openSUSE Security Update: Security update for chromium, gn, rust-bindgen
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2024:0254-2
Rating:             important
References:         #1228628 #1228940 #1228941 #1228942 
Cross-References:   CVE-2024-6988 CVE-2024-6989 CVE-2024-6990
                    CVE-2024-6991 CVE-2024-6992 CVE-2024-6993
                    CVE-2024-6994 CVE-2024-6995 CVE-2024-6996
                    CVE-2024-6997 CVE-2024-6998 CVE-2024-6999
                    CVE-2024-7000 CVE-2024-7001 CVE-2024-7003
                    CVE-2024-7004 CVE-2024-7005 CVE-2024-7255
                    CVE-2024-7256 CVE-2024-7532 CVE-2024-7533
                    CVE-2024-7534 CVE-2024-7535 CVE-2024-7536
                    CVE-2024-7550
CVSS scores:
                    CVE-2024-6988 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
                    CVE-2024-6989 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
                    CVE-2024-6990 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
                    CVE-2024-6991 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
                    CVE-2024-6994 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
                    CVE-2024-6995 (NVD) : 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
                    CVE-2024-6996 (NVD) : 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
                    CVE-2024-6997 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
                    CVE-2024-6998 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
                    CVE-2024-6999 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
                    CVE-2024-7000 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
                    CVE-2024-7001 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
                    CVE-2024-7003 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
                    CVE-2024-7004 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
                    CVE-2024-7005 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
                    CVE-2024-7255 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
                    CVE-2024-7532 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
                    CVE-2024-7533 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
                    CVE-2024-7534 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
                    CVE-2024-7535 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
                    CVE-2024-7536 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
                    CVE-2024-7550 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products:
                    openSUSE Backports SLE-15-SP6
______________________________________________________________________________

   An update that fixes 25 vulnerabilities is now available.

Description:

   This update for chromium, gn, rust-bindgen fixes the following issues:

   - Chromium 127.0.6533.119 (boo#1228941)

     * CVE-2024-7532: Out of bounds memory access in ANGLE
     * CVE-2024-7533: Use after free in Sharing
     * CVE-2024-7550: Type Confusion in V8
     * CVE-2024-7534: Heap buffer overflow in Layout
     * CVE-2024-7535: Inappropriate implementation in V8
     * CVE-2024-7536: Use after free in WebAudio

   - Chromium 127.0.6533.88 (boo#1228628, boo#1228940, boo#1228942)

     * CVE-2024-6988: Use after free in Downloads
     * CVE-2024-6989: Use after free in Loader
     * CVE-2024-6991: Use after free in Dawn
     * CVE-2024-6992: Out of bounds memory access in ANGLE
     * CVE-2024-6993: Inappropriate implementation in Canvas
     * CVE-2024-6994: Heap buffer overflow in Layout
     * CVE-2024-6995: Inappropriate implementation in Fullscreen
     * CVE-2024-6996: Race in Frames
     * CVE-2024-6997: Use after free in Tabs
     * CVE-2024-6998: Use after free in User Education
     * CVE-2024-6999: Inappropriate implementation in FedCM
     * CVE-2024-7000: Use after free in CSS. Reported by Anonymous
     * CVE-2024-7001: Inappropriate implementation in HTML
     * CVE-2024-7003: Inappropriate implementation in FedCM
     * CVE-2024-7004: Insufficient validation of untrusted input in Safe
       Browsing
     * CVE-2024-7005: Insufficient validation of untrusted input in Safe
       Browsing
     * CVE-2024-6990: Uninitialized Use in Dawn
     * CVE-2024-7255: Out of bounds read in WebTransport
     * CVE-2024-7256: Insufficient data validation in Dawn

   gh:

   - Update to version 0.20240730:
     * Rust: link_output, depend_output and runtime_outputs for dylibs
     * Add missing reference section to function_toolchain.cc
     * Do not cleanup args.gn imports located in the output directory.
     * Fix expectations in NinjaRustBinaryTargetWriterTest.SwiftModule
     * Do not add native dependencies to the library search path
     * Support linking frameworks and swiftmodules in Rust targets
     * [desc] Silence print() statements when outputing json
     * infra: Move CI/try builds to Ubuntu-22.04
     * [MinGW] Fix mingw building issues
     * [gn] Fix "link" in the //examples/simple_build/build/toolchain/BUILD.gn
     * [template] Fix "rule alink_thin" in the
       //build/build_linux.ninja.template
     * Allow multiple --ide switches
     * [src] Add "#include " in the
       //src/base/files/file_enumerator_win.cc
     * Get updates to infra/recipes.py from upstream
     * Revert "Teach gn to handle systems with > 64 processors"
     * [apple] Rename the code-signing properties of create_bundle
     * Fix a typo in "gn help refs" output
     * Revert "[bundle] Use "phony" builtin tool for create_bundle targets"
     * [bundle] Use "phony" builtin tool for create_bundle targets
     * [ios] Simplify handling of assets catalog
     * [swift] List all outputs as deps of "source_set" stamp file
     * [swift] Update `gn check ...` to consider the generated header
     * [swift] Set `restat = 1` to swift build rules
     * Fix build with gcc12
     * [label_matches] Add new functions label_matches(),
       filter_labels_include() and filter_labels_exclude()
     * [swift] Remove problematic use of "stamp" tool
     * Implement new --ninja-outputs-file option.
     * Add NinjaOutputsWriter class
     * Move InvokePython() function to its own source file.
     * zos: build with -DZOSLIB_OVERRIDE_CLIB to override creat
     * Enable C++ runtime assertions in debug mode.
     * Fix regression in MakeRelativePath()
     * fix: Fix Windows MakeRelativePath.
     * Add long path support for windows
     * Ensure read_file() files are considered by "gn analyze"
     * apply 2to3 to for some Python scripts
     * Add rustflags to desc and help output
     * strings: support case insensitive check only in StartsWith/EndsWith
     * add .git-blame-ignore-revs
     * use std::{string,string_view}::{starts_with,ends_with}
     * apply clang-format to all C++ sources
     * add forward declaration in rust_values.h
     * Add `root_patterns` list to build configuration.
     * Use c++20 in GN build
     * update windows sdk to 2024-01-11
     * update windows sdk
     * Add linux-riscv64.
     * Update OWNERS list.
     * remove unused function
     * Ignore build warning -Werror=redundant-move
     * Fix --as=buildfile `gn desc deps` output.
     * Update recipe engine to 9dea1246.
     * treewide: Fix spelling mistakes

   Added rust-bindgen:

   - Version 0.69.1


Patch Instructions:

   To install this openSUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - openSUSE Backports SLE-15-SP6:

      zypper in -t patch openSUSE-2024-254=1



Package List:

   - openSUSE Backports SLE-15-SP6 (aarch64 i586 ppc64le s390x x86_64):

      gn-0.20240730-bp156.2.3.1
      gn-debuginfo-0.20240730-bp156.2.3.1
      gn-debugsource-0.20240730-bp156.2.3.1
      rust-bindgen-0.69.1-bp156.2.1
      rust-bindgen-debuginfo-0.69.1-bp156.2.1

   - openSUSE Backports SLE-15-SP6 (aarch64 x86_64):

      chromedriver-127.0.6533.119-bp156.2.14.1
      chromedriver-debuginfo-127.0.6533.119-bp156.2.14.1
      chromium-127.0.6533.119-bp156.2.14.1
      chromium-debuginfo-127.0.6533.119-bp156.2.14.1


References:

   https://www.suse.com/security/cve/CVE-2024-6988.html
   https://www.suse.com/security/cve/CVE-2024-6989.html
   https://www.suse.com/security/cve/CVE-2024-6990.html
   https://www.suse.com/security/cve/CVE-2024-6991.html
   https://www.suse.com/security/cve/CVE-2024-6992.html
   https://www.suse.com/security/cve/CVE-2024-6993.html
   https://www.suse.com/security/cve/CVE-2024-6994.html
   https://www.suse.com/security/cve/CVE-2024-6995.html
   https://www.suse.com/security/cve/CVE-2024-6996.html
   https://www.suse.com/security/cve/CVE-2024-6997.html
   https://www.suse.com/security/cve/CVE-2024-6998.html
   https://www.suse.com/security/cve/CVE-2024-6999.html
   https://www.suse.com/security/cve/CVE-2024-7000.html
   https://www.suse.com/security/cve/CVE-2024-7001.html
   https://www.suse.com/security/cve/CVE-2024-7003.html
   https://www.suse.com/security/cve/CVE-2024-7004.html
   https://www.suse.com/security/cve/CVE-2024-7005.html
   https://www.suse.com/security/cve/CVE-2024-7255.html
   https://www.suse.com/security/cve/CVE-2024-7256.html
   https://www.suse.com/security/cve/CVE-2024-7532.html
   https://www.suse.com/security/cve/CVE-2024-7533.html
   https://www.suse.com/security/cve/CVE-2024-7534.html
   https://www.suse.com/security/cve/CVE-2024-7535.html
   https://www.suse.com/security/cve/CVE-2024-7536.html
   https://www.suse.com/security/cve/CVE-2024-7550.html
   https://bugzilla.suse.com/1228628
   https://bugzilla.suse.com/1228940
   https://bugzilla.suse.com/1228941
   https://bugzilla.suse.com/1228942

openSUSE: 2024:0254-2 important: chromium, gn, rust-bindgen Advisory Security Update

August 23, 2024
An update that fixes 25 vulnerabilities is now available

Description

This update for chromium, gn, rust-bindgen fixes the following issues: - Chromium 127.0.6533.119 (boo#1228941) * CVE-2024-7532: Out of bounds memory access in ANGLE * CVE-2024-7533: Use after free in Sharing * CVE-2024-7550: Type Confusion in V8 * CVE-2024-7534: Heap buffer overflow in Layout * CVE-2024-7535: Inappropriate implementation in V8 * CVE-2024-7536: Use after free in WebAudio - Chromium 127.0.6533.88 (boo#1228628, boo#1228940, boo#1228942) * CVE-2024-6988: Use after free in Downloads * CVE-2024-6989: Use after free in Loader * CVE-2024-6991: Use after free in Dawn * CVE-2024-6992: Out of bounds memory access in ANGLE * CVE-2024-6993: Inappropriate implementation in Canvas * CVE-2024-6994: Heap buffer overflow in Layout * CVE-2024-6995: Inappropriate implementation in Fullscreen * CVE-2024-6996: Race in Frames * CVE-2024-6997: Use after free in Tabs * CVE-2024-6998: Use after free in U...

Read the Full Advisory

 

Patch

Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP6: zypper in -t patch openSUSE-2024-254=1


Package List

- openSUSE Backports SLE-15-SP6 (aarch64 i586 ppc64le s390x x86_64): gn-0.20240730-bp156.2.3.1 gn-debuginfo-0.20240730-bp156.2.3.1 gn-debugsource-0.20240730-bp156.2.3.1 rust-bindgen-0.69.1-bp156.2.1 rust-bindgen-debuginfo-0.69.1-bp156.2.1 - openSUSE Backports SLE-15-SP6 (aarch64 x86_64): chromedriver-127.0.6533.119-bp156.2.14.1 chromedriver-debuginfo-127.0.6533.119-bp156.2.14.1 chromium-127.0.6533.119-bp156.2.14.1 chromium-debuginfo-127.0.6533.119-bp156.2.14.1


References

https://www.suse.com/security/cve/CVE-2024-6988.html https://www.suse.com/security/cve/CVE-2024-6989.html https://www.suse.com/security/cve/CVE-2024-6990.html https://www.suse.com/security/cve/CVE-2024-6991.html https://www.suse.com/security/cve/CVE-2024-6992.html https://www.suse.com/security/cve/CVE-2024-6993.html https://www.suse.com/security/cve/CVE-2024-6994.html https://www.suse.com/security/cve/CVE-2024-6995.html https://www.suse.com/security/cve/CVE-2024-6996.html https://www.suse.com/security/cve/CVE-2024-6997.html https://www.suse.com/security/cve/CVE-2024-6998.html https://www.suse.com/security/cve/CVE-2024-6999.html https://www.suse.com/security/cve/CVE-2024-7000.html https://www.suse.com/security/cve/CVE-2024-7001.html https://www.suse.com/security/cve/CVE-2024-7003.html https://www.suse.com/security/cve/CVE-2024-7004.html https://www.suse.com/security/cve/CVE-2024-7005.html https://www.suse.com/security/cve/CVE-2024-7255.html https://www.suse.com/security/cve/CVE-2024-7256.html https://www.suse.com/security/cve/CVE-2024-7532.html https://www.suse.com/security/cve/CVE-2024-7533.html https://www.suse.com/security/cve/CVE-2024-7534.html https://www.suse.com/security/cve/CVE-2024-7535.html https://www.suse.com/security/cve/CVE-2024-7536.html https://www.suse.com/security/cve/CVE-2024-7550.html https://bugzilla.suse.com/1228628 https://bugzilla.suse.com/1228940 https://bugzilla.suse.com/1228941 https://bugzilla.suse.com/1228942


Severity
Announcement ID: openSUSE-SU-2024:0254-2
Rating: important
Affected Products: openSUSE Backports SLE-15-SP6 .

Related News

The End of the Road for Linux 6.11: A Call to Upgrade to Kernel 6.12
3 - 5 min read
The Linux kernel community recently issued an EOL announcement regarding the 6.11 kernel series, urging sysadmins to upgrade quickly to 6.12 . This
A Linux Admin
3 - 6 min read
As 2025 approaches, we Linux admins are facing new and often unseen cloud-native security obstacles. While skilled at mitigating known risks,
Leveraging Insights from the Linux Foundation
3 - 5 min read
The Linux Foundation's recent Census III report provides critical insights for Linux administrators, information security professionals, and anyone
Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns
3 - 6 min read
Google recently unveiled a critical security update to their popular web browser, Google Chrome, addressing over a dozen significant security
From Wayland Fixes to Security Boosts: Examining Qt 6.8.1
3 - 6 min read
The recent Qt 6.8.1 release brings significant updates and improvements, strengthening its reputation as a secure and reliable application
Exploring Arch Linux 2024.12.01: Security Implications & Notable Enhancements for Linux Admins
3 - 6 min read
The Arch Linux 2024.12.01 ISO release marks an impressive milestone, offering cutting-edge updates that enhance functionality, streamline
Deck the Halls with Enhanced Security: Linux Kernel 6.13
3 - 5 min read
As Linux admins and infosec professionals prepare for the holiday season, there's much cause for celebration this year! Linus Torvalds recently made
Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions
3 - 5 min read
New Linux security threats mark critical junctures that challenge existing policies and test security protocols to their limit. One such milestone

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved