openSUSE: 2024:0254-2 important: chromium, gn, rust-bindgen Advisory Security Update
Description
This update for chromium, gn, rust-bindgen fixes the following issues:
- Chromium 127.0.6533.119 (boo#1228941)
* CVE-2024-7532: Out of bounds memory access in ANGLE
* CVE-2024-7533: Use after free in Sharing
* CVE-2024-7550: Type Confusion in V8
* CVE-2024-7534: Heap buffer overflow in Layout
* CVE-2024-7535: Inappropriate implementation in V8
* CVE-2024-7536: Use after free in WebAudio
- Chromium 127.0.6533.88 (boo#1228628, boo#1228940, boo#1228942)
* CVE-2024-6988: Use after free in Downloads
* CVE-2024-6989: Use after free in Loader
* CVE-2024-6991: Use after free in Dawn
* CVE-2024-6992: Out of bounds memory access in ANGLE
* CVE-2024-6993: Inappropriate implementation in Canvas
* CVE-2024-6994: Heap buffer overflow in Layout
* CVE-2024-6995: Inappropriate implementation in Fullscreen
* CVE-2024-6996: Race in Frames
* CVE-2024-6997: Use after free in Tabs
* CVE-2024-6998: Use after free in User Education
* CVE-2024-6999: Inappropriate implementation in FedCM
* CVE-2024-7000: Use after free in CSS. Reported by Anonymous
* CVE-2024-7001: Inappropriate implementation in HTML
* CVE-2024-7003: Inappropriate implementation in FedCM
* CVE-2024-7004: Insufficient validation of untrusted input in Safe
Browsing
* CVE-2024-7005: Insufficient validation of untrusted input in Safe
Browsing
* CVE-2024-6990: Uninitialized Use in Dawn
* CVE-2024-7255: Out of bounds read in WebTransport
* CVE-2024-7256: Insufficient data validation in Dawn
gh:
- Update to version 0.20240730:
* Rust: link_output, depend_output and runtime_outputs for dylibs
* Add missing reference section to function_toolchain.cc
* Do not cleanup args.gn imports located in the output directory.
* Fix expectations in NinjaRustBinaryTargetWriterTest.SwiftModule
* Do not add native dependencies to the library search path
* Support linking frameworks and swiftmodules in Rust targets
* [desc] Silence print() statements when outputing json
* infra: Move CI/try builds to Ubuntu-22.04
* [MinGW] Fix mingw building issues
* [gn] Fix "link" in the //examples/simple_build/build/toolchain/BUILD.gn
* [template] Fix "rule alink_thin" in the
//build/build_linux.ninja.template
* Allow multiple --ide switches
* [src] Add "#include
Patch
Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP6: zypper in -t patch openSUSE-2024-254=1
Package List
- openSUSE Backports SLE-15-SP6 (aarch64 i586 ppc64le s390x x86_64): gn-0.20240730-bp156.2.3.1 gn-debuginfo-0.20240730-bp156.2.3.1 gn-debugsource-0.20240730-bp156.2.3.1 rust-bindgen-0.69.1-bp156.2.1 rust-bindgen-debuginfo-0.69.1-bp156.2.1 - openSUSE Backports SLE-15-SP6 (aarch64 x86_64): chromedriver-127.0.6533.119-bp156.2.14.1 chromedriver-debuginfo-127.0.6533.119-bp156.2.14.1 chromium-127.0.6533.119-bp156.2.14.1 chromium-debuginfo-127.0.6533.119-bp156.2.14.1
References
https://www.suse.com/security/cve/CVE-2024-6988.html https://www.suse.com/security/cve/CVE-2024-6989.html https://www.suse.com/security/cve/CVE-2024-6990.html https://www.suse.com/security/cve/CVE-2024-6991.html https://www.suse.com/security/cve/CVE-2024-6992.html https://www.suse.com/security/cve/CVE-2024-6993.html https://www.suse.com/security/cve/CVE-2024-6994.html https://www.suse.com/security/cve/CVE-2024-6995.html https://www.suse.com/security/cve/CVE-2024-6996.html https://www.suse.com/security/cve/CVE-2024-6997.html https://www.suse.com/security/cve/CVE-2024-6998.html https://www.suse.com/security/cve/CVE-2024-6999.html https://www.suse.com/security/cve/CVE-2024-7000.html https://www.suse.com/security/cve/CVE-2024-7001.html https://www.suse.com/security/cve/CVE-2024-7003.html https://www.suse.com/security/cve/CVE-2024-7004.html https://www.suse.com/security/cve/CVE-2024-7005.html https://www.suse.com/security/cve/CVE-2024-7255.html https://www.suse.com/security/cve/CVE-2024-7256.html https://www.suse.com/security/cve/CVE-2024-7532.html https://www.suse.com/security/cve/CVE-2024-7533.html https://www.suse.com/security/cve/CVE-2024-7534.html https://www.suse.com/security/cve/CVE-2024-7535.html https://www.suse.com/security/cve/CVE-2024-7536.html https://www.suse.com/security/cve/CVE-2024-7550.html https://bugzilla.suse.com/1228628 https://bugzilla.suse.com/1228940 https://bugzilla.suse.com/1228941 https://bugzilla.suse.com/1228942