nodejs-electron-31.7.2-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:14425-1 Final 1 1 2024-10-25T00:00:00Z current 2024-10-25T00:00:00Z 2024-10-25T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z nodejs-electron-31.7.2-1.1 on GA media These are all security issues fixed in the nodejs-electron-31.7.2-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-14425 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/GYIF7RESU4PKGREHH5YVHUYYGB57P4CQ/ E-Mail link for openSUSE-SU-2024:14425-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2024-7025/ SUSE CVE CVE-2024-7025 page https://www.suse.com/security/cve/CVE-2024-7965/ SUSE CVE CVE-2024-7965 page https://www.suse.com/security/cve/CVE-2024-8198/ SUSE CVE CVE-2024-8198 page https://www.suse.com/security/cve/CVE-2024-8362/ SUSE CVE CVE-2024-8362 page https://www.suse.com/security/cve/CVE-2024-8636/ SUSE CVE CVE-2024-8636 page https://www.suse.com/security/cve/CVE-2024-9121/ SUSE CVE CVE-2024-9121 page https://www.suse.com/security/cve/CVE-2024-9123/ SUSE CVE CVE-2024-9123 page openSUSE Tumbleweed nodejs-electron-31.7.2-1.1 nodejs-electron-devel-31.7.2-1.1 nodejs-electron-doc-31.7.2-1.1 nodejs-electron-31.7.2-1.1 as a component of openSUSE Tumbleweed nodejs-electron-devel-31.7.2-1.1 as a component of openSUSE Tumbleweed nodejs-electron-doc-31.7.2-1.1 as a component of openSUSE Tumbleweed Integer overflow in Layout in Google Chrome prior to 129.0.6668.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2024-7025 openSUSE Tumbleweed:nodejs-electron-31.7.2-1.1 openSUSE Tumbleweed:nodejs-electron-devel-31.7.2-1.1 openSUSE Tumbleweed:nodejs-electron-doc-31.7.2-1.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/GYIF7RESU4PKGREHH5YVHUYYGB57P4CQ/ https://www.suse.com/security/cve/CVE-2024-7025.html CVE-2024-7025 https://bugzilla.suse.com/1231232 SUSE Bug 1231232 Inappropriate implementation in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2024-7965 openSUSE Tumbleweed:nodejs-electron-31.7.2-1.1 openSUSE Tumbleweed:nodejs-electron-devel-31.7.2-1.1 openSUSE Tumbleweed:nodejs-electron-doc-31.7.2-1.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/GYIF7RESU4PKGREHH5YVHUYYGB57P4CQ/ https://www.suse.com/security/cve/CVE-2024-7965.html CVE-2024-7965 https://bugzilla.suse.com/1229591 SUSE Bug 1229591 Heap buffer overflow in Skia in Google Chrome prior to 128.0.6613.113 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2024-8198 openSUSE Tumbleweed:nodejs-electron-31.7.2-1.1 openSUSE Tumbleweed:nodejs-electron-devel-31.7.2-1.1 openSUSE Tumbleweed:nodejs-electron-doc-31.7.2-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/GYIF7RESU4PKGREHH5YVHUYYGB57P4CQ/ https://www.suse.com/security/cve/CVE-2024-8198.html CVE-2024-8198 https://bugzilla.suse.com/1229897 SUSE Bug 1229897 Use after free in WebAudio in Google Chrome prior to 128.0.6613.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2024-8362 openSUSE Tumbleweed:nodejs-electron-31.7.2-1.1 openSUSE Tumbleweed:nodejs-electron-devel-31.7.2-1.1 openSUSE Tumbleweed:nodejs-electron-doc-31.7.2-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/GYIF7RESU4PKGREHH5YVHUYYGB57P4CQ/ https://www.suse.com/security/cve/CVE-2024-8362.html CVE-2024-8362 https://bugzilla.suse.com/1230108 SUSE Bug 1230108 Heap buffer overflow in Skia in Google Chrome prior to 128.0.6613.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2024-8636 openSUSE Tumbleweed:nodejs-electron-31.7.2-1.1 openSUSE Tumbleweed:nodejs-electron-devel-31.7.2-1.1 openSUSE Tumbleweed:nodejs-electron-doc-31.7.2-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/GYIF7RESU4PKGREHH5YVHUYYGB57P4CQ/ https://www.suse.com/security/cve/CVE-2024-8636.html CVE-2024-8636 https://bugzilla.suse.com/1230391 SUSE Bug 1230391 Inappropriate implementation in V8 in Google Chrome prior to 129.0.6668.70 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) CVE-2024-9121 openSUSE Tumbleweed:nodejs-electron-31.7.2-1.1 openSUSE Tumbleweed:nodejs-electron-devel-31.7.2-1.1 openSUSE Tumbleweed:nodejs-electron-doc-31.7.2-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/GYIF7RESU4PKGREHH5YVHUYYGB57P4CQ/ https://www.suse.com/security/cve/CVE-2024-9121.html CVE-2024-9121 https://bugzilla.suse.com/1230964 SUSE Bug 1230964 Integer overflow in Skia in Google Chrome prior to 129.0.6668.70 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High) CVE-2024-9123 openSUSE Tumbleweed:nodejs-electron-31.7.2-1.1 openSUSE Tumbleweed:nodejs-electron-devel-31.7.2-1.1 openSUSE Tumbleweed:nodejs-electron-doc-31.7.2-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/GYIF7RESU4PKGREHH5YVHUYYGB57P4CQ/ https://www.suse.com/security/cve/CVE-2024-9123.html CVE-2024-9123 https://bugzilla.suse.com/1230964 SUSE Bug 1230964