You are here
Home > Preporuke > Sigurnosni nedostaci programskih paketa chromium i gn

Sigurnosni nedostaci programskih paketa chromium i gn

openSUSE Security Update: Security update for chromium, gn
______________________________________________________________________________

Announcement ID: openSUSE-SU-2020:1829-1
Rating: important
References: #1177408 #1177936 #1178375
Cross-References: CVE-2020-15967 CVE-2020-15968 CVE-2020-15969
CVE-2020-15970 CVE-2020-15971 CVE-2020-15972
CVE-2020-15973 CVE-2020-15974 CVE-2020-15975
CVE-2020-15976 CVE-2020-15977 CVE-2020-15978
CVE-2020-15979 CVE-2020-15980 CVE-2020-15981
CVE-2020-15982 CVE-2020-15983 CVE-2020-15984
CVE-2020-15985 CVE-2020-15986 CVE-2020-15987
CVE-2020-15988 CVE-2020-15989 CVE-2020-15990
CVE-2020-15991 CVE-2020-15992 CVE-2020-15999
CVE-2020-16000 CVE-2020-16001 CVE-2020-16002
CVE-2020-16003 CVE-2020-16004 CVE-2020-16005
CVE-2020-16006 CVE-2020-16007 CVE-2020-16008
CVE-2020-16009 CVE-2020-16011 CVE-2020-6557

Affected Products:
openSUSE Backports SLE-15-SP2
______________________________________________________________________________

An update that fixes 39 vulnerabilities is now available.

Description:

This update for chromium, gn fixes the following issues:

chromium was updated to 86.0.4240.183 boo#1178375

– CVE-2020-16004: Use after free in user interface.
– CVE-2020-16005: Insufficient policy enforcement in ANGLE.
– CVE-2020-16006: Inappropriate implementation in V8
– CVE-2020-16007: Insufficient data validation in installer.
– CVE-2020-16008: Stack buffer overflow in WebRTC.
– CVE-2020-16009: Inappropriate implementation in V8.
– CVE-2020-16011: Heap buffer overflow in UI on Windows.

Update to 86.0.4240.111 boo#1177936

– CVE-2020-16000: Inappropriate implementation in Blink.
– CVE-2020-16001: Use after free in media.
– CVE-2020-16002: Use after free in PDFium.
– CVE-2020-15999: Heap buffer overflow in Freetype.
– CVE-2020-16003: Use after free in printing.

– chromium-86-f_seal.patch: F_SEAL* definitions added for leap 15.1 and
15.2

– Remove vdpau->vaapi bridge as it breaks a lot: (fixes welcome by someone
else than me)

– Fix cookiemonster:

Update to 86.0.4240.75 boo#1177408:

* CVE-2020-15967: Use after free in payments.
* CVE-2020-15968: Use after free in Blink.
* CVE-2020-15969: Use after free in WebRTC.
* CVE-2020-15970: Use after free in NFC.
* CVE-2020-15971: Use after free in printing.
* CVE-2020-15972: Use after free in audio.
* CVE-2020-15990: Use after free in autofill.
* CVE-2020-15991: Use after free in password manager.
* CVE-2020-15973: Insufficient policy enforcement in extensions.
* CVE-2020-15974: Integer overflow in Blink.
* CVE-2020-15975: Integer overflow in SwiftShader.
* CVE-2020-15976: Use after free in WebXR.
* CVE-2020-6557: Inappropriate implementation in networking.
* CVE-2020-15977: Insufficient data validation in dialogs.
* CVE-2020-15978: Insufficient data validation in navigation.
* CVE-2020-15979: Inappropriate implementation in V8.
* CVE-2020-15980: Insufficient policy enforcement in Intents.
* CVE-2020-15981: Out of bounds read in audio.
* CVE-2020-15982: Side-channel information leakage in cache.
* CVE-2020-15983: Insufficient data validation in webUI.
* CVE-2020-15984: Insufficient policy enforcement in Omnibox.
* CVE-2020-15985: Inappropriate implementation in Blink.
* CVE-2020-15986: Integer overflow in media.
* CVE-2020-15987: Use after free in WebRTC.
* CVE-2020-15992: Insufficient policy enforcement in networking.
* CVE-2020-15988: Insufficient policy enforcement in downloads.
* CVE-2020-15989: Uninitialized Use in PDFium.

– Update to 0.1807:

* no upstream changelog

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

– openSUSE Backports SLE-15-SP2:

zypper in -t patch openSUSE-2020-1829=1

Package List:

– openSUSE Backports SLE-15-SP2 (aarch64 ppc64le s390x x86_64):

gn-0.1807-bp152.2.3.4
gn-debuginfo-0.1807-bp152.2.3.4
gn-debugsource-0.1807-bp152.2.3.4

– openSUSE Backports SLE-15-SP2 (aarch64 x86_64):

chromedriver-86.0.4240.183-bp152.2.26.1
chromium-86.0.4240.183-bp152.2.26.1

References:

https://www.suse.com/security/cve/CVE-2020-15967.html
https://www.suse.com/security/cve/CVE-2020-15968.html
https://www.suse.com/security/cve/CVE-2020-15969.html
https://www.suse.com/security/cve/CVE-2020-15970.html
https://www.suse.com/security/cve/CVE-2020-15971.html
https://www.suse.com/security/cve/CVE-2020-15972.html
https://www.suse.com/security/cve/CVE-2020-15973.html
https://www.suse.com/security/cve/CVE-2020-15974.html
https://www.suse.com/security/cve/CVE-2020-15975.html
https://www.suse.com/security/cve/CVE-2020-15976.html
https://www.suse.com/security/cve/CVE-2020-15977.html
https://www.suse.com/security/cve/CVE-2020-15978.html
https://www.suse.com/security/cve/CVE-2020-15979.html
https://www.suse.com/security/cve/CVE-2020-15980.html
https://www.suse.com/security/cve/CVE-2020-15981.html
https://www.suse.com/security/cve/CVE-2020-15982.html
https://www.suse.com/security/cve/CVE-2020-15983.html
https://www.suse.com/security/cve/CVE-2020-15984.html
https://www.suse.com/security/cve/CVE-2020-15985.html
https://www.suse.com/security/cve/CVE-2020-15986.html
https://www.suse.com/security/cve/CVE-2020-15987.html
https://www.suse.com/security/cve/CVE-2020-15988.html
https://www.suse.com/security/cve/CVE-2020-15989.html
https://www.suse.com/security/cve/CVE-2020-15990.html
https://www.suse.com/security/cve/CVE-2020-15991.html
https://www.suse.com/security/cve/CVE-2020-15992.html
https://www.suse.com/security/cve/CVE-2020-15999.html
https://www.suse.com/security/cve/CVE-2020-16000.html
https://www.suse.com/security/cve/CVE-2020-16001.html
https://www.suse.com/security/cve/CVE-2020-16002.html
https://www.suse.com/security/cve/CVE-2020-16003.html
https://www.suse.com/security/cve/CVE-2020-16004.html
https://www.suse.com/security/cve/CVE-2020-16005.html
https://www.suse.com/security/cve/CVE-2020-16006.html
https://www.suse.com/security/cve/CVE-2020-16007.html
https://www.suse.com/security/cve/CVE-2020-16008.html
https://www.suse.com/security/cve/CVE-2020-16009.html
https://www.suse.com/security/cve/CVE-2020-16011.html
https://www.suse.com/security/cve/CVE-2020-6557.html
https://bugzilla.suse.com/1177408
https://protect2.fireeye.com/v1/url?k=04806731-5b1c7d2f-0487fafd-000babd90757-f6adba7178a41a98&q=1&e=fdd3f164-dc67-470a-8ec3-f9aa08a494e2&u=https%3A%2F%2Fbugzilla.suse.com%2F1177936
https://protect2.fireeye.com/v1/url?k=e1ac28ec-be3032f2-e1abb520-000babd90757-cc379f8144df299e&q=1&e=fdd3f164-dc67-470a-8ec3-f9aa08a494e2&u=https%3A%2F%2Fbugzilla.suse.com%2F1178375


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

Top
More in Preporuke
Sigurnosni nedostatak programske biblioteke libX11

Otkriven je sigurnosni nedostatak programske biblioteke libX11 za operacijski sustav RHEL. Otkriveni nedostatak potencijalnim udaljenim napadačima omogućuje izazivanje DoS stanja....

Close