openSUSE: 2019:2155-1: important: chromium

    Date20 Sep 2019
    Posted ByLinuxSecurity Advisories
    An update that fixes 35 vulnerabilities is now available.
       openSUSE Security Update: Security update for chromium
    Announcement ID:    openSUSE-SU-2019:2155-1
    Rating:             important
    References:         #1150425 
    Cross-References:   CVE-2019-13659 CVE-2019-13660 CVE-2019-13661
                        CVE-2019-13662 CVE-2019-13663 CVE-2019-13664
                        CVE-2019-13665 CVE-2019-13666 CVE-2019-13667
                        CVE-2019-13668 CVE-2019-13669 CVE-2019-13670
                        CVE-2019-13671 CVE-2019-13673 CVE-2019-13674
                        CVE-2019-13675 CVE-2019-13676 CVE-2019-13677
                        CVE-2019-13678 CVE-2019-13679 CVE-2019-13680
                        CVE-2019-13681 CVE-2019-13682 CVE-2019-13683
                        CVE-2019-5870 CVE-2019-5871 CVE-2019-5872
                        CVE-2019-5874 CVE-2019-5875 CVE-2019-5876
                        CVE-2019-5877 CVE-2019-5878 CVE-2019-5879
                        CVE-2019-5880 CVE-2019-5881
    Affected Products:
                        openSUSE Backports SLE-15
       An update that fixes 35 vulnerabilities is now available.
       This update for chromium fixes the following issues:
       Security issues fixed:
       - CVE-2019-5870: Fixed a use-after-free in media. (boo#1150425)
       - CVE-2019-5871: Fixed a heap overflow in Skia. (boo#1150425)
       - CVE-2019-5872: Fixed a use-after-free in Mojo (boo#1150425)
       - CVE-2019-5874: Fixed a behavior that made external URIs trigger other
         browsers. (boo#1150425)
       - CVE-2019-5875: Fixed a URL bar spoof via download redirect. (boo#1150425)
       - CVE-2019-5876: Fixed a use-after-free in media (boo#1150425)
       - CVE-2019-5877: Fixed an out-of-bounds access in V8. (boo#1150425)
       - CVE-2019-5878: Fixed a use-after-free in V8. (boo#1150425)
       - CVE-2019-5879: Fixed an extension issue that allowed the bypass of a
         same origin policy. (boo#1150425)
       - CVE-2019-5880: Fixed a SameSite cookie bypass. (boo#1150425)
       - CVE-2019-5881: Fixed an arbitrary read in SwiftShader. (boo#1150425)
       - CVE-2019-13659: Fixed an URL spoof. (boo#1150425)
       - CVE-2019-13660: Fixed a full screen notification overlap. (boo#1150425)
       - CVE-2019-13661: Fixed a full screen notification spoof. (boo#1150425)
       - CVE-2019-13662: Fixed a CSP bypass. (boo#1150425)
       - CVE-2019-13663: Fixed an IDN spoof. (boo#1150425)
       - CVE-2019-13664: Fixed a CSRF bypass. (boo#1150425)
       - CVE-2019-13665: Fixed a multiple file download protection bypass.
       - CVE-2019-13666: Fixed a side channel weakness using storage size
         estimate. (boo#1150425)
       - CVE-2019-13667: Fixed a URI bar spoof when using external app URIs.
       - CVE-2019-13668: Fixed a global window leak via console. (boo#1150425)
       - CVE-2019-13669: Fixed an HTTP authentication spoof. (boo#1150425)
       - CVE-2019-13670: Fixed a V8 memory corruption in regex. (boo#1150425)
       - CVE-2019-13671: Fixed a dialog box that failed to show the origin.
       - CVE-2019-13673: Fixed a cross-origin information leak using devtools.
       - CVE-2019-13674: Fixed an IDN spoofing opportunity. (boo#1150425)
       - CVE-2019-13675: Fixed an error that allowed extensions to be disabled by
         trailing slash. (boo#1150425)
       - CVE-2019-13676: Fixed a mistakenly shown Google URI in certificate
         warnings. (boo#1150425)
       - CVE-2019-13677: Fixed a lack of isolation in Chrome web store origin.
       - CVE-2019-13678: Fixed a download dialog spoofing opportunity.
       - CVE-2019-13679: Fixed a the necessity of a user gesture for printing.
       - CVE-2019-13680: Fixed an IP address spoofing error. (boo#1150425)
       - CVE-2019-13681: Fixed a bypass on download restrictions. (boo#1150425)
       - CVE-2019-13682: Fixed a site isolation bypass. (boo#1150425)
       - CVE-2019-13683: Fixed an exception leaked by devtools. (boo#1150425)
       This update was imported from the openSUSE:Leap:15.0:Update update project.
    Patch Instructions:
       To install this openSUSE Security Update use the SUSE recommended installation methods
       like YaST online_update or "zypper patch".
       Alternatively you can run the command listed for your product:
       - openSUSE Backports SLE-15:
          zypper in -t patch openSUSE-2019-2155=1
    Package List:
       - openSUSE Backports SLE-15 (aarch64 x86_64):
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the LinuxSecurity Privacy news articles?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    [{"id":"90","title":"Love them!","votes":"29","type":"x","order":"1","pct":90.63,"resources":[]},{"id":"91","title":"I'm indifferent","votes":"2","type":"x","order":"2","pct":6.25,"resources":[]},{"id":"92","title":"Not interested in this topic","votes":"1","type":"x","order":"3","pct":3.13,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.