openSUSE-SU-2024:0254-2

See a problem?
Import Source
https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2024:0254-2.json
JSON Data
https://api.test.osv.dev/v1/vulns/openSUSE-SU-2024:0254-2
Related
Published
2024-08-18T22:20:17Z
Modified
2024-08-18T22:20:17Z
Summary
Security update for chromium, gn, rust-bindgen
Details

This update for chromium, gn, rust-bindgen fixes the following issues:

  • Chromium 127.0.6533.119 (boo#1228941)

    • CVE-2024-7532: Out of bounds memory access in ANGLE
    • CVE-2024-7533: Use after free in Sharing
    • CVE-2024-7550: Type Confusion in V8
    • CVE-2024-7534: Heap buffer overflow in Layout
    • CVE-2024-7535: Inappropriate implementation in V8
    • CVE-2024-7536: Use after free in WebAudio

  • Chromium 127.0.6533.88 (boo#1228628, boo#1228940, boo#1228942)

    • CVE-2024-6988: Use after free in Downloads
    • CVE-2024-6989: Use after free in Loader
    • CVE-2024-6991: Use after free in Dawn
    • CVE-2024-6992: Out of bounds memory access in ANGLE
    • CVE-2024-6993: Inappropriate implementation in Canvas
    • CVE-2024-6994: Heap buffer overflow in Layout
    • CVE-2024-6995: Inappropriate implementation in Fullscreen
    • CVE-2024-6996: Race in Frames
    • CVE-2024-6997: Use after free in Tabs
    • CVE-2024-6998: Use after free in User Education
    • CVE-2024-6999: Inappropriate implementation in FedCM
    • CVE-2024-7000: Use after free in CSS. Reported by Anonymous
    • CVE-2024-7001: Inappropriate implementation in HTML
    • CVE-2024-7003: Inappropriate implementation in FedCM
    • CVE-2024-7004: Insufficient validation of untrusted input in Safe Browsing
    • CVE-2024-7005: Insufficient validation of untrusted input in Safe Browsing
    • CVE-2024-6990: Uninitialized Use in Dawn
    • CVE-2024-7255: Out of bounds read in WebTransport
    • CVE-2024-7256: Insufficient data validation in Dawn

gh:

  • Update to version 0.20240730:
    • Rust: linkoutput, dependoutput and runtimeoutputs for dylibs
    • Add missing reference section to functiontoolchain.cc
    • Do not cleanup args.gn imports located in the output directory.
    • Fix expectations in NinjaRustBinaryTargetWriterTest.SwiftModule
    • Do not add native dependencies to the library search path
    • Support linking frameworks and swiftmodules in Rust targets
    • [desc] Silence print() statements when outputing json
    • infra: Move CI/try builds to Ubuntu-22.04
    • [MinGW] Fix mingw building issues
    • [gn] Fix 'link' in the //examples/simplebuild/build/toolchain/BUILD.gn
    • [template] Fix 'rule alinkthin' in the //build/buildlinux.ninja.template
    • Allow multiple --ide switches
    • [src] Add '#include <limits>' in the //src/base/files/fileenumeratorwin.cc
    • Get updates to infra/recipes.py from upstream
    • Revert 'Teach gn to handle systems with > 64 processors'
    • [apple] Rename the code-signing properties of createbundle
    • Fix a typo in 'gn help refs' output
    • Revert '[bundle] Use 'phony' builtin tool for createbundle targets'
    • [bundle] Use 'phony' builtin tool for createbundle targets
    • [ios] Simplify handling of assets catalog
    • [swift] List all outputs as deps of 'sourceset' stamp file
    • [swift] Update gn check ... to consider the generated header
    • [swift] Set restat = 1 to swift build rules
    • Fix build with gcc12
    • [labelmatches] Add new functions labelmatches(), filterlabelsinclude() and filterlabelsexclude()
    • [swift] Remove problematic use of 'stamp' tool
    • Implement new --ninja-outputs-file option.
    • Add NinjaOutputsWriter class
    • Move InvokePython() function to its own source file.
    • zos: build with -DZOSLIBOVERRIDECLIB to override creat
    • Enable C++ runtime assertions in debug mode.
    • Fix regression in MakeRelativePath()
    • fix: Fix Windows MakeRelativePath.
    • Add long path support for windows
    • Ensure readfile() files are considered by 'gn analyze'
    • apply 2to3 to for some Python scripts
    • Add rustflags to desc and help output
    • strings: support case insensitive check only in StartsWith/EndsWith
    • add .git-blame-ignore-revs
    • use std::{string,stringview}::{startswith,endswith}
    • apply clang-format to all C++ sources
    • add forward declaration in rustvalues.h
    • Add root_patterns list to build configuration.
    • Use c++20 in GN build
    • update windows sdk to 2024-01-11
    • update windows sdk
    • Add linux-riscv64.
    • Update OWNERS list.
    • remove unused function
    • Ignore build warning -Werror=redundant-move
    • Fix --as=buildfile gn desc deps output.
    • Update recipe engine to 9dea1246.
    • treewide: Fix spelling mistakes

Added rust-bindgen:

  • Version 0.69.1
References

Affected packages

SUSE:Package Hub 15 SP5 / chromium

Package

Name
chromium
Purl
pkg:rpm/suse/chromium&distro=SUSE%20Package%20Hub%2015%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
127.0.6533.119-bp156.2.14.1

Ecosystem specific 

{
    "binaries": [
        {
            "gn": "0.20240730-bp156.2.3.1",
            "chromedriver": "127.0.6533.119-bp156.2.14.1",
            "chromium": "127.0.6533.119-bp156.2.14.1",
            "rust-bindgen": "0.69.1-bp156.2.1"
        }
    ]
}

SUSE:Package Hub 15 SP5 / gn

Package

Name
gn
Purl
pkg:rpm/suse/gn&distro=SUSE%20Package%20Hub%2015%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.20240730-bp156.2.3.1

Ecosystem specific 

{
    "binaries": [
        {
            "gn": "0.20240730-bp156.2.3.1",
            "chromedriver": "127.0.6533.119-bp156.2.14.1",
            "chromium": "127.0.6533.119-bp156.2.14.1",
            "rust-bindgen": "0.69.1-bp156.2.1"
        }
    ]
}

SUSE:Package Hub 15 SP5 / rust-bindgen

Package

Name
rust-bindgen
Purl
pkg:rpm/suse/rust-bindgen&distro=SUSE%20Package%20Hub%2015%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.69.1-bp156.2.1

Ecosystem specific 

{
    "binaries": [
        {
            "gn": "0.20240730-bp156.2.3.1",
            "chromedriver": "127.0.6533.119-bp156.2.14.1",
            "chromium": "127.0.6533.119-bp156.2.14.1",
            "rust-bindgen": "0.69.1-bp156.2.1"
        }
    ]
}

SUSE:Package Hub 15 SP6 / chromium

Package

Name
chromium
Purl
pkg:rpm/suse/chromium&distro=SUSE%20Package%20Hub%2015%20SP6

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
127.0.6533.119-bp156.2.14.1

Ecosystem specific 

{
    "binaries": [
        {
            "gn": "0.20240730-bp156.2.3.1",
            "chromedriver": "127.0.6533.119-bp156.2.14.1",
            "chromium": "127.0.6533.119-bp156.2.14.1",
            "rust-bindgen": "0.69.1-bp156.2.1"
        }
    ]
}

SUSE:Package Hub 15 SP6 / gn

Package

Name
gn
Purl
pkg:rpm/suse/gn&distro=SUSE%20Package%20Hub%2015%20SP6

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.20240730-bp156.2.3.1

Ecosystem specific 

{
    "binaries": [
        {
            "gn": "0.20240730-bp156.2.3.1",
            "chromedriver": "127.0.6533.119-bp156.2.14.1",
            "chromium": "127.0.6533.119-bp156.2.14.1",
            "rust-bindgen": "0.69.1-bp156.2.1"
        }
    ]
}

SUSE:Package Hub 15 SP6 / rust-bindgen

Package

Name
rust-bindgen
Purl
pkg:rpm/suse/rust-bindgen&distro=SUSE%20Package%20Hub%2015%20SP6

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.69.1-bp156.2.1

Ecosystem specific 

{
    "binaries": [
        {
            "gn": "0.20240730-bp156.2.3.1",
            "chromedriver": "127.0.6533.119-bp156.2.14.1",
            "chromium": "127.0.6533.119-bp156.2.14.1",
            "rust-bindgen": "0.69.1-bp156.2.1"
        }
    ]
}

openSUSE:Leap 15.5 / chromium

Package

Name
chromium
Purl
pkg:rpm/opensuse/chromium&distro=openSUSE%20Leap%2015.5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
127.0.6533.119-bp156.2.14.1

Ecosystem specific 

{
    "binaries": [
        {
            "gn": "0.20240730-bp156.2.3.1",
            "chromedriver": "127.0.6533.119-bp156.2.14.1",
            "chromium": "127.0.6533.119-bp156.2.14.1",
            "rust-bindgen": "0.69.1-bp156.2.1"
        }
    ]
}

openSUSE:Leap 15.5 / gn

Package

Name
gn
Purl
pkg:rpm/opensuse/gn&distro=openSUSE%20Leap%2015.5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.20240730-bp156.2.3.1

Ecosystem specific 

{
    "binaries": [
        {
            "gn": "0.20240730-bp156.2.3.1",
            "chromedriver": "127.0.6533.119-bp156.2.14.1",
            "chromium": "127.0.6533.119-bp156.2.14.1",
            "rust-bindgen": "0.69.1-bp156.2.1"
        }
    ]
}

openSUSE:Leap 15.5 / rust-bindgen

Package

Name
rust-bindgen
Purl
pkg:rpm/opensuse/rust-bindgen&distro=openSUSE%20Leap%2015.5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.69.1-bp156.2.1

Ecosystem specific 

{
    "binaries": [
        {
            "gn": "0.20240730-bp156.2.3.1",
            "chromedriver": "127.0.6533.119-bp156.2.14.1",
            "chromium": "127.0.6533.119-bp156.2.14.1",
            "rust-bindgen": "0.69.1-bp156.2.1"
        }
    ]
}

openSUSE:Leap 15.6 / chromium

Package

Name
chromium
Purl
pkg:rpm/opensuse/chromium&distro=openSUSE%20Leap%2015.6

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
127.0.6533.119-bp156.2.14.1

Ecosystem specific 

{
    "binaries": [
        {
            "gn": "0.20240730-bp156.2.3.1",
            "chromedriver": "127.0.6533.119-bp156.2.14.1",
            "chromium": "127.0.6533.119-bp156.2.14.1",
            "rust-bindgen": "0.69.1-bp156.2.1"
        }
    ]
}

openSUSE:Leap 15.6 / gn

Package

Name
gn
Purl
pkg:rpm/opensuse/gn&distro=openSUSE%20Leap%2015.6

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.20240730-bp156.2.3.1

Ecosystem specific 

{
    "binaries": [
        {
            "gn": "0.20240730-bp156.2.3.1",
            "chromedriver": "127.0.6533.119-bp156.2.14.1",
            "chromium": "127.0.6533.119-bp156.2.14.1",
            "rust-bindgen": "0.69.1-bp156.2.1"
        }
    ]
}

openSUSE:Leap 15.6 / rust-bindgen

Package

Name
rust-bindgen
Purl
pkg:rpm/opensuse/rust-bindgen&distro=openSUSE%20Leap%2015.6

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.69.1-bp156.2.1

Ecosystem specific 

{
    "binaries": [
        {
            "gn": "0.20240730-bp156.2.3.1",
            "chromedriver": "127.0.6533.119-bp156.2.14.1",
            "chromium": "127.0.6533.119-bp156.2.14.1",
            "rust-bindgen": "0.69.1-bp156.2.1"
        }
    ]
}