You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa chromium

Sigurnosni nedostaci programskog paketa chromium

openSUSE Security Update: Security update for chromium
______________________________________________________________________________

Announcement ID: openSUSE-SU-2020:0389-1
Rating: important
References: #1167090
Cross-References: CVE-2019-20503 CVE-2020-6422 CVE-2020-6424
CVE-2020-6425 CVE-2020-6426 CVE-2020-6427
CVE-2020-6428 CVE-2020-6429 CVE-2020-6449

Affected Products:
openSUSE Backports SLE-15-SP1
______________________________________________________________________________

An update that fixes 9 vulnerabilities is now available.

Description:

This update for chromium to version 80.0.3987.149 fixes the following
issues:

Chromium was update to 80.0.3987.149 (bsc#1167090):

– CVE-2020-6422: Fixed a use after free in WebGL.
– CVE-2020-6424: Fixed a use after free in media.
– CVE-2020-6425: Fixed an insufficient policy enforcement in extensions.
– CVE-2020-6426: Fixed an inappropriate implementation in V8.
– CVE-2020-6427: Fixed a use after free in audio.
– CVE-2020-6428: Fixed a use after free in audio.
– CVE-2020-6429: Fixed a use after free in audio.
– CVE-2019-20503: Fixed an out of bounds read in usersctplib.
– CVE-2020-6449: Fixed a use after free in audio.

This update was imported from the openSUSE:Leap:15.1:Update update project.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

– openSUSE Backports SLE-15-SP1:

zypper in -t patch openSUSE-2020-389=1

Package List:

– openSUSE Backports SLE-15-SP1 (aarch64 x86_64):

chromedriver-80.0.3987.149-bp151.3.63.3
chromium-80.0.3987.149-bp151.3.63.3

References:

https://www.suse.com/security/cve/CVE-2019-20503.html
https://www.suse.com/security/cve/CVE-2020-6422.html
https://www.suse.com/security/cve/CVE-2020-6424.html
https://www.suse.com/security/cve/CVE-2020-6425.html
https://www.suse.com/security/cve/CVE-2020-6426.html
https://www.suse.com/security/cve/CVE-2020-6427.html
https://www.suse.com/security/cve/CVE-2020-6428.html
https://www.suse.com/security/cve/CVE-2020-6429.html
https://www.suse.com/security/cve/CVE-2020-6449.html
https://bugzilla.suse.com/1167090


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

Top
More in Preporuke
Sigurnosni nedostatak jezgre operacijskog sustava

Otkriven je sigurnosni nedostatak jezgre operacijskog sustava Fedora. Otkriveni nedostatak potencijalnim napadačima omogućuje izazivanje DoS stanja. Savjetuje se ažuriranje izdanim...

Close