You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa chromium

Sigurnosni nedostaci programskog paketa chromium

openSUSE Security Update: Security update for chromium
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:1666-1
Rating: important
References: #1129059 #1133313 #1134218 #1137332 #1138287

Cross-References: CVE-2019-5787 CVE-2019-5788 CVE-2019-5789
CVE-2019-5790 CVE-2019-5791 CVE-2019-5792
CVE-2019-5793 CVE-2019-5794 CVE-2019-5795
CVE-2019-5796 CVE-2019-5797 CVE-2019-5798
CVE-2019-5799 CVE-2019-5800 CVE-2019-5801
CVE-2019-5802 CVE-2019-5803 CVE-2019-5804
CVE-2019-5805 CVE-2019-5806 CVE-2019-5807
CVE-2019-5808 CVE-2019-5809 CVE-2019-5810
CVE-2019-5811 CVE-2019-5812 CVE-2019-5813
CVE-2019-5814 CVE-2019-5815 CVE-2019-5816
CVE-2019-5817 CVE-2019-5818 CVE-2019-5819
CVE-2019-5820 CVE-2019-5821 CVE-2019-5822
CVE-2019-5823 CVE-2019-5824 CVE-2019-5827
CVE-2019-5828 CVE-2019-5829 CVE-2019-5830
CVE-2019-5831 CVE-2019-5832 CVE-2019-5833
CVE-2019-5834 CVE-2019-5835 CVE-2019-5836
CVE-2019-5837 CVE-2019-5838 CVE-2019-5839
CVE-2019-5840 CVE-2019-5842
Affected Products:
openSUSE Leap 42.3
openSUSE Leap 15.1
openSUSE Leap 15.0
openSUSE Backports SLE-15
SUSE Package Hub for SUSE Linux Enterprise 12
______________________________________________________________________________

An update that fixes 53 vulnerabilities is now available.

Description:

This update for chromium fixes the following issues:

Chromium was updated to 75.0.3770.90 (boo#1137332 boo#1138287):

* CVE-2019-5842: Use-after-free in Blink.

Also updated to 75.0.3770.80 boo#1137332:

* CVE-2019-5828: Use after free in ServiceWorker
* CVE-2019-5829: Use after free in Download Manager
* CVE-2019-5830: Incorrectly credentialed requests in CORS
* CVE-2019-5831: Incorrect map processing in V8
* CVE-2019-5832: Incorrect CORS handling in XHR
* CVE-2019-5833: Inconsistent security UI placemen
* CVE-2019-5835: Out of bounds read in Swiftshader
* CVE-2019-5836: Heap buffer overflow in Angle
* CVE-2019-5837: Cross-origin resources size disclosure in Appcache
* CVE-2019-5838: Overly permissive tab access in Extensions
* CVE-2019-5839: Incorrect handling of certain code points in Blink
* CVE-2019-5840: Popup blocker bypass
* Various fixes from internal audits, fuzzing and other initiatives
* CVE-2019-5834: URL spoof in Omnibox on iOS

Update to 74.0.3729.169:

* Feature fixes update only

Update to 74.0.3729.157:

* Various security fixes from internal audits, fuzzing and other
initiatives

Includes security fixes from 74.0.3729.131 (boo#1134218):

* CVE-2019-5827: Out-of-bounds access in SQLite
* CVE-2019-5824: Parameter passing error in media player

Update to 74.0.3729.108 boo#1133313:

* CVE-2019-5805: Use after free in PDFium
* CVE-2019-5806: Integer overflow in Angle
* CVE-2019-5807: Memory corruption in V8
* CVE-2019-5808: Use after free in Blink
* CVE-2019-5809: Use after free in Blink
* CVE-2019-5810: User information disclosure in Autofill
* CVE-2019-5811: CORS bypass in Blink
* CVE-2019-5813: Out of bounds read in V8
* CVE-2019-5814: CORS bypass in Blink
* CVE-2019-5815: Heap buffer overflow in Blink
* CVE-2019-5818: Uninitialized value in media reader
* CVE-2019-5819: Incorrect escaping in developer tools
* CVE-2019-5820: Integer overflow in PDFium
* CVE-2019-5821: Integer overflow in PDFium
* CVE-2019-5822: CORS bypass in download manager
* CVE-2019-5823: Forced navigation from service worker
* CVE-2019-5812: URL spoof in Omnibox on iOS
* CVE-2019-5816: Exploit persistence extension on Android
* CVE-2019-5817: Heap buffer overflow in Angle on Windows

Update to 73.0.3686.103:
* Various feature fixes

Update to 73.0.3683.86:

* Just feature fixes around

– Update conditions to use system harfbuzz on TW+
– Require java during build
– Enable using pipewire when available
– Rebase chromium-vaapi.patch to match up the Fedora one

Update to 73.0.3683.75 boo#1129059:

* CVE-2019-5787: Use after free in Canvas.
* CVE-2019-5788: Use after free in FileAPI.
* CVE-2019-5789: Use after free in WebMIDI.
* CVE-2019-5790: Heap buffer overflow in V8.
* CVE-2019-5791: Type confusion in V8.
* CVE-2019-5792: Integer overflow in PDFium.
* CVE-2019-5793: Excessive permissions for private API in Extensions.
* CVE-2019-5794: Security UI spoofing.
* CVE-2019-5795: Integer overflow in PDFium.
* CVE-2019-5796: Race condition in Extensions.
* CVE-2019-5797: Race condition in DOMStorage.
* CVE-2019-5798: Out of bounds read in Skia.
* CVE-2019-5799: CSP bypass with blob URL.
* CVE-2019-5800: CSP bypass with blob URL.
* CVE-2019-5801: Incorrect Omnibox display on iOS.
* CVE-2019-5802: Security UI spoofing.
* CVE-2019-5803: CSP bypass with Javascript URLs’.
* CVE-2019-5804: Command line command injection on Windows.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

– openSUSE Leap 42.3:

zypper in -t patch openSUSE-2019-1666=1

– openSUSE Leap 15.1:

zypper in -t patch openSUSE-2019-1666=1

– openSUSE Leap 15.0:

zypper in -t patch openSUSE-2019-1666=1

– openSUSE Backports SLE-15:

zypper in -t patch openSUSE-2019-1666=1

– SUSE Package Hub for SUSE Linux Enterprise 12:

zypper in -t patch openSUSE-2019-1666=1

Package List:

– openSUSE Leap 42.3 (x86_64):

chromedriver-75.0.3770.90-217.1
chromedriver-debuginfo-75.0.3770.90-217.1
chromium-75.0.3770.90-217.1
chromium-debuginfo-75.0.3770.90-217.1
chromium-debugsource-75.0.3770.90-217.1

– openSUSE Leap 15.1 (x86_64):

chromedriver-75.0.3770.90-lp151.2.9.3
chromedriver-debuginfo-75.0.3770.90-lp151.2.9.3
chromium-75.0.3770.90-lp151.2.9.3
chromium-debuginfo-75.0.3770.90-lp151.2.9.3
chromium-debugsource-75.0.3770.90-lp151.2.9.3

– openSUSE Leap 15.0 (x86_64):

chromedriver-75.0.3770.90-lp150.218.4
chromedriver-debuginfo-75.0.3770.90-lp150.218.4
chromium-75.0.3770.90-lp150.218.4
chromium-debuginfo-75.0.3770.90-lp150.218.4
chromium-debugsource-75.0.3770.90-lp150.218.4

– openSUSE Backports SLE-15 (aarch64 x86_64):

chromedriver-75.0.3770.90-bp150.213.3
chromedriver-debuginfo-75.0.3770.90-bp150.213.3
chromium-75.0.3770.90-bp150.213.3
chromium-debuginfo-75.0.3770.90-bp150.213.3
chromium-debugsource-75.0.3770.90-bp150.213.3

– SUSE Package Hub for SUSE Linux Enterprise 12 (x86_64):

chromedriver-75.0.3770.90-2.1
chromedriver-debuginfo-75.0.3770.90-2.1
chromium-75.0.3770.90-2.1
chromium-debuginfo-75.0.3770.90-2.1
chromium-debugsource-75.0.3770.90-2.1

References:

https://www.suse.com/security/cve/CVE-2019-5787.html
https://www.suse.com/security/cve/CVE-2019-5788.html
https://www.suse.com/security/cve/CVE-2019-5789.html
https://www.suse.com/security/cve/CVE-2019-5790.html
https://www.suse.com/security/cve/CVE-2019-5791.html
https://www.suse.com/security/cve/CVE-2019-5792.html
https://www.suse.com/security/cve/CVE-2019-5793.html
https://www.suse.com/security/cve/CVE-2019-5794.html
https://www.suse.com/security/cve/CVE-2019-5795.html
https://www.suse.com/security/cve/CVE-2019-5796.html
https://www.suse.com/security/cve/CVE-2019-5797.html
https://www.suse.com/security/cve/CVE-2019-5798.html
https://www.suse.com/security/cve/CVE-2019-5799.html
https://www.suse.com/security/cve/CVE-2019-5800.html
https://www.suse.com/security/cve/CVE-2019-5801.html
https://www.suse.com/security/cve/CVE-2019-5802.html
https://www.suse.com/security/cve/CVE-2019-5803.html
https://www.suse.com/security/cve/CVE-2019-5804.html
https://www.suse.com/security/cve/CVE-2019-5805.html
https://www.suse.com/security/cve/CVE-2019-5806.html
https://www.suse.com/security/cve/CVE-2019-5807.html
https://www.suse.com/security/cve/CVE-2019-5808.html
https://www.suse.com/security/cve/CVE-2019-5809.html
https://www.suse.com/security/cve/CVE-2019-5810.html
https://www.suse.com/security/cve/CVE-2019-5811.html
https://www.suse.com/security/cve/CVE-2019-5812.html
https://www.suse.com/security/cve/CVE-2019-5813.html
https://www.suse.com/security/cve/CVE-2019-5814.html
https://www.suse.com/security/cve/CVE-2019-5815.html
https://www.suse.com/security/cve/CVE-2019-5816.html
https://www.suse.com/security/cve/CVE-2019-5817.html
https://www.suse.com/security/cve/CVE-2019-5818.html
https://www.suse.com/security/cve/CVE-2019-5819.html
https://www.suse.com/security/cve/CVE-2019-5820.html
https://www.suse.com/security/cve/CVE-2019-5821.html
https://www.suse.com/security/cve/CVE-2019-5822.html
https://www.suse.com/security/cve/CVE-2019-5823.html
https://www.suse.com/security/cve/CVE-2019-5824.html
https://www.suse.com/security/cve/CVE-2019-5827.html
https://www.suse.com/security/cve/CVE-2019-5828.html
https://www.suse.com/security/cve/CVE-2019-5829.html
https://www.suse.com/security/cve/CVE-2019-5830.html
https://www.suse.com/security/cve/CVE-2019-5831.html
https://www.suse.com/security/cve/CVE-2019-5832.html
https://www.suse.com/security/cve/CVE-2019-5833.html
https://www.suse.com/security/cve/CVE-2019-5834.html
https://www.suse.com/security/cve/CVE-2019-5835.html
https://www.suse.com/security/cve/CVE-2019-5836.html
https://www.suse.com/security/cve/CVE-2019-5837.html
https://www.suse.com/security/cve/CVE-2019-5838.html
https://www.suse.com/security/cve/CVE-2019-5839.html
https://www.suse.com/security/cve/CVE-2019-5840.html
https://www.suse.com/security/cve/CVE-2019-5842.html
https://bugzilla.suse.com/1129059
https://bugzilla.suse.com/1133313
https://bugzilla.suse.com/1134218
https://bugzilla.suse.com/1137332
https://bugzilla.suse.com/1138287


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

openSUSE Security Update: Security update for chromium
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:1666-1
Rating: important
References: #1129059 #1133313 #1134218 #1137332 #1138287

Cross-References: CVE-2019-5787 CVE-2019-5788 CVE-2019-5789
CVE-2019-5790 CVE-2019-5791 CVE-2019-5792
CVE-2019-5793 CVE-2019-5794 CVE-2019-5795
CVE-2019-5796 CVE-2019-5797 CVE-2019-5798
CVE-2019-5799 CVE-2019-5800 CVE-2019-5801
CVE-2019-5802 CVE-2019-5803 CVE-2019-5804
CVE-2019-5805 CVE-2019-5806 CVE-2019-5807
CVE-2019-5808 CVE-2019-5809 CVE-2019-5810
CVE-2019-5811 CVE-2019-5812 CVE-2019-5813
CVE-2019-5814 CVE-2019-5815 CVE-2019-5816
CVE-2019-5817 CVE-2019-5818 CVE-2019-5819
CVE-2019-5820 CVE-2019-5821 CVE-2019-5822
CVE-2019-5823 CVE-2019-5824 CVE-2019-5827
CVE-2019-5828 CVE-2019-5829 CVE-2019-5830
CVE-2019-5831 CVE-2019-5832 CVE-2019-5833
CVE-2019-5834 CVE-2019-5835 CVE-2019-5836
CVE-2019-5837 CVE-2019-5838 CVE-2019-5839
CVE-2019-5840 CVE-2019-5842
Affected Products:
openSUSE Leap 42.3
openSUSE Leap 15.1
openSUSE Leap 15.0
openSUSE Backports SLE-15
______________________________________________________________________________

An update that fixes 53 vulnerabilities is now available.

Description:

This update for chromium fixes the following issues:

Chromium was updated to 75.0.3770.90 (boo#1137332 boo#1138287):

* CVE-2019-5842: Use-after-free in Blink.

Also updated to 75.0.3770.80 boo#1137332:

* CVE-2019-5828: Use after free in ServiceWorker
* CVE-2019-5829: Use after free in Download Manager
* CVE-2019-5830: Incorrectly credentialed requests in CORS
* CVE-2019-5831: Incorrect map processing in V8
* CVE-2019-5832: Incorrect CORS handling in XHR
* CVE-2019-5833: Inconsistent security UI placemen
* CVE-2019-5835: Out of bounds read in Swiftshader
* CVE-2019-5836: Heap buffer overflow in Angle
* CVE-2019-5837: Cross-origin resources size disclosure in Appcache
* CVE-2019-5838: Overly permissive tab access in Extensions
* CVE-2019-5839: Incorrect handling of certain code points in Blink
* CVE-2019-5840: Popup blocker bypass
* Various fixes from internal audits, fuzzing and other initiatives
* CVE-2019-5834: URL spoof in Omnibox on iOS

Update to 74.0.3729.169:

* Feature fixes update only

Update to 74.0.3729.157:

* Various security fixes from internal audits, fuzzing and other
initiatives

Includes security fixes from 74.0.3729.131 (boo#1134218):

* CVE-2019-5827: Out-of-bounds access in SQLite
* CVE-2019-5824: Parameter passing error in media player

Update to 74.0.3729.108 boo#1133313:

* CVE-2019-5805: Use after free in PDFium
* CVE-2019-5806: Integer overflow in Angle
* CVE-2019-5807: Memory corruption in V8
* CVE-2019-5808: Use after free in Blink
* CVE-2019-5809: Use after free in Blink
* CVE-2019-5810: User information disclosure in Autofill
* CVE-2019-5811: CORS bypass in Blink
* CVE-2019-5813: Out of bounds read in V8
* CVE-2019-5814: CORS bypass in Blink
* CVE-2019-5815: Heap buffer overflow in Blink
* CVE-2019-5818: Uninitialized value in media reader
* CVE-2019-5819: Incorrect escaping in developer tools
* CVE-2019-5820: Integer overflow in PDFium
* CVE-2019-5821: Integer overflow in PDFium
* CVE-2019-5822: CORS bypass in download manager
* CVE-2019-5823: Forced navigation from service worker
* CVE-2019-5812: URL spoof in Omnibox on iOS
* CVE-2019-5816: Exploit persistence extension on Android
* CVE-2019-5817: Heap buffer overflow in Angle on Windows

Update to 73.0.3686.103:
* Various feature fixes

Update to 73.0.3683.86:

* Just feature fixes around

– Update conditions to use system harfbuzz on TW+
– Require java during build
– Enable using pipewire when available
– Rebase chromium-vaapi.patch to match up the Fedora one

Update to 73.0.3683.75 boo#1129059:

* CVE-2019-5787: Use after free in Canvas.
* CVE-2019-5788: Use after free in FileAPI.
* CVE-2019-5789: Use after free in WebMIDI.
* CVE-2019-5790: Heap buffer overflow in V8.
* CVE-2019-5791: Type confusion in V8.
* CVE-2019-5792: Integer overflow in PDFium.
* CVE-2019-5793: Excessive permissions for private API in Extensions.
* CVE-2019-5794: Security UI spoofing.
* CVE-2019-5795: Integer overflow in PDFium.
* CVE-2019-5796: Race condition in Extensions.
* CVE-2019-5797: Race condition in DOMStorage.
* CVE-2019-5798: Out of bounds read in Skia.
* CVE-2019-5799: CSP bypass with blob URL.
* CVE-2019-5800: CSP bypass with blob URL.
* CVE-2019-5801: Incorrect Omnibox display on iOS.
* CVE-2019-5802: Security UI spoofing.
* CVE-2019-5803: CSP bypass with Javascript URLs’.
* CVE-2019-5804: Command line command injection on Windows.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

– openSUSE Leap 42.3:

zypper in -t patch openSUSE-2019-1666=1

– openSUSE Leap 15.1:

zypper in -t patch openSUSE-2019-1666=1

– openSUSE Leap 15.0:

zypper in -t patch openSUSE-2019-1666=1

– openSUSE Backports SLE-15:

zypper in -t patch openSUSE-2019-1666=1

Package List:

– openSUSE Leap 42.3 (x86_64):

chromedriver-75.0.3770.90-217.1
chromedriver-debuginfo-75.0.3770.90-217.1
chromium-75.0.3770.90-217.1
chromium-debuginfo-75.0.3770.90-217.1
chromium-debugsource-75.0.3770.90-217.1

– openSUSE Leap 15.1 (x86_64):

chromedriver-75.0.3770.90-lp151.2.9.3
chromedriver-debuginfo-75.0.3770.90-lp151.2.9.3
chromium-75.0.3770.90-lp151.2.9.3
chromium-debuginfo-75.0.3770.90-lp151.2.9.3
chromium-debugsource-75.0.3770.90-lp151.2.9.3

– openSUSE Leap 15.0 (x86_64):

chromedriver-75.0.3770.90-lp150.218.4
chromedriver-debuginfo-75.0.3770.90-lp150.218.4
chromium-75.0.3770.90-lp150.218.4
chromium-debuginfo-75.0.3770.90-lp150.218.4
chromium-debugsource-75.0.3770.90-lp150.218.4

– openSUSE Backports SLE-15 (aarch64 x86_64):

chromedriver-75.0.3770.90-bp150.213.3
chromedriver-debuginfo-75.0.3770.90-bp150.213.3
chromium-75.0.3770.90-bp150.213.3
chromium-debuginfo-75.0.3770.90-bp150.213.3
chromium-debugsource-75.0.3770.90-bp150.213.3

References:

https://www.suse.com/security/cve/CVE-2019-5787.html
https://www.suse.com/security/cve/CVE-2019-5788.html
https://www.suse.com/security/cve/CVE-2019-5789.html
https://www.suse.com/security/cve/CVE-2019-5790.html
https://www.suse.com/security/cve/CVE-2019-5791.html
https://www.suse.com/security/cve/CVE-2019-5792.html
https://www.suse.com/security/cve/CVE-2019-5793.html
https://www.suse.com/security/cve/CVE-2019-5794.html
https://www.suse.com/security/cve/CVE-2019-5795.html
https://www.suse.com/security/cve/CVE-2019-5796.html
https://www.suse.com/security/cve/CVE-2019-5797.html
https://www.suse.com/security/cve/CVE-2019-5798.html
https://www.suse.com/security/cve/CVE-2019-5799.html
https://www.suse.com/security/cve/CVE-2019-5800.html
https://www.suse.com/security/cve/CVE-2019-5801.html
https://www.suse.com/security/cve/CVE-2019-5802.html
https://www.suse.com/security/cve/CVE-2019-5803.html
https://www.suse.com/security/cve/CVE-2019-5804.html
https://www.suse.com/security/cve/CVE-2019-5805.html
https://www.suse.com/security/cve/CVE-2019-5806.html
https://www.suse.com/security/cve/CVE-2019-5807.html
https://www.suse.com/security/cve/CVE-2019-5808.html
https://www.suse.com/security/cve/CVE-2019-5809.html
https://www.suse.com/security/cve/CVE-2019-5810.html
https://www.suse.com/security/cve/CVE-2019-5811.html
https://www.suse.com/security/cve/CVE-2019-5812.html
https://www.suse.com/security/cve/CVE-2019-5813.html
https://www.suse.com/security/cve/CVE-2019-5814.html
https://www.suse.com/security/cve/CVE-2019-5815.html
https://www.suse.com/security/cve/CVE-2019-5816.html
https://www.suse.com/security/cve/CVE-2019-5817.html
https://www.suse.com/security/cve/CVE-2019-5818.html
https://www.suse.com/security/cve/CVE-2019-5819.html
https://www.suse.com/security/cve/CVE-2019-5820.html
https://www.suse.com/security/cve/CVE-2019-5821.html
https://www.suse.com/security/cve/CVE-2019-5822.html
https://www.suse.com/security/cve/CVE-2019-5823.html
https://www.suse.com/security/cve/CVE-2019-5824.html
https://www.suse.com/security/cve/CVE-2019-5827.html
https://www.suse.com/security/cve/CVE-2019-5828.html
https://www.suse.com/security/cve/CVE-2019-5829.html
https://www.suse.com/security/cve/CVE-2019-5830.html
https://www.suse.com/security/cve/CVE-2019-5831.html
https://www.suse.com/security/cve/CVE-2019-5832.html
https://www.suse.com/security/cve/CVE-2019-5833.html
https://www.suse.com/security/cve/CVE-2019-5834.html
https://www.suse.com/security/cve/CVE-2019-5835.html
https://www.suse.com/security/cve/CVE-2019-5836.html
https://www.suse.com/security/cve/CVE-2019-5837.html
https://www.suse.com/security/cve/CVE-2019-5838.html
https://www.suse.com/security/cve/CVE-2019-5839.html
https://www.suse.com/security/cve/CVE-2019-5840.html
https://www.suse.com/security/cve/CVE-2019-5842.html
https://bugzilla.suse.com/1129059
https://bugzilla.suse.com/1133313
https://bugzilla.suse.com/1134218
https://bugzilla.suse.com/1137332
https://bugzilla.suse.com/1138287


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

Top
More in Preporuke
Sigurnosni nedostatak jezgre operacijskog sustava

Otkriven je sigurnosni nedostatak jezgre operacijskog sustava Fedora. Otkriveni nedostatak potencijalnim napadačima omogućuje izazivanje DoS stanja. Savjetuje se ažuriranje izdanim...

Close