Bugzilla – Bug 1211843
VUL-0: chromium: multiple security issues fixed in 114.0.5735.90
Last modified: 2023-06-09 17:54:27 UTC
Fixed in Chromium 114.0.5735.90: - CVE-2023-2929: Out of bounds write in Swiftshader - CVE-2023-2930: Use after free in Extensions. Reported by asnine on 2023-05-08 - CVE-2023-2931: Use after free in PDF - CVE-2023-2932: Use after free in PDF - CVE-2023-2933: Use after free in PDF - CVE-2023-2934: Out of bounds memory access in Mojo - CVE-2023-2935: Type Confusion in V8 - CVE-2023-2936: Type Confusion in V8 - CVE-2023-2937: Inappropriate implementation in Picture In Picture - CVE-2023-2938: Inappropriate implementation in Picture In Picture - CVE-2023-2939: Insufficient data validation in Installer - CVE-2023-2940: Inappropriate implementation in Downloads - CVE-2023-2941: Inappropriate implementation in Extensions API https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop_30.html
https://build.opensuse.org/package/show/network:chromium/chromium-beta [ 289s] ERROR at //build/config/rust.gni:143:22: Script returned non-zero exit code. [ 289s] rustc_revision = exec_script("//tools/rust/update_rust.py", [ 289s] ^---------- [ 289s] Current dir: /home/abuild/rpmbuild/BUILD/chromium-114.0.5735.90/out/ [ 289s] Command: python3 /home/abuild/rpmbuild/BUILD/chromium-114.0.5735.90/tools/rust/update_rust.py --print-package-version [ 289s] Returned 1 and printed out: [ 289s] [ 289s] The expected Rust version is 17c11672167827b0dd92c88ef69f24346d1286dd-1-llvmorg-17-init-8029-g27f27d15-3 (or fallback 17c11672167827b0dd92c88ef69f24346d1286dd-1-llvmorg-17-init-8029-g27f27d15-1 but the actual version is None [ 289s] Did you run "gclient sync"? [ 289s] [ 289s] See //BUILD.gn:17:1: whence it was imported. [ 289s] import("//build/config/rust.gni") [ 289s] ^-------------------------------
⚠️15.4 needs libva 2.14.0+ (currently 2.13.0) 15.5/TW ready soon
(In reply to Callum Farmer from comment #2) > ⚠️15.4 needs libva 2.14.0+ (currently 2.13.0) > > 15.5/TW ready soon CC'ing libva maint
This is an autogenerated message for OBS integration: This bug (1211843) was mentioned in https://build.opensuse.org/request/show/1090770 Factory / chromium https://build.opensuse.org/request/show/1090771 Backports:SLE-15-SP5 / chromium
(In reply to Callum Farmer from comment #2) > ⚠️15.4 needs libva 2.14.0+ (currently 2.13.0) This seems relevant... https://src.fedoraproject.org/rpms/chromium/blob/rawhide/f/chromium-114-revert-av1enc-el9.patch
This is an autogenerated message for OBS integration: This bug (1211843) was mentioned in https://build.opensuse.org/request/show/1091054 Backports:SLE-15-SP5 / chromium
This is an autogenerated message for OBS integration: This bug (1211843) was mentioned in https://build.opensuse.org/request/show/1091143 Backports:SLE-15-SP4 / chromium
Submitted
openSUSE-SU-2023:0124-1: An update that fixes 14 vulnerabilities is now available.\n\nCategory: security (important)\nBug References: 1211843,1212044\nCVE References: CVE-2023-2929,CVE-2023-2930,CVE-2023-2931,CVE-2023-2932,CVE-2023-2933,CVE-2023-2934,CVE-2023-2935,CVE-2023-2936,CVE-2023-2937,CVE-2023-2938,CVE-2023-2939,CVE-2023-2940,CVE-2023-2941,CVE-2023-3079\nJIRA References: \nSources used:\nopenSUSE Backports SLE-15-SP4 (src): chromium-114.0.5735.106-bp154.2.90.1\n\n
Done