Alerts This Week
Warning Icon 1 687
Alerts This Week
Warning Icon 1 687

openSUSE: 2019:1848-1 Critical Update: Chromium Security Patch Release

opensuse
Calendar Grey August 12, 2019
Dist Opensuse Esm H88
A significant enhancement for Fedora tackles 12 vulnerabilities in Firefox, boosting performance and safeguarding user data.
An update that fixes 16 vulnerabilities is now available.

Description

This update for chromium to version 76.0.3809.87 fixes the following

issues:

- CVE-2019-5850: Use-after-free in offline page fetcher (boo#1143492)

- CVE-2019-5860: Use-after-free in PDFium (boo#1143492)

- CVE-2019-5853: Memory corruption in regexp length check (boo#1143492)

- CVE-2019-5851: Use-after-poison in offline audio context (boo#1143492)

- CVE-2019-5859: res: URIs can load alternative browsers (boo#1143492)

- CVE-2019-5856: Insufficient checks on filesystem: URI permissions

(boo#1143492)

- CVE-2019-5855: Integer overflow in PDFium (boo#1143492)

- CVE-2019-5865: Site isolation bypass from compromised renderer

(boo#1143492)

- CVE-2019-5858: Insufficient filtering of Open URL service parameters (boo#1143492)

- CVE-2019-5864: Insufficient port filtering in CORS for extensions

(boo#1143492)

- CVE-2019-5862: AppCache not robust to compromised renderers (boo#1143492)

- CVE-2019-5861: Click location incorrectly checked...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory update important threat issue openSUSE chromium

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2019-1848=1

Package List

- openSUSE Leap 15.0 (x86_64):

chromedriver-76.0.3809.87-lp150.224.1

chromedriver-debuginfo-76.0.3809.87-lp150.224.1

chromium-76.0.3809.87-lp150.224.1

chromium-debuginfo-76.0.3809.87-lp150.224.1

chromium-debugsource-76.0.3809.87-lp150.224.1

References

https://www.suse.com/security/cve/CVE-2019-5850.html

https://www.suse.com/security/cve/CVE-2019-5851.html

https://www.suse.com/security/cve/CVE-2019-5852.html

https://www.suse.com/security/cve/CVE-2019-5853.html

https://www.suse.com/security/cve/CVE-2019-5854.html

https://www.suse.com/security/cve/CVE-2019-5855.html

https://www.suse.com/security/cve/CVE-2019-5856.html

https://www.suse.com/security/cve/CVE-2019-5857.html

https://www.suse.com/security/cve/CVE-2019-5858.html

https://www.suse.com/security/cve/CVE-2019-5859.html

https://www.suse.com/security/cve/CVE-2019-5860.html

https://www.suse.com/security/cve/CVE-2019-5861.html

https://www.suse.com/security/cve/CVE-2019-5862.html

https://www.suse.com/security/cve/CVE-2019-5863.html

https://www.suse.com/security/cve/CVE-2019-5864.html

https://www.suse.com/security/cve/CVE-2019-5865.html

https://bugzilla.suse.com/1143492

https://bugzilla.suse.com/1144625

--

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2019:1848-1
Rating: important
Affected Products: openSUSE Leap 15.0

Topics%20covered

Topics Covered

security advisory update important threat issue openSUSE chromium

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here