Bug 2118946
Summary: | CVE-2022-2852 CVE-2022-2853 CVE-2022-2854 CVE-2022-2855 CVE-2022-2856 CVE-2022-2857 CVE-2022-2858 CVE-2022-2859 CVE-2022-2860 CVE-2022-2861 chromium: various flaws [fedora-all] | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | TEJ RATHI <trathi> |
Component: | chromium | Assignee: | Tom "spot" Callaway <spotrh> |
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | urgent | Docs Contact: | |
Priority: | urgent | ||
Version: | 36 | CC: | rune.bugs, spotrh, tpopela, yaneti |
Target Milestone: | --- | Keywords: | Security, SecurityTracking |
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | chromium-105.0.5195.125-2.fc37 chromium-105.0.5195.125-2.fc36 chromium-105.0.5195.125-2.fc35 | Doc Type: | No Doc Update |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2022-10-03 00:18:30 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 2118934, 2118935, 2118936, 2118937, 2118938, 2118939, 2118941, 2118942, 2118943, 2118944 |
Description
TEJ RATHI
2022-08-17 07:51:39 UTC
Use the following template to for the 'fedpkg update' request to submit an update for this issue as it contains the top-level parent bug(s) as well as this tracking bug. This will ensure that all associated bugs get updated when new packages are pushed to stable. ===== # bugfix, security, enhancement, newpackage (required) type=security # low, medium, high, urgent (required) severity=urgent # testing, stable request=testing # Bug numbers: 1234,9876 bugs=2118934,2118935,2118936,2118937,2118938,2118939,2118941,2118942,2118943,2118944,2118946 # Description of your update notes=Security fix for [PUT CVEs HERE] # Enable request automation based on the stable/unstable karma thresholds autokarma=True stable_karma=3 unstable_karma=-3 # Automatically close bugs when this marked as stable close_bugs=True # Suggest that users restart after update suggest_reboot=False ====== Additionally, you may opt to use the bodhi web interface to submit updates: https://bodhi.fedoraproject.org/updates/new This seems very important. Actively exploited CVEs. Packages for all architectures are blocked because one architecture is failing, I wonder if there's a way to release the architectures that work. It is failing in the build for all build targets for aarch64 with ``` [headless_shell:35652/36283] g++ -MMD -MF obj/v8/v8_base_without_compiler/objects.o.d -DUSE_AURA=1 -DUSE_OZONE=1 -DOFFICIAL_BUILD -D__STDC_CONSTANT_MACROS -D__STDC_FORMAT_MACROS -D_FORTIFY_SOURCE=2 -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -DNO_UNWIND_TABLES -DNDEBUG -DNVALGRIND -DDYNAMIC_ANNOTATIONS_ENABLED=0 -DV8_TYPED_ARRAY_MAX_SIZE_IN_HEAP=64 -DV8_INTL_SUPPORT -DV8_ATOMIC_OBJECT_FIELD_WRITES -DV8_ENABLE_LAZY_SOURCE_POSITIONS -DV8_SHARED_RO_HEAP -DV8_WIN64_UNWINDING_INFO -DV8_ENABLE_REGEXP_INTERPRETER_THREADED_DISPATCH -DV8_ENABLE_CONTROL_FLOW_INTEGRITY -DV8_EXTERNAL_CODE_SPACE -DV8_ENABLE_WEBASSEMBLY -DV8_ALLOCATION_FOLDING -DV8_ALLOCATION_SITE_TRACKING -DV8_ADVANCED_BIGINT_ALGORITHMS -DV8_COMPRESS_POINTERS -DV8_COMPRESS_POINTERS_IN_SHARED_CAGE -DV8_31BIT_SMIS_ON_64BIT_ARCH -DV8_ENABLE_SANDBOX -DV8_SANDBOXED_POINTERS -DV8_DEPRECATION_WARNINGS -DCPPGC_CAGED_HEAP -DCPPGC_YOUNG_GENERATION -DV8_TARGET_ARCH_ARM64 -DV8_HAVE_TARGET_OS -DV8_TARGET_OS_LINUX -DU_USING_ICU_NAMESPACE=0 -DU_ENABLE_DYLOAD=0 -DUSE_CHROMIUM_ICU=1 -DU_ENABLE_TRACING=1 -DU_ENABLE_RESOURCE_TRACING=0 -DU_STATIC_IMPLEMENTATION -DICU_UTIL_DATA_IMPL=ICU_UTIL_DATA_STATIC -DUSE_SYSTEM_ZLIB=1 -I../.. -Igen -I../../v8 -I../../v8/include -Igen/v8 -Igen/v8/include -Igen/shim_headers/zlib_shim -I../../third_party/icu/source/common -I../../third_party/icu/source/i18n -Wall -Wno-unused-local-typedefs -Wno-maybe-uninitialized -Wno-deprecated-declarations -Wno-comments -Wno-packed-not-aligned -Wno-missing-field-initializers -Wno-unused-parameter -fno-ident -fno-strict-aliasing --param=ssp-buffer-size=4 -fstack-protector -fno-unwind-tables -fno-asynchronous-unwind-tables -fPIC -pipe -pthread -mbranch-protection=pac-ret -fno-omit-frame-pointer -gdwarf-4 -g0 -gsplit-dwarf -fvisibility=hidden -mbranch-protection=pac-ret -Wno-strict-overflow -Wno-return-type -Wno-int-in-bool-context -O3 -fdata-sections -ffunction-sections -flax-vector-conversions -Wno-narrowing -Wno-class-memaccess -std=gnu++17 -fno-aligned-new -fno-exceptions -fno-rtti -fvisibility-inlines-hidden -c ../../v8/src/objects/objects.cc -o obj/v8/v8_base_without_compiler/objects.o In file included from ../../v8/src/handles/handles-inl.h:10, from ../../v8/src/api/api-inl.h:13, from ../../v8/src/api/api-arguments-inl.h:9, from ../../v8/src/objects/objects.cc:13: ../../v8/src/execution/local-isolate.h: In member function 'void v8::internal::LocalIsolate::FatalProcessOutOfHeapMemory(const char*)': ../../v8/src/execution/local-isolate.h:102:3: warning: 'noreturn' function does return 102 | } ``` https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_16.html > Google is aware that an exploit for CVE-2022-2856 exists in the wild. FEDORA-2022-3ca063941b has been submitted as an update to Fedora 35. https://bodhi.fedoraproject.org/updates/FEDORA-2022-3ca063941b FEDORA-2022-3f28aa88cf has been submitted as an update to Fedora 37. https://bodhi.fedoraproject.org/updates/FEDORA-2022-3f28aa88cf FEDORA-2022-b49c9bc07a has been submitted as an update to Fedora 36. https://bodhi.fedoraproject.org/updates/FEDORA-2022-b49c9bc07a FEDORA-2022-3ca063941b has been pushed to the Fedora 35 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2022-3ca063941b` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2022-3ca063941b See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates. FEDORA-2022-3f28aa88cf has been pushed to the Fedora 37 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2022-3f28aa88cf` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2022-3f28aa88cf See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates. FEDORA-2022-b49c9bc07a has been pushed to the Fedora 36 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2022-b49c9bc07a` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2022-b49c9bc07a See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates. FEDORA-2022-3f28aa88cf has been pushed to the Fedora 37 stable repository. If problem still persists, please make note of it in this bug report. FEDORA-2022-b49c9bc07a has been pushed to the Fedora 36 stable repository. If problem still persists, please make note of it in this bug report. FEDORA-2022-3ca063941b has been pushed to the Fedora 35 stable repository. If problem still persists, please make note of it in this bug report. |