openSUSE: 2019:1436-1: important: chromium

    Date22 May 2019
    CategoryopenSUSE
    350
    Posted ByLinuxSecurity Advisories
    An update that fixes 19 vulnerabilities is now available.
       openSUSE Security Update: Security update for chromium
    ______________________________________________________________________________
    
    Announcement ID:    openSUSE-SU-2019:1436-1
    Rating:             important
    References:         #1133313 
    Cross-References:   CVE-2019-5805 CVE-2019-5806 CVE-2019-5807
                        CVE-2019-5808 CVE-2019-5809 CVE-2019-5810
                        CVE-2019-5811 CVE-2019-5812 CVE-2019-5813
                        CVE-2019-5814 CVE-2019-5815 CVE-2019-5816
                        CVE-2019-5817 CVE-2019-5818 CVE-2019-5819
                        CVE-2019-5820 CVE-2019-5821 CVE-2019-5822
                        CVE-2019-5823
    Affected Products:
                        openSUSE Backports SLE-15
    ______________________________________________________________________________
    
       An update that fixes 19 vulnerabilities is now available.
    
    Description:
    
       This update for chromium fixes the following issues:
    
       Chromium was updated to 74.0.3729.108 boo#1133313:
    
       * CVE-2019-5805: Use after free in PDFium
       * CVE-2019-5806: Integer overflow in Angle
       * CVE-2019-5807: Memory corruption in V8
       * CVE-2019-5808: Use after free in Blink
       * CVE-2019-5809: Use after free in Blink
       * CVE-2019-5810: User information disclosure in Autofill
       * CVE-2019-5811: CORS bypass in Blink
       * CVE-2019-5813: Out of bounds read in V8
       * CVE-2019-5814: CORS bypass in Blink
       * CVE-2019-5815: Heap buffer overflow in Blink
       * CVE-2019-5818: Uninitialized value in media reader
       * CVE-2019-5819: Incorrect escaping in developer tools
       * CVE-2019-5820: Integer overflow in PDFium
       * CVE-2019-5821: Integer overflow in PDFium
       * CVE-2019-5822: CORS bypass in download manager
       * CVE-2019-5823: Forced navigation from service worker
       * CVE-2019-5812: URL spoof in Omnibox on iOS
       * CVE-2019-5816: Exploit persistence extension on Android
       * CVE-2019-5817: Heap buffer overflow in Angle on Windows
    
       - Update conditions to use system harfbuzz on TW+
       - Require java during build
       - Enable using pipewire when available
    
       This update was imported from the openSUSE:Leap:15.0:Update update project.
    
    
    Patch Instructions:
    
       To install this openSUSE Security Update use the SUSE recommended installation methods
       like YaST online_update or "zypper patch".
    
       Alternatively you can run the command listed for your product:
    
       - openSUSE Backports SLE-15:
    
          zypper in -t patch openSUSE-2019-1436=1
    
    
    
    Package List:
    
       - openSUSE Backports SLE-15 (x86_64):
    
          chromedriver-74.0.3729.108-bp150.207.1
          chromium-74.0.3729.108-bp150.207.1
    
    
    References:
    
       https://www.suse.com/security/cve/CVE-2019-5805.html
       https://www.suse.com/security/cve/CVE-2019-5806.html
       https://www.suse.com/security/cve/CVE-2019-5807.html
       https://www.suse.com/security/cve/CVE-2019-5808.html
       https://www.suse.com/security/cve/CVE-2019-5809.html
       https://www.suse.com/security/cve/CVE-2019-5810.html
       https://www.suse.com/security/cve/CVE-2019-5811.html
       https://www.suse.com/security/cve/CVE-2019-5812.html
       https://www.suse.com/security/cve/CVE-2019-5813.html
       https://www.suse.com/security/cve/CVE-2019-5814.html
       https://www.suse.com/security/cve/CVE-2019-5815.html
       https://www.suse.com/security/cve/CVE-2019-5816.html
       https://www.suse.com/security/cve/CVE-2019-5817.html
       https://www.suse.com/security/cve/CVE-2019-5818.html
       https://www.suse.com/security/cve/CVE-2019-5819.html
       https://www.suse.com/security/cve/CVE-2019-5820.html
       https://www.suse.com/security/cve/CVE-2019-5821.html
       https://www.suse.com/security/cve/CVE-2019-5822.html
       https://www.suse.com/security/cve/CVE-2019-5823.html
       https://bugzilla.suse.com/1133313
    
    -- 
    

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"15","type":"x","order":"1","pct":53.57,"resources":[]},{"id":"88","title":"Should be more technical","votes":"4","type":"x","order":"2","pct":14.29,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"9","type":"x","order":"3","pct":32.14,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.