openSUSE: 2019:1853-1: important: chromium

    Date13 Aug 2019
    CategoryopenSUSE
    376
    Posted ByLinuxSecurity Advisories
    An update that fixes 16 vulnerabilities is now available.
       openSUSE Security Update: Security update for chromium
    ______________________________________________________________________________
    
    Announcement ID:    openSUSE-SU-2019:1853-1
    Rating:             important
    References:         #1143492 #1144625 
    Cross-References:   CVE-2019-5850 CVE-2019-5851 CVE-2019-5852
                        CVE-2019-5853 CVE-2019-5854 CVE-2019-5855
                        CVE-2019-5856 CVE-2019-5857 CVE-2019-5858
                        CVE-2019-5859 CVE-2019-5860 CVE-2019-5861
                        CVE-2019-5862 CVE-2019-5863 CVE-2019-5864
                        CVE-2019-5865
    Affected Products:
                        openSUSE Backports SLE-15
    ______________________________________________________________________________
    
       An update that fixes 16 vulnerabilities is now available.
    
    Description:
    
       This update for chromium to version 76.0.3809.87 fixes the following
       issues:
    
       - CVE-2019-5850: Use-after-free in offline page fetcher (boo#1143492)
       - CVE-2019-5860: Use-after-free in PDFium (boo#1143492)
       - CVE-2019-5853: Memory corruption in regexp length check (boo#1143492)
       - CVE-2019-5851: Use-after-poison in offline audio context (boo#1143492)
       - CVE-2019-5859: res: URIs can load alternative browsers (boo#1143492)
       - CVE-2019-5856: Insufficient checks on filesystem: URI permissions
         (boo#1143492)
       - CVE-2019-5855: Integer overflow in PDFium (boo#1143492)
       - CVE-2019-5865: Site isolation bypass from compromised renderer
         (boo#1143492)
       - CVE-2019-5858: Insufficient filtering of Open URL service parameters
         (boo#1143492)
       - CVE-2019-5864: Insufficient port filtering in CORS for extensions
         (boo#1143492)
       - CVE-2019-5862: AppCache not robust to compromised renderers (boo#1143492)
       - CVE-2019-5861: Click location incorrectly checked (boo#1143492)
       - CVE-2019-5857: Comparison of -0 and null yields crash (boo#1143492)
       - CVE-2019-5854: Integer overflow in PDFium text rendering (boo#1143492)
       - CVE-2019-5852: Object leak of utility functions (boo#1143492)
    
       This update was imported from the openSUSE:Leap:15.0:Update update project.
    
    
    Patch Instructions:
    
       To install this openSUSE Security Update use the SUSE recommended installation methods
       like YaST online_update or "zypper patch".
    
       Alternatively you can run the command listed for your product:
    
       - openSUSE Backports SLE-15:
    
          zypper in -t patch openSUSE-2019-1853=1
    
    
    
    Package List:
    
       - openSUSE Backports SLE-15 (aarch64 x86_64):
    
          chromedriver-76.0.3809.87-bp150.220.1
          chromium-76.0.3809.87-bp150.220.1
    
    
    References:
    
       https://www.suse.com/security/cve/CVE-2019-5850.html
       https://www.suse.com/security/cve/CVE-2019-5851.html
       https://www.suse.com/security/cve/CVE-2019-5852.html
       https://www.suse.com/security/cve/CVE-2019-5853.html
       https://www.suse.com/security/cve/CVE-2019-5854.html
       https://www.suse.com/security/cve/CVE-2019-5855.html
       https://www.suse.com/security/cve/CVE-2019-5856.html
       https://www.suse.com/security/cve/CVE-2019-5857.html
       https://www.suse.com/security/cve/CVE-2019-5858.html
       https://www.suse.com/security/cve/CVE-2019-5859.html
       https://www.suse.com/security/cve/CVE-2019-5860.html
       https://www.suse.com/security/cve/CVE-2019-5861.html
       https://www.suse.com/security/cve/CVE-2019-5862.html
       https://www.suse.com/security/cve/CVE-2019-5863.html
       https://www.suse.com/security/cve/CVE-2019-5864.html
       https://www.suse.com/security/cve/CVE-2019-5865.html
       https://bugzilla.suse.com/1143492
       https://bugzilla.suse.com/1144625
    
    -- 
    

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"64","type":"x","order":"1","pct":57.14,"resources":[]},{"id":"88","title":"Should be more technical","votes":"15","type":"x","order":"2","pct":13.39,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"33","type":"x","order":"3","pct":29.46,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.