1 (In reply to katnatek from comment #16) > (In reply to Davy Defaud from comment #7) > > Hi Christian, > > > > I’m running version 124.0.6367.60, indeed. My experience is a little bit > > different than the one described in your given link: I can start Chromium as > > a Wayland client with --ozone-platform=wayland, but if I force the > > ozone-platform setting with chrome://flags to wayland (instead of auto), it > > doesn’t work neither. > > > > I will tell you whether the next MGA package fixes that behaviour. > > Please try with the new packages I set ozone platform to wayland and looks > that works but Is better to be sure I’ve just installed the new package, reset the ozone-platform to “Auto” and Chromium is working again as a Wayland client as expected. So I can confirm that the bug is fixed. Cheers, Davy Thank you Davy CC:
(none) =>
sysadmin-bugs This update seems to solve an issue launching it for one user https://forums.mageia.org/en/viewtopic.php?t=15357 Needs to get shipped.
Franz Holzinger
2024-05-08 09:56:18 CEST
CC:
(none) =>
flink An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2024-0161.html Status:
NEW =>
RESOLVED |