You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa chromium

Sigurnosni nedostaci programskog paketa chromium

openSUSE Security Update: Security update for chromium
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:2152-1
Rating: important
References: #1150425
Cross-References: CVE-2019-13659 CVE-2019-13660 CVE-2019-13661
CVE-2019-13662 CVE-2019-13663 CVE-2019-13664
CVE-2019-13665 CVE-2019-13666 CVE-2019-13667
CVE-2019-13668 CVE-2019-13669 CVE-2019-13670
CVE-2019-13671 CVE-2019-13673 CVE-2019-13674
CVE-2019-13675 CVE-2019-13676 CVE-2019-13677
CVE-2019-13678 CVE-2019-13679 CVE-2019-13680
CVE-2019-13681 CVE-2019-13682 CVE-2019-13683
CVE-2019-5870 CVE-2019-5871 CVE-2019-5872
CVE-2019-5874 CVE-2019-5875 CVE-2019-5876
CVE-2019-5877 CVE-2019-5878 CVE-2019-5879
CVE-2019-5880 CVE-2019-5881
Affected Products:
openSUSE Leap 15.1
______________________________________________________________________________

An update that fixes 35 vulnerabilities is now available.

Description:

This update for chromium to 77.0.3865.75 fixes the following issues:

Security issues fixed:

– CVE-2019-5870: Fixed a use-after-free in media. (boo#1150425)
– CVE-2019-5871: Fixed a heap overflow in Skia. (boo#1150425)
– CVE-2019-5872: Fixed a use-after-free in Mojo (boo#1150425)
– CVE-2019-5874: Fixed a behavior that made external URIs trigger other
browsers. (boo#1150425)
– CVE-2019-5875: Fixed a URL bar spoof via download redirect. (boo#1150425)
– CVE-2019-5876: Fixed a use-after-free in media (boo#1150425)
– CVE-2019-5877: Fixed an out-of-bounds access in V8. (boo#1150425)
– CVE-2019-5878: Fixed a use-after-free in V8. (boo#1150425)
– CVE-2019-5879: Fixed an extension issue that allowed the bypass of a
same origin policy. (boo#1150425)
– CVE-2019-5880: Fixed a SameSite cookie bypass. (boo#1150425)
– CVE-2019-5881: Fixed an arbitrary read in SwiftShader. (boo#1150425)
– CVE-2019-13659: Fixed an URL spoof. (boo#1150425)
– CVE-2019-13660: Fixed a full screen notification overlap. (boo#1150425)
– CVE-2019-13661: Fixed a full screen notification spoof. (boo#1150425)
– CVE-2019-13662: Fixed a CSP bypass. (boo#1150425)
– CVE-2019-13663: Fixed an IDN spoof. (boo#1150425)
– CVE-2019-13664: Fixed a CSRF bypass. (boo#1150425)
– CVE-2019-13665: Fixed a multiple file download protection bypass.
(boo#1150425)
– CVE-2019-13666: Fixed a side channel weakness using storage size
estimate. (boo#1150425)
– CVE-2019-13667: Fixed a URI bar spoof when using external app URIs.
(boo#1150425)
– CVE-2019-13668: Fixed a global window leak via console. (boo#1150425)
– CVE-2019-13669: Fixed an HTTP authentication spoof. (boo#1150425)
– CVE-2019-13670: Fixed a V8 memory corruption in regex. (boo#1150425)
– CVE-2019-13671: Fixed a dialog box that failed to show the origin.
(boo#1150425)
– CVE-2019-13673: Fixed a cross-origin information leak using devtools.
(boo#1150425)
– CVE-2019-13674: Fixed an IDN spoofing opportunity. (boo#1150425)
– CVE-2019-13675: Fixed an error that allowed extensions to be disabled by
trailing slash. (boo#1150425)
– CVE-2019-13676: Fixed a mistakenly shown Google URI in certificate
warnings. (boo#1150425)
– CVE-2019-13677: Fixed a lack of isolation in Chrome web store origin.
(boo#1150425)
– CVE-2019-13678: Fixed a download dialog spoofing opportunity.
(boo#1150425)
– CVE-2019-13679: Fixed a the necessity of a user gesture for printing.
(boo#1150425)
– CVE-2019-13680: Fixed an IP address spoofing error. (boo#1150425)
– CVE-2019-13681: Fixed a bypass on download restrictions. (boo#1150425)
– CVE-2019-13682: Fixed a site isolation bypass. (boo#1150425)
– CVE-2019-13683: Fixed an exceptions leaked by devtools. (boo#1150425)

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

– openSUSE Leap 15.1:

zypper in -t patch openSUSE-2019-2152=1

Package List:

– openSUSE Leap 15.1 (x86_64):

chromedriver-77.0.3865.75-lp151.2.30.1
chromedriver-debuginfo-77.0.3865.75-lp151.2.30.1
chromium-77.0.3865.75-lp151.2.30.1
chromium-debuginfo-77.0.3865.75-lp151.2.30.1
chromium-debugsource-77.0.3865.75-lp151.2.30.1

References:

https://www.suse.com/security/cve/CVE-2019-13659.html
https://www.suse.com/security/cve/CVE-2019-13660.html
https://www.suse.com/security/cve/CVE-2019-13661.html
https://www.suse.com/security/cve/CVE-2019-13662.html
https://www.suse.com/security/cve/CVE-2019-13663.html
https://www.suse.com/security/cve/CVE-2019-13664.html
https://www.suse.com/security/cve/CVE-2019-13665.html
https://www.suse.com/security/cve/CVE-2019-13666.html
https://www.suse.com/security/cve/CVE-2019-13667.html
https://www.suse.com/security/cve/CVE-2019-13668.html
https://www.suse.com/security/cve/CVE-2019-13669.html
https://www.suse.com/security/cve/CVE-2019-13670.html
https://www.suse.com/security/cve/CVE-2019-13671.html
https://www.suse.com/security/cve/CVE-2019-13673.html
https://www.suse.com/security/cve/CVE-2019-13674.html
https://www.suse.com/security/cve/CVE-2019-13675.html
https://www.suse.com/security/cve/CVE-2019-13676.html
https://www.suse.com/security/cve/CVE-2019-13677.html
https://www.suse.com/security/cve/CVE-2019-13678.html
https://www.suse.com/security/cve/CVE-2019-13679.html
https://www.suse.com/security/cve/CVE-2019-13680.html
https://www.suse.com/security/cve/CVE-2019-13681.html
https://www.suse.com/security/cve/CVE-2019-13682.html
https://www.suse.com/security/cve/CVE-2019-13683.html
https://www.suse.com/security/cve/CVE-2019-5870.html
https://www.suse.com/security/cve/CVE-2019-5871.html
https://www.suse.com/security/cve/CVE-2019-5872.html
https://www.suse.com/security/cve/CVE-2019-5874.html
https://www.suse.com/security/cve/CVE-2019-5875.html
https://www.suse.com/security/cve/CVE-2019-5876.html
https://www.suse.com/security/cve/CVE-2019-5877.html
https://www.suse.com/security/cve/CVE-2019-5878.html
https://www.suse.com/security/cve/CVE-2019-5879.html
https://www.suse.com/security/cve/CVE-2019-5880.html
https://www.suse.com/security/cve/CVE-2019-5881.html
https://bugzilla.suse.com/1150425


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

openSUSE Security Update: Security update for chromium
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:2153-1
Rating: important
References: #1150425
Cross-References: CVE-2019-13659 CVE-2019-13660 CVE-2019-13661
CVE-2019-13662 CVE-2019-13663 CVE-2019-13664
CVE-2019-13665 CVE-2019-13666 CVE-2019-13667
CVE-2019-13668 CVE-2019-13669 CVE-2019-13670
CVE-2019-13671 CVE-2019-13673 CVE-2019-13674
CVE-2019-13675 CVE-2019-13676 CVE-2019-13677
CVE-2019-13678 CVE-2019-13679 CVE-2019-13680
CVE-2019-13681 CVE-2019-13682 CVE-2019-13683
CVE-2019-5870 CVE-2019-5871 CVE-2019-5872
CVE-2019-5874 CVE-2019-5875 CVE-2019-5876
CVE-2019-5877 CVE-2019-5878 CVE-2019-5879
CVE-2019-5880 CVE-2019-5881
Affected Products:
openSUSE Leap 15.0
______________________________________________________________________________

An update that fixes 35 vulnerabilities is now available.

Description:

This update for chromium fixes the following issues:

Security issues fixed:

– CVE-2019-5870: Fixed a use-after-free in media. (boo#1150425)
– CVE-2019-5871: Fixed a heap overflow in Skia. (boo#1150425)
– CVE-2019-5872: Fixed a use-after-free in Mojo (boo#1150425)
– CVE-2019-5874: Fixed a behavior that made external URIs trigger other
browsers. (boo#1150425)
– CVE-2019-5875: Fixed a URL bar spoof via download redirect. (boo#1150425)
– CVE-2019-5876: Fixed a use-after-free in media (boo#1150425)
– CVE-2019-5877: Fixed an out-of-bounds access in V8. (boo#1150425)
– CVE-2019-5878: Fixed a use-after-free in V8. (boo#1150425)
– CVE-2019-5879: Fixed an extension issue that allowed the bypass of a
same origin policy. (boo#1150425)
– CVE-2019-5880: Fixed a SameSite cookie bypass. (boo#1150425)
– CVE-2019-5881: Fixed an arbitrary read in SwiftShader. (boo#1150425)
– CVE-2019-13659: Fixed an URL spoof. (boo#1150425)
– CVE-2019-13660: Fixed a full screen notification overlap. (boo#1150425)
– CVE-2019-13661: Fixed a full screen notification spoof. (boo#1150425)
– CVE-2019-13662: Fixed a CSP bypass. (boo#1150425)
– CVE-2019-13663: Fixed an IDN spoof. (boo#1150425)
– CVE-2019-13664: Fixed a CSRF bypass. (boo#1150425)
– CVE-2019-13665: Fixed a multiple file download protection bypass.
(boo#1150425)
– CVE-2019-13666: Fixed a side channel weakness using storage size
estimate. (boo#1150425)
– CVE-2019-13667: Fixed a URI bar spoof when using external app URIs.
(boo#1150425)
– CVE-2019-13668: Fixed a global window leak via console. (boo#1150425)
– CVE-2019-13669: Fixed an HTTP authentication spoof. (boo#1150425)
– CVE-2019-13670: Fixed a V8 memory corruption in regex. (boo#1150425)
– CVE-2019-13671: Fixed a dialog box that failed to show the origin.
(boo#1150425)
– CVE-2019-13673: Fixed a cross-origin information leak using devtools.
(boo#1150425)
– CVE-2019-13674: Fixed an IDN spoofing opportunity. (boo#1150425)
– CVE-2019-13675: Fixed an error that allowed extensions to be disabled by
trailing slash. (boo#1150425)
– CVE-2019-13676: Fixed a mistakenly shown Google URI in certificate
warnings. (boo#1150425)
– CVE-2019-13677: Fixed a lack of isolation in Chrome web store origin.
(boo#1150425)
– CVE-2019-13678: Fixed a download dialog spoofing opportunity.
(boo#1150425)
– CVE-2019-13679: Fixed a the necessity of a user gesture for printing.
(boo#1150425)
– CVE-2019-13680: Fixed an IP address spoofing error. (boo#1150425)
– CVE-2019-13681: Fixed a bypass on download restrictions. (boo#1150425)
– CVE-2019-13682: Fixed a site isolation bypass. (boo#1150425)
– CVE-2019-13683: Fixed an exception leaked by devtools. (boo#1150425)

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

– openSUSE Leap 15.0:

zypper in -t patch openSUSE-2019-2153=1

Package List:

– openSUSE Leap 15.0 (x86_64):

chromedriver-77.0.3865.75-lp150.239.1
chromedriver-debuginfo-77.0.3865.75-lp150.239.1
chromium-77.0.3865.75-lp150.239.1
chromium-debuginfo-77.0.3865.75-lp150.239.1
chromium-debugsource-77.0.3865.75-lp150.239.1

References:

https://www.suse.com/security/cve/CVE-2019-13659.html
https://www.suse.com/security/cve/CVE-2019-13660.html
https://www.suse.com/security/cve/CVE-2019-13661.html
https://www.suse.com/security/cve/CVE-2019-13662.html
https://www.suse.com/security/cve/CVE-2019-13663.html
https://www.suse.com/security/cve/CVE-2019-13664.html
https://www.suse.com/security/cve/CVE-2019-13665.html
https://www.suse.com/security/cve/CVE-2019-13666.html
https://www.suse.com/security/cve/CVE-2019-13667.html
https://www.suse.com/security/cve/CVE-2019-13668.html
https://www.suse.com/security/cve/CVE-2019-13669.html
https://www.suse.com/security/cve/CVE-2019-13670.html
https://www.suse.com/security/cve/CVE-2019-13671.html
https://www.suse.com/security/cve/CVE-2019-13673.html
https://www.suse.com/security/cve/CVE-2019-13674.html
https://www.suse.com/security/cve/CVE-2019-13675.html
https://www.suse.com/security/cve/CVE-2019-13676.html
https://www.suse.com/security/cve/CVE-2019-13677.html
https://www.suse.com/security/cve/CVE-2019-13678.html
https://www.suse.com/security/cve/CVE-2019-13679.html
https://www.suse.com/security/cve/CVE-2019-13680.html
https://www.suse.com/security/cve/CVE-2019-13681.html
https://www.suse.com/security/cve/CVE-2019-13682.html
https://www.suse.com/security/cve/CVE-2019-13683.html
https://www.suse.com/security/cve/CVE-2019-5870.html
https://www.suse.com/security/cve/CVE-2019-5871.html
https://www.suse.com/security/cve/CVE-2019-5872.html
https://www.suse.com/security/cve/CVE-2019-5874.html
https://www.suse.com/security/cve/CVE-2019-5875.html
https://www.suse.com/security/cve/CVE-2019-5876.html
https://www.suse.com/security/cve/CVE-2019-5877.html
https://www.suse.com/security/cve/CVE-2019-5878.html
https://www.suse.com/security/cve/CVE-2019-5879.html
https://www.suse.com/security/cve/CVE-2019-5880.html
https://www.suse.com/security/cve/CVE-2019-5881.html
https://bugzilla.suse.com/1150425


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

Top
More in Preporuke
Sigurnosni nedostatak jezgre operacijskog sustava

Otkriven je sigurnosni nedostatak jezgre operacijskog sustava RHEL. Otkriveni nedostatak potencijalnim napadačima omogućuje otkrivanje osjetljivih informacija. Savjetuje se ažuriranje izdanim...

Close