SUSE Package Hub - openSUSE-2024-254

Update Info

openSUSE-2024-254

Security update for chromium, gn, rust-bindgen

Type: security

Severity: important

Issued: 2024-08-19

Description:

This update for chromium, gn, rust-bindgen fixes the following issues:

- Chromium 127.0.6533.119 (boo#1228941)

  * CVE-2024-7532: Out of bounds memory access in ANGLE
  * CVE-2024-7533: Use after free in Sharing
  * CVE-2024-7550: Type Confusion in V8
  * CVE-2024-7534: Heap buffer overflow in Layout
  * CVE-2024-7535: Inappropriate implementation in V8
  * CVE-2024-7536: Use after free in WebAudio

- Chromium 127.0.6533.88 (boo#1228628, boo#1228940, boo#1228942)

  * CVE-2024-6988: Use after free in Downloads
  * CVE-2024-6989: Use after free in Loader
  * CVE-2024-6991: Use after free in Dawn
  * CVE-2024-6992: Out of bounds memory access in ANGLE
  * CVE-2024-6993: Inappropriate implementation in Canvas
  * CVE-2024-6994: Heap buffer overflow in Layout
  * CVE-2024-6995: Inappropriate implementation in Fullscreen
  * CVE-2024-6996: Race in Frames
  * CVE-2024-6997: Use after free in Tabs
  * CVE-2024-6998: Use after free in User Education
  * CVE-2024-6999: Inappropriate implementation in FedCM
  * CVE-2024-7000: Use after free in CSS. Reported by Anonymous
  * CVE-2024-7001: Inappropriate implementation in HTML
  * CVE-2024-7003: Inappropriate implementation in FedCM
  * CVE-2024-7004: Insufficient validation of untrusted input
    in Safe Browsing
  * CVE-2024-7005: Insufficient validation of untrusted input
    in Safe Browsing
  * CVE-2024-6990: Uninitialized Use in Dawn
  * CVE-2024-7255: Out of bounds read in WebTransport
  * CVE-2024-7256: Insufficient data validation in Dawn

gh:

- Update to version 0.20240730:
  * Rust: link_output, depend_output and runtime_outputs for dylibs
  * Add missing reference section to function_toolchain.cc
  * Do not cleanup args.gn imports located in the output directory.
  * Fix expectations in NinjaRustBinaryTargetWriterTest.SwiftModule
  * Do not add native dependencies to the library search path
  * Support linking frameworks and swiftmodules in Rust targets
  * [desc] Silence print() statements when outputing json
  * infra: Move CI/try builds to Ubuntu-22.04
  * [MinGW] Fix mingw building issues
  * [gn] Fix "link" in the //examples/simple_build/build/toolchain/BUILD.gn
  * [template] Fix "rule alink_thin" in the //build/build_linux.ninja.template
  * Allow multiple --ide switches
  * [src] Add "#include <limits>" in the //src/base/files/file_enumerator_win.cc
  * Get updates to infra/recipes.py from upstream
  * Revert "Teach gn to handle systems with > 64 processors"
  * [apple] Rename the code-signing properties of create_bundle
  * Fix a typo in "gn help refs" output
  * Revert "[bundle] Use "phony" builtin tool for create_bundle targets"
  * [bundle] Use "phony" builtin tool for create_bundle targets
  * [ios] Simplify handling of assets catalog
  * [swift] List all outputs as deps of "source_set" stamp file
  * [swift] Update `gn check ...` to consider the generated header
  * [swift] Set `restat = 1` to swift build rules
  * Fix build with gcc12
  * [label_matches] Add new functions label_matches(), filter_labels_include() and filter_labels_exclude()
  * [swift] Remove problematic use of "stamp" tool
  * Implement new --ninja-outputs-file option.
  * Add NinjaOutputsWriter class
  * Move InvokePython() function to its own source file.
  * zos: build with -DZOSLIB_OVERRIDE_CLIB to override creat
  * Enable C++ runtime assertions in debug mode.
  * Fix regression in MakeRelativePath()
  * fix: Fix Windows MakeRelativePath.
  * Add long path support for windows
  * Ensure read_file() files are considered by "gn analyze"
  * apply 2to3 to for some Python scripts
  * Add rustflags to desc and help output
  * strings: support case insensitive check only in StartsWith/EndsWith
  * add .git-blame-ignore-revs
  * use std::{string,string_view}::{starts_with,ends_with}
  * apply clang-format to all C++ sources
  * add forward declaration in rust_values.h
  * Add `root_patterns` list to build configuration.
  * Use c++20 in GN build
  * update windows sdk to 2024-01-11
  * update windows sdk
  * Add linux-riscv64.
  * Update OWNERS list.
  * remove unused function
  * Ignore build warning -Werror=redundant-move
  * Fix --as=buildfile `gn desc deps` output.
  * Update recipe engine to 9dea1246.
  * treewide: Fix spelling mistakes

Added rust-bindgen:

- Version 0.69.1

References

CVE: CVE-2024-7550
CVE: CVE-2024-7536
CVE: CVE-2024-7535
CVE: CVE-2024-7534
CVE: CVE-2024-7533
CVE: CVE-2024-7532
CVE: CVE-2024-7256
CVE: CVE-2024-7255
CVE: CVE-2024-7005
CVE: CVE-2024-7004
CVE: CVE-2024-7003
CVE: CVE-2024-7001
CVE: CVE-2024-7000
CVE: CVE-2024-6999
CVE: CVE-2024-6998
CVE: CVE-2024-6997
CVE: CVE-2024-6996
CVE: CVE-2024-6995
CVE: CVE-2024-6994
CVE: CVE-2024-6993
CVE: CVE-2024-6992
CVE: CVE-2024-6991
CVE: CVE-2024-6990
CVE: CVE-2024-6989
CVE: CVE-2024-6988
Bugzilla: 1228942 VUL-0: chromium: multiple vulnerabilities fixed in 127.0.6533.72
Bugzilla: 1228941 VUL-0: chromium,ungoogled-chromium: multiple vulnerabilities fixed in 127.0.6533.99
Bugzilla: 1228940 VUL-0: chromium,ungoogled-chromium: multiple vulnerabilities fixed in 127.0.6533.72
Bugzilla: 1228628 VUL-0: chromium,ungoogled-chromium: multiple vulnerabilities fixed in 127.0.6533.88

Packages

chromium-127.0.6533.119-bp156.2.14.1

gn-0.20240730-bp156.2.3.1

rust-bindgen-0.69.1-bp156.2.1