openSUSE Security Update: Security update for chromium
______________________________________________________________________________
Announcement ID: openSUSE-SU-2020:1705-1
Rating: critical
References: #1177408
Cross-References: CVE-2020-15967 CVE-2020-15968 CVE-2020-15969
CVE-2020-15970 CVE-2020-15971 CVE-2020-15972
CVE-2020-15973 CVE-2020-15974 CVE-2020-15975
CVE-2020-15976 CVE-2020-15977 CVE-2020-15978
CVE-2020-15979 CVE-2020-15980 CVE-2020-15981
CVE-2020-15982 CVE-2020-15983 CVE-2020-15984
CVE-2020-15985 CVE-2020-15986 CVE-2020-15987
CVE-2020-15988 CVE-2020-15989 CVE-2020-15990
CVE-2020-15991 CVE-2020-15992 CVE-2020-6557
Affected Products:
openSUSE Leap 15.2
openSUSE Leap 15.1
______________________________________________________________________________
An update that fixes 27 vulnerabilities is now available.
Description:
This update for chromium fixes the following issues:
-chromium was updated to 86.0.4240.75 (boo#1177408):
– CVE-2020-15967: Fixed Use after free in payments.
– CVE-2020-15968: Fixed Use after free in Blink.
– CVE-2020-15969: Fixed Use after free in WebRTC.
– CVE-2020-15970: Fixed Use after free in NFC.
– CVE-2020-15971: Fixed Use after free in printing.
– CVE-2020-15972: Fixed Use after free in audio.
– CVE-2020-15990: Fixed Use after free in autofill.
– CVE-2020-15991: Fixed Use after free in password manager.
– CVE-2020-15973: Fixed Insufficient policy enforcement in extensions.
– CVE-2020-15974: Fixed Integer overflow in Blink.
– CVE-2020-15975: Fixed Integer overflow in SwiftShader.
– CVE-2020-15976: Fixed Use after free in WebXR.
– CVE-2020-6557: Fixed Inappropriate implementation in networking.
– CVE-2020-15977: Fixed Insufficient data validation in dialogs.
– CVE-2020-15978: Fixed Insufficient data validation in navigation.
– CVE-2020-15979: Fixed Inappropriate implementation in V8.
– CVE-2020-15980: Fixed Insufficient policy enforcement in Intents.
– CVE-2020-15981: Fixed Out of bounds read in audio.
– CVE-2020-15982: Fixed Side-channel information leakage in cache.
– CVE-2020-15983: Fixed Insufficient data validation in webUI.
– CVE-2020-15984: Fixed Insufficient policy enforcement in Omnibox.
– CVE-2020-15985: Fixed Inappropriate implementation in Blink.
– CVE-2020-15986: Fixed Integer overflow in media.
– CVE-2020-15987: Fixed Use after free in WebRTC.
– CVE-2020-15992: Fixed Insufficient policy enforcement in networking.
– CVE-2020-15988: Fixed Insufficient policy enforcement in downloads.
– CVE-2020-15989: Fixed Uninitialized Use in PDFium.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:
– openSUSE Leap 15.2:
zypper in -t patch openSUSE-2020-1705=1
– openSUSE Leap 15.1:
zypper in -t patch openSUSE-2020-1705=1
Package List:
– openSUSE Leap 15.2 (x86_64):
chromedriver-86.0.4240.75-lp152.2.39.1
chromedriver-debuginfo-86.0.4240.75-lp152.2.39.1
chromium-86.0.4240.75-lp152.2.39.1
chromium-debuginfo-86.0.4240.75-lp152.2.39.1
gn-0.1807-lp152.2.3.1
gn-debuginfo-0.1807-lp152.2.3.1
gn-debugsource-0.1807-lp152.2.3.1
– openSUSE Leap 15.1 (x86_64):
chromedriver-86.0.4240.75-lp151.2.144.1
chromedriver-debuginfo-86.0.4240.75-lp151.2.144.1
chromium-86.0.4240.75-lp151.2.144.1
chromium-debuginfo-86.0.4240.75-lp151.2.144.1
gn-0.1807-lp151.2.6.1
gn-debuginfo-0.1807-lp151.2.6.1
gn-debugsource-0.1807-lp151.2.6.1
References:
https://protect2.fireeye.com/v1/url?k=94667583-c874c187-9461e84f-000babd90757-2cb70df1a7635e87&q=1&e=641bb76a-b9e5-4615-978b-fedbab85a6a9&u=https%3A%2F%2Fwww.suse.com%2Fsecurity%2Fcve%2FCVE-2020-15967.html
https://protect2.fireeye.com/v1/url?k=8bcb2b54-d7d99f50-8bccb698-000babd90757-4fc95672282886a4&q=1&e=641bb76a-b9e5-4615-978b-fedbab85a6a9&u=https%3A%2F%2Fwww.suse.com%2Fsecurity%2Fcve%2FCVE-2020-15968.html
https://protect2.fireeye.com/v1/url?k=fe47cc4c-a2557848-fe405180-000babd90757-ed9f16f8046c6375&q=1&e=641bb76a-b9e5-4615-978b-fedbab85a6a9&u=https%3A%2F%2Fwww.suse.com%2Fsecurity%2Fcve%2FCVE-2020-15969.html
https://protect2.fireeye.com/v1/url?k=98670316-c475b712-98609eda-000babd90757-f928d4b5bbd64e69&q=1&e=641bb76a-b9e5-4615-978b-fedbab85a6a9&u=https%3A%2F%2Fwww.suse.com%2Fsecurity%2Fcve%2FCVE-2020-15970.html
https://protect2.fireeye.com/v1/url?k=e1be4f83-bdacfb87-e1b9d24f-000babd90757-58b7225f5682a7ea&q=1&e=641bb76a-b9e5-4615-978b-fedbab85a6a9&u=https%3A%2F%2Fwww.suse.com%2Fsecurity%2Fcve%2FCVE-2020-15971.html
https://protect2.fireeye.com/v1/url?k=201b2d5e-7c09995a-201cb092-000babd90757-8b777b6708fdaded&q=1&e=641bb76a-b9e5-4615-978b-fedbab85a6a9&u=https%3A%2F%2Fwww.suse.com%2Fsecurity%2Fcve%2FCVE-2020-15972.html
https://protect2.fireeye.com/v1/url?k=a303cee7-ff117ae3-a304532b-000babd90757-b1a80f55b28c275d&q=1&e=641bb76a-b9e5-4615-978b-fedbab85a6a9&u=https%3A%2F%2Fwww.suse.com%2Fsecurity%2Fcve%2FCVE-2020-15973.html
https://protect2.fireeye.com/v1/url?k=b9a1ac97-e5b31893-b9a6315b-000babd90757-b8cf1d96e7d2d5ef&q=1&e=641bb76a-b9e5-4615-978b-fedbab85a6a9&u=https%3A%2F%2Fwww.suse.com%2Fsecurity%2Fcve%2FCVE-2020-15974.html
https://protect2.fireeye.com/v1/url?k=0ee17c8e-52f3c88a-0ee6e142-000babd90757-81e5f08ac575bf07&q=1&e=641bb76a-b9e5-4615-978b-fedbab85a6a9&u=https%3A%2F%2Fwww.suse.com%2Fsecurity%2Fcve%2FCVE-2020-15975.html
https://protect2.fireeye.com/v1/url?k=fd84e1d1-a19655d5-fd837c1d-000babd90757-72c75031aa860364&q=1&e=641bb76a-b9e5-4615-978b-fedbab85a6a9&u=https%3A%2F%2Fwww.suse.com%2Fsecurity%2Fcve%2FCVE-2020-15976.html
https://protect2.fireeye.com/v1/url?k=a03496f3-fc2622f7-a0330b3f-000babd90757-d5f6487f418b4c94&q=1&e=641bb76a-b9e5-4615-978b-fedbab85a6a9&u=https%3A%2F%2Fwww.suse.com%2Fsecurity%2Fcve%2FCVE-2020-15977.html
https://protect2.fireeye.com/v1/url?k=a872fcd7-f46048d3-a875611b-000babd90757-07a4d212f899cc20&q=1&e=641bb76a-b9e5-4615-978b-fedbab85a6a9&u=https%3A%2F%2Fwww.suse.com%2Fsecurity%2Fcve%2FCVE-2020-15978.html
https://protect2.fireeye.com/v1/url?k=7d92c23d-21807639-7d955ff1-000babd90757-9d582dac582eb6d2&q=1&e=641bb76a-b9e5-4615-978b-fedbab85a6a9&u=https%3A%2F%2Fwww.suse.com%2Fsecurity%2Fcve%2FCVE-2020-15979.html
https://protect2.fireeye.com/v1/url?k=f43150e8-a823e4ec-f436cd24-000babd90757-8b49b978fb9441b5&q=1&e=641bb76a-b9e5-4615-978b-fedbab85a6a9&u=https%3A%2F%2Fwww.suse.com%2Fsecurity%2Fcve%2FCVE-2020-15980.html
https://protect2.fireeye.com/v1/url?k=aba402c3-f7b6b6c7-aba39f0f-000babd90757-09ecd2cf47270462&q=1&e=641bb76a-b9e5-4615-978b-fedbab85a6a9&u=https%3A%2F%2Fwww.suse.com%2Fsecurity%2Fcve%2FCVE-2020-15981.html
https://protect2.fireeye.com/v1/url?k=b4101787-e802a383-b4178a4b-000babd90757-d0b2817bf2f31e49&q=1&e=641bb76a-b9e5-4615-978b-fedbab85a6a9&u=https%3A%2F%2Fwww.suse.com%2Fsecurity%2Fcve%2FCVE-2020-15982.html
https://protect2.fireeye.com/v1/url?k=00ede419-5cff501d-00ea79d5-000babd90757-68ff468573a180b8&q=1&e=641bb76a-b9e5-4615-978b-fedbab85a6a9&u=https%3A%2F%2Fwww.suse.com%2Fsecurity%2Fcve%2FCVE-2020-15983.html
https://protect2.fireeye.com/v1/url?k=6b8b7875-3799cc71-6b8ce5b9-000babd90757-38cd9a4a2236ef52&q=1&e=641bb76a-b9e5-4615-978b-fedbab85a6a9&u=https%3A%2F%2Fwww.suse.com%2Fsecurity%2Fcve%2FCVE-2020-15984.html
https://protect2.fireeye.com/v1/url?k=a138794f-fd2acd4b-a13fe483-000babd90757-c7ecbf58bc9d2be7&q=1&e=641bb76a-b9e5-4615-978b-fedbab85a6a9&u=https%3A%2F%2Fwww.suse.com%2Fsecurity%2Fcve%2FCVE-2020-15985.html
https://protect2.fireeye.com/v1/url?k=bba99490-e7bb2094-bbae095c-000babd90757-2d71d6945acfa6e8&q=1&e=641bb76a-b9e5-4615-978b-fedbab85a6a9&u=https%3A%2F%2Fwww.suse.com%2Fsecurity%2Fcve%2FCVE-2020-15986.html
https://protect2.fireeye.com/v1/url?k=f894662d-a486d229-f893fbe1-000babd90757-ab5ebdcbf5f0c76d&q=1&e=641bb76a-b9e5-4615-978b-fedbab85a6a9&u=https%3A%2F%2Fwww.suse.com%2Fsecurity%2Fcve%2FCVE-2020-15987.html
https://protect2.fireeye.com/v1/url?k=42a8cdd5-1eba79d1-42af5019-000babd90757-1483582db20ac419&q=1&e=641bb76a-b9e5-4615-978b-fedbab85a6a9&u=https%3A%2F%2Fwww.suse.com%2Fsecurity%2Fcve%2FCVE-2020-15988.html
https://protect2.fireeye.com/v1/url?k=e12caad9-bd3e1edd-e12b3715-000babd90757-413c2e6a84cfe423&q=1&e=641bb76a-b9e5-4615-978b-fedbab85a6a9&u=https%3A%2F%2Fwww.suse.com%2Fsecurity%2Fcve%2FCVE-2020-15989.html
https://protect2.fireeye.com/v1/url?k=45aa430a-19b8f70e-45addec6-000babd90757-713ace1f6b9700d9&q=1&e=641bb76a-b9e5-4615-978b-fedbab85a6a9&u=https%3A%2F%2Fwww.suse.com%2Fsecurity%2Fcve%2FCVE-2020-15990.html
https://protect2.fireeye.com/v1/url?k=26e8e922-7afa5d26-26ef74ee-000babd90757-74520618d7851dbd&q=1&e=641bb76a-b9e5-4615-978b-fedbab85a6a9&u=https%3A%2F%2Fwww.suse.com%2Fsecurity%2Fcve%2FCVE-2020-15991.html
https://protect2.fireeye.com/v1/url?k=3d18f5d9-610a41dd-3d1f6815-000babd90757-3193056288c05938&q=1&e=641bb76a-b9e5-4615-978b-fedbab85a6a9&u=https%3A%2F%2Fwww.suse.com%2Fsecurity%2Fcve%2FCVE-2020-15992.html
https://protect2.fireeye.com/v1/url?k=6c8ba7e4-309913e0-6c8c3a28-000babd90757-c5282ab7176acbb8&q=1&e=641bb76a-b9e5-4615-978b-fedbab85a6a9&u=https%3A%2F%2Fwww.suse.com%2Fsecurity%2Fcve%2FCVE-2020-6557.html
https://protect2.fireeye.com/v1/url?k=f2674f88-ae75fb8c-f260d244-000babd90757-96337290848e32c5&q=1&e=641bb76a-b9e5-4615-978b-fedbab85a6a9&u=https%3A%2F%2Fbugzilla.suse.com%2F1177408
—
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org