New upstream security release: https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop.html
OK here mga9-64 It compiled much quicker this time :) $ chromium-browser --version Chromium 123.0.6312.105 Mageia.Org 9 Swedish localisation Remembered settings and opened tabs Various shops, banking, video sites Saving files, showing pdf, printing
CC: (none) => friAssignee: chb0 => qa-bugs
Hi @Morgan. Indeed, good surprise! ADVISORY NOTICE PROPOSAL ======================== New chromium-browser-stable 123.0.6312.105 security update Description The chromium-browser-stable package has been updated to the 123.0.6312.105 release. It includes 3 security fixes. High CVE-2024-3156: Inappropriate implementation in V8. Reported by Zhenghang Xiao (@Kipreyyy) on 2024-03-12 High CVE-2024-3158: Use after free in Bookmarks. Reported by undoingfish on 2024-03-17 High CVE-2024-3159: Out of bounds memory access in V8. Reported by Edouard Bochin (@le_douds) and Tao Yan (@Ga1ois) of Palo Alto Networks, via Pwn2Own 2024 on 2024-03-22 Please, do note, only x86_64 is supported from now on. i586 support for linux was stopped some years ago and the community is not able to provide patches anymore for the latest Chromium code. References https://bugs.mageia.org/show_bug.cgi?id=33056 https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop.html SRPMS 9/tainted chromium-browser-stable-123.0.6312.105-1.mga9.tainted.src.rpm PROVIDED PACKAGES ================= x86_64 chromium-browser-123.0.6312.105-1.mga9.tainted.x86_64.rpm chromium-browser-stable-123.0.6312.105-1.mga9.tainted.x86_64.rpm
CVE: (none) => CVE-2024-3156, CVE-2024-3158, CVE-2024-3159Summary: Updated chromium 123.0.6312.105 packages fix vulnerabilities => Updated chromium 123.0.6312.105 packages fix vulnerabilities (CVE-2024-3156/58/59)
CC: (none) => andrewsfarm
My problem with this is you not wait until the bug#33032 were closed by Mageia Robot so the users not really get the previous update :(
Blocks: (none) => 33032
(In reply to katnatek from comment #3) > My problem with this is you not wait until the bug#33032 were closed by > Mageia Robot so the users not really get the previous update :( Sorry for that. I thought giving the time build Chromium on our BS, the robot would have pushed it already. But this, it appears the build has been much quicker!
Hardware: All => x86_64
(In reply to christian barranco from comment #4) > (In reply to katnatek from comment #3) > > My problem with this is you not wait until the bug#33032 were closed by > > Mageia Robot so the users not really get the previous update :( > > Sorry for that. I thought giving the time build Chromium on our BS, the > robot would have pushed it already. But this, it appears the build has been > much quicker! As some manual work from sysadmins is needed, you can't trust that will works
Updated without issues from the previous never released version installing chromium-browser-stable-123.0.6312.105-1.mga9.tainted.x86_64.rpm from //home/katnatek/qa-testing/x86_64 Preparing... ################################################################################################## 1/1: chromium-browser-stable ################################################################################################## 1/1: removing chromium-browser-stable-123.0.6312.86-1.mga9.tainted.x86_64 ################################################################################################## Youtube works Facebook works Mageia sites works Other of my regular visited sites works
Keywords: (none) => advisory
Despite it is a security fix, the changes are minor and limited validation is required, as you just did many tests within https://bugs.mageia.org/show_bug.cgi?id=33032
(In reply to christian barranco from comment #7) > Despite it is a security fix, the changes are minor and limited validation > is required, as you just did many tests within > https://bugs.mageia.org/show_bug.cgi?id=33032 I guess Thomas will be with me, when I say "That is not how QA works", is better if all the test is redone
Agreed.
MGA9-64 Plasma, i5-7500, Nvidia Quadro K620 graphics. No installation issues updating over the previous version. Checked banking, Youtube, local weather, using it now. No issues to report.
Dell Chromebook (really old), Xfce Upgraded it no issues
CC: (none) => brtians1
MGA9-64, Plasma, nvidia 550 driver Installation no issues. Working as expected. Plays videos properly and is responsive. No crazy memory usage.
Whiteboard: (none) => MGA9-64-OK
MGA9-64 Plasma, HP Pavilion, A8-4555M APU, HD 7600G graphics. Fresh install of Chromium (running out of systems where I can do this...), imported bookmarks etc. from Firefox OK. Visited several sites, local weather, GOES satellite loop, NOAA Climate Prediction Center. Using it to make this report. Looking good - validating.
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2024-0109.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED
(In reply to Thomas Andrews from comment #13) > MGA9-64 Plasma, HP Pavilion, A8-4555M APU, HD 7600G graphics. > > Fresh install of Chromium (running out of systems where I can do this...), > imported bookmarks etc. from Firefox OK. Visited several sites, local > weather, GOES satellite loop, NOAA Climate Prediction Center. > > Using it to make this report. > > Looking good - validating. You Always can uninstall and remove ~/.config/chromium and ~/.cache/chromium after make the test or before make new test ;)