openSUSE: 2019:2425-1: important: chromium, re2

    Date03 Nov 2019
    CategoryopenSUSE
    231
    Posted ByLinuxSecurity Advisories
    An update that fixes 21 vulnerabilities is now available.
       openSUSE Security Update: Security update for chromium, re2
    ______________________________________________________________________________
    
    Announcement ID:    openSUSE-SU-2019:2425-1
    Rating:             important
    References:         #1154806 
    Cross-References:   CVE-2019-13699 CVE-2019-13700 CVE-2019-13701
                        CVE-2019-13702 CVE-2019-13703 CVE-2019-13704
                        CVE-2019-13705 CVE-2019-13706 CVE-2019-13707
                        CVE-2019-13708 CVE-2019-13709 CVE-2019-13710
                        CVE-2019-13711 CVE-2019-13713 CVE-2019-13714
                        CVE-2019-13715 CVE-2019-13716 CVE-2019-13717
                        CVE-2019-13718 CVE-2019-13719 CVE-2019-15903
                       
    Affected Products:
                        openSUSE Backports SLE-15-SP1
    ______________________________________________________________________________
    
       An update that fixes 21 vulnerabilities is now available.
    
    Description:
    
       This update for chromium, re2 fixes the following issues:
    
       Chromium was updated to 78.0.3904.70 boo#1154806:
    
       * CVE-2019-13699: Use-after-free in media
       * CVE-2019-13700: Buffer overrun in Blink
       * CVE-2019-13701: URL spoof in navigation
       * CVE-2019-13702: Privilege elevation in Installer
       * CVE-2019-13703: URL bar spoofing
       * CVE-2019-13704: CSP bypass
       * CVE-2019-13705: Extension permission bypass
       * CVE-2019-13706: Out-of-bounds read in PDFium
       * CVE-2019-13707: File storage disclosure
       * CVE-2019-13708: HTTP authentication spoof
       * CVE-2019-13709: File download protection bypass
       * CVE-2019-13710: File download protection bypass
       * CVE-2019-13711: Cross-context information leak
       * CVE-2019-15903: Buffer overflow in expat
       * CVE-2019-13713: Cross-origin data leak
       * CVE-2019-13714: CSS injection
       * CVE-2019-13715: Address bar spoofing
       * CVE-2019-13716: Service worker state error
       * CVE-2019-13717: Notification obscured
       * CVE-2019-13718: IDN spoof
       * CVE-2019-13719: Notification obscured
       * Various fixes from internal audits, fuzzing and other initiatives
    
       - Use internal resources for icon and appdata
    
    
       This update was imported from the openSUSE:Leap:15.1:Update update project.
    
    
    Patch Instructions:
    
       To install this openSUSE Security Update use the SUSE recommended installation methods
       like YaST online_update or "zypper patch".
    
       Alternatively you can run the command listed for your product:
    
       - openSUSE Backports SLE-15-SP1:
    
          zypper in -t patch openSUSE-2019-2425=1
    
    
    
    Package List:
    
       - openSUSE Backports SLE-15-SP1 (aarch64 ppc64le s390x x86_64):
    
          libre2-0-20190901-bp151.6.3.1
          libre2-0-debuginfo-20190901-bp151.6.3.1
          re2-debugsource-20190901-bp151.6.3.1
          re2-devel-20190901-bp151.6.3.1
    
       - openSUSE Backports SLE-15-SP1 (aarch64 x86_64):
    
          chromedriver-78.0.3904.70-bp151.3.21.1
          chromium-78.0.3904.70-bp151.3.21.1
    
       - openSUSE Backports SLE-15-SP1 (aarch64_ilp32):
    
          libre2-0-64bit-20190901-bp151.6.3.1
          libre2-0-64bit-debuginfo-20190901-bp151.6.3.1
    
    
    References:
    
       https://www.suse.com/security/cve/CVE-2019-13699.html
       https://www.suse.com/security/cve/CVE-2019-13700.html
       https://www.suse.com/security/cve/CVE-2019-13701.html
       https://www.suse.com/security/cve/CVE-2019-13702.html
       https://www.suse.com/security/cve/CVE-2019-13703.html
       https://www.suse.com/security/cve/CVE-2019-13704.html
       https://www.suse.com/security/cve/CVE-2019-13705.html
       https://www.suse.com/security/cve/CVE-2019-13706.html
       https://www.suse.com/security/cve/CVE-2019-13707.html
       https://www.suse.com/security/cve/CVE-2019-13708.html
       https://www.suse.com/security/cve/CVE-2019-13709.html
       https://www.suse.com/security/cve/CVE-2019-13710.html
       https://www.suse.com/security/cve/CVE-2019-13711.html
       https://www.suse.com/security/cve/CVE-2019-13713.html
       https://www.suse.com/security/cve/CVE-2019-13714.html
       https://www.suse.com/security/cve/CVE-2019-13715.html
       https://www.suse.com/security/cve/CVE-2019-13716.html
       https://www.suse.com/security/cve/CVE-2019-13717.html
       https://www.suse.com/security/cve/CVE-2019-13718.html
       https://www.suse.com/security/cve/CVE-2019-13719.html
       https://www.suse.com/security/cve/CVE-2019-15903.html
       https://bugzilla.suse.com/1154806
    
    -- 
    

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"66","type":"x","order":"1","pct":57.39,"resources":[]},{"id":"88","title":"Should be more technical","votes":"15","type":"x","order":"2","pct":13.04,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"34","type":"x","order":"3","pct":29.57,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.