openSUSE-SU-2024:0254-2
See a problem?- Import Source
- https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2024:0254-2.json
- JSON Data
- https://api.osv.dev/v1/vulns/openSUSE-SU-2024:0254-2
- Upstream
- Related
- Published
- 2024-08-18T22:20:17Z
- Modified
- 2025-05-07T18:16:30.426515Z
- Summary
- Security update for chromium, gn, rust-bindgen
- Details
-
This update for chromium, gn, rust-bindgen fixes the following issues:
Chromium 127.0.6533.119 (boo#1228941)
- CVE-2024-7532: Out of bounds memory access in ANGLE
- CVE-2024-7533: Use after free in Sharing
- CVE-2024-7550: Type Confusion in V8
- CVE-2024-7534: Heap buffer overflow in Layout
- CVE-2024-7535: Inappropriate implementation in V8
- CVE-2024-7536: Use after free in WebAudio
Chromium 127.0.6533.88 (boo#1228628, boo#1228940, boo#1228942)
- CVE-2024-6988: Use after free in Downloads
- CVE-2024-6989: Use after free in Loader
- CVE-2024-6991: Use after free in Dawn
- CVE-2024-6992: Out of bounds memory access in ANGLE
- CVE-2024-6993: Inappropriate implementation in Canvas
- CVE-2024-6994: Heap buffer overflow in Layout
- CVE-2024-6995: Inappropriate implementation in Fullscreen
- CVE-2024-6996: Race in Frames
- CVE-2024-6997: Use after free in Tabs
- CVE-2024-6998: Use after free in User Education
- CVE-2024-6999: Inappropriate implementation in FedCM
- CVE-2024-7000: Use after free in CSS. Reported by Anonymous
- CVE-2024-7001: Inappropriate implementation in HTML
- CVE-2024-7003: Inappropriate implementation in FedCM
- CVE-2024-7004: Insufficient validation of untrusted input in Safe Browsing
- CVE-2024-7005: Insufficient validation of untrusted input in Safe Browsing
- CVE-2024-6990: Uninitialized Use in Dawn
- CVE-2024-7255: Out of bounds read in WebTransport
- CVE-2024-7256: Insufficient data validation in Dawn
gh:
- Update to version 0.20240730:
- Rust: linkoutput, dependoutput and runtimeoutputs for dylibs
- Add missing reference section to functiontoolchain.cc
- Do not cleanup args.gn imports located in the output directory.
- Fix expectations in NinjaRustBinaryTargetWriterTest.SwiftModule
- Do not add native dependencies to the library search path
- Support linking frameworks and swiftmodules in Rust targets
- [desc] Silence print() statements when outputing json
- infra: Move CI/try builds to Ubuntu-22.04
- [MinGW] Fix mingw building issues
- [gn] Fix 'link' in the //examples/simplebuild/build/toolchain/BUILD.gn
- [template] Fix 'rule alinkthin' in the //build/buildlinux.ninja.template
- Allow multiple --ide switches
- [src] Add '#include <limits>' in the //src/base/files/fileenumeratorwin.cc
- Get updates to infra/recipes.py from upstream
- Revert 'Teach gn to handle systems with > 64 processors'
- [apple] Rename the code-signing properties of createbundle
- Fix a typo in 'gn help refs' output
- Revert '[bundle] Use 'phony' builtin tool for createbundle targets'
- [bundle] Use 'phony' builtin tool for createbundle targets
- [ios] Simplify handling of assets catalog
- [swift] List all outputs as deps of 'sourceset' stamp file
- [swift] Update
gn check ...to consider the generated header - [swift] Set
restat = 1to swift build rules - Fix build with gcc12
- [labelmatches] Add new functions labelmatches(), filterlabelsinclude() and filterlabelsexclude()
- [swift] Remove problematic use of 'stamp' tool
- Implement new --ninja-outputs-file option.
- Add NinjaOutputsWriter class
- Move InvokePython() function to its own source file.
- zos: build with -DZOSLIBOVERRIDECLIB to override creat
- Enable C++ runtime assertions in debug mode.
- Fix regression in MakeRelativePath()
- fix: Fix Windows MakeRelativePath.
- Add long path support for windows
- Ensure readfile() files are considered by 'gn analyze'
- apply 2to3 to for some Python scripts
- Add rustflags to desc and help output
- strings: support case insensitive check only in StartsWith/EndsWith
- add .git-blame-ignore-revs
- use std::{string,stringview}::{startswith,endswith}
- apply clang-format to all C++ sources
- add forward declaration in rustvalues.h
- Add
root_patternslist to build configuration. - Use c++20 in GN build
- update windows sdk to 2024-01-11
- update windows sdk
- Add linux-riscv64.
- Update OWNERS list.
- remove unused function
- Ignore build warning -Werror=redundant-move
- Fix --as=buildfile
gn desc depsoutput. - Update recipe engine to 9dea1246.
- treewide: Fix spelling mistakes
Added rust-bindgen:
- Version 0.69.1
- References
-
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/KC4DDO3O7C7P2VVA7A7WIO5RVISNZ3HV/
- https://bugzilla.suse.com/1228628
- https://bugzilla.suse.com/1228940
- https://bugzilla.suse.com/1228941
- https://bugzilla.suse.com/1228942
- https://www.suse.com/security/cve/CVE-2024-6988
- https://www.suse.com/security/cve/CVE-2024-6989
- https://www.suse.com/security/cve/CVE-2024-6990
- https://www.suse.com/security/cve/CVE-2024-6991
- https://www.suse.com/security/cve/CVE-2024-6992
- https://www.suse.com/security/cve/CVE-2024-6993
- https://www.suse.com/security/cve/CVE-2024-6994
- https://www.suse.com/security/cve/CVE-2024-6995
- https://www.suse.com/security/cve/CVE-2024-6996
- https://www.suse.com/security/cve/CVE-2024-6997
- https://www.suse.com/security/cve/CVE-2024-6998
- https://www.suse.com/security/cve/CVE-2024-6999
- https://www.suse.com/security/cve/CVE-2024-7000
- https://www.suse.com/security/cve/CVE-2024-7001
- https://www.suse.com/security/cve/CVE-2024-7003
- https://www.suse.com/security/cve/CVE-2024-7004
- https://www.suse.com/security/cve/CVE-2024-7005
- https://www.suse.com/security/cve/CVE-2024-7255
- https://www.suse.com/security/cve/CVE-2024-7256
- https://www.suse.com/security/cve/CVE-2024-7532
- https://www.suse.com/security/cve/CVE-2024-7533
- https://www.suse.com/security/cve/CVE-2024-7534
- https://www.suse.com/security/cve/CVE-2024-7535
- https://www.suse.com/security/cve/CVE-2024-7536
- https://www.suse.com/security/cve/CVE-2024-7550