Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 428
Alerts This Week
Warning Icon 1 428

openSUSE: 2019:1901-1 Critical: Fixes for Various Chromium Security Flaws

opensuse
Calendar Grey August 15, 2019
Dist Opensuse Esm H88
This patch resolves critical vulnerabilities in Firefox for Fedora, boosting overall protection and user security.
An update that fixes 16 vulnerabilities is now available.

Description

This update for chromium to version 76.0.3809.87 fixes the following

issues:

- CVE-2019-5850: Use-after-free in offline page fetcher (boo#1143492)

- CVE-2019-5860: Use-after-free in PDFium (boo#1143492)

- CVE-2019-5853: Memory corruption in regexp length check (boo#1143492)

- CVE-2019-5851: Use-after-poison in offline audio context (boo#1143492)

- CVE-2019-5859: res: URIs can load alternative browsers (boo#1143492)

- CVE-2019-5856: Insufficient checks on filesystem: URI permissions

(boo#1143492)

- CVE-2019-5855: Integer overflow in PDFium (boo#1143492)

- CVE-2019-5865: Site isolation bypass from compromised renderer

(boo#1143492)

- CVE-2019-5858: Insufficient filtering of Open URL service parameters (boo#1143492)

- CVE-2019-5864: Insufficient port filtering in CORS for extensions

(boo#1143492)

- CVE-2019-5862: AppCache not robust to compromised renderers (boo#1143492)

- CVE-2019-5861: Click location incorrectly checked...

Read the Full Advisory

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP1:

zypper in -t patch openSUSE-2019-1901=1

Package List

- openSUSE Backports SLE-15-SP1 (aarch64 x86_64):

chromedriver-76.0.3809.87-bp151.3.3.3

chromium-76.0.3809.87-bp151.3.3.3

References

https://www.suse.com/security/cve/CVE-2019-5850.html

https://www.suse.com/security/cve/CVE-2019-5851.html

https://www.suse.com/security/cve/CVE-2019-5852.html

https://www.suse.com/security/cve/CVE-2019-5853.html

https://www.suse.com/security/cve/CVE-2019-5854.html

https://www.suse.com/security/cve/CVE-2019-5855.html

https://www.suse.com/security/cve/CVE-2019-5856.html

https://www.suse.com/security/cve/CVE-2019-5857.html

https://www.suse.com/security/cve/CVE-2019-5858.html

https://www.suse.com/security/cve/CVE-2019-5859.html

https://www.suse.com/security/cve/CVE-2019-5860.html

https://www.suse.com/security/cve/CVE-2019-5861.html

https://www.suse.com/security/cve/CVE-2019-5862.html

https://www.suse.com/security/cve/CVE-2019-5863.html

https://www.suse.com/security/cve/CVE-2019-5864.html

https://www.suse.com/security/cve/CVE-2019-5865.html

https://bugzilla.suse.com/1143492

https://bugzilla.suse.com/1144625

--

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2019:1901-1
Rating: important
Affected Products: openSUSE Backports SLE-15-SP1

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.