openSUSE: 2019:2447-1: important: chromium

    Date06 Nov 2019
    CategoryopenSUSE
    175
    Posted ByLinuxSecurity Advisories
    Opensuse Large
    An update that fixes 86 vulnerabilities is now available.
       openSUSE Security Update: Security update for chromium
    ______________________________________________________________________________
    
    Announcement ID:    openSUSE-SU-2019:2447-1
    Rating:             important
    References:         #1143492 #1144625 #1145242 #1146219 #1149143 
                        #1150425 #1151229 #1153660 #1154806 #1155643 
                        
    Cross-References:   CVE-2019-13659 CVE-2019-13660 CVE-2019-13661
                        CVE-2019-13662 CVE-2019-13663 CVE-2019-13664
                        CVE-2019-13665 CVE-2019-13666 CVE-2019-13667
                        CVE-2019-13668 CVE-2019-13669 CVE-2019-13670
                        CVE-2019-13671 CVE-2019-13673 CVE-2019-13674
                        CVE-2019-13675 CVE-2019-13676 CVE-2019-13677
                        CVE-2019-13678 CVE-2019-13679 CVE-2019-13680
                        CVE-2019-13681 CVE-2019-13682 CVE-2019-13683
                        CVE-2019-13685 CVE-2019-13686 CVE-2019-13687
                        CVE-2019-13688 CVE-2019-13693 CVE-2019-13694
                        CVE-2019-13695 CVE-2019-13696 CVE-2019-13697
                        CVE-2019-13699 CVE-2019-13700 CVE-2019-13701
                        CVE-2019-13702 CVE-2019-13703 CVE-2019-13704
                        CVE-2019-13705 CVE-2019-13706 CVE-2019-13707
                        CVE-2019-13708 CVE-2019-13709 CVE-2019-13710
                        CVE-2019-13711 CVE-2019-13713 CVE-2019-13714
                        CVE-2019-13715 CVE-2019-13716 CVE-2019-13717
                        CVE-2019-13718 CVE-2019-13719 CVE-2019-13720
                        CVE-2019-13721 CVE-2019-15903 CVE-2019-5850
                        CVE-2019-5851 CVE-2019-5852 CVE-2019-5853
                        CVE-2019-5854 CVE-2019-5855 CVE-2019-5856
                        CVE-2019-5857 CVE-2019-5858 CVE-2019-5859
                        CVE-2019-5860 CVE-2019-5861 CVE-2019-5862
                        CVE-2019-5863 CVE-2019-5864 CVE-2019-5865
                        CVE-2019-5867 CVE-2019-5868 CVE-2019-5869
                        CVE-2019-5870 CVE-2019-5871 CVE-2019-5872
                        CVE-2019-5874 CVE-2019-5875 CVE-2019-5876
                        CVE-2019-5877 CVE-2019-5878 CVE-2019-5879
                        CVE-2019-5880 CVE-2019-5881
    Affected Products:
                        SUSE Package Hub for SUSE Linux Enterprise 12
    ______________________________________________________________________________
    
       An update that fixes 86 vulnerabilities is now available.
    
    Description:
    
       This update for chromium fixes the following issues:
    
       Chromium was updated to 78.0.3904.87:
       (boo#1155643,boo#1154806,boo#1153660,
       boo#1151229,boo#1149143,boo#1145242,boo#1143492)
    
       Security issues fixed with this version update:
    
         * CVE-2019-13721: Use-after-free in PDFium
         * CVE-2019-13720: Use-after-free in audio
         * CVE-2019-13699: Use-after-free in media
         * CVE-2019-13700: Buffer overrun in Blink
         * CVE-2019-13701: URL spoof in navigation
         * CVE-2019-13702: Privilege elevation in Installer
         * CVE-2019-13703: URL bar spoofing
         * CVE-2019-13704: CSP bypass
         * CVE-2019-13705: Extension permission bypass
         * CVE-2019-13706: Out-of-bounds read in PDFium
         * CVE-2019-13707: File storage disclosure
         * CVE-2019-13708: HTTP authentication spoof
         * CVE-2019-13709: File download protection bypass
         * CVE-2019-13710: File download protection bypass
         * CVE-2019-13711: Cross-context information leak
         * CVE-2019-15903: Buffer overflow in expat
         * CVE-2019-13713: Cross-origin data leak
         * CVE-2019-13714: CSS injection
         * CVE-2019-13715: Address bar spoofing
         * CVE-2019-13716: Service worker state error
         * CVE-2019-13717: Notification obscured
         * CVE-2019-13718: IDN spoof
         * CVE-2019-13719: Notification obscured
         * CVE-2019-13693: Use-after-free in IndexedDB
         * CVE-2019-13694: Use-after-free in WebRTC
         * CVE-2019-13695: Use-after-free in audio
         * CVE-2019-13696: Use-after-free in V8
         * CVE-2019-13697: Cross-origin size leak.
         * CVE-2019-13685: Use-after-free in UI
         * CVE-2019-13688: Use-after-free in media
         * CVE-2019-13687: Use-after-free in media
         * CVE-2019-13686: Use-after-free in offline pages
         * CVE-2019-5870: Use-after-free in media
         * CVE-2019-5871: Heap overflow in Skia
         * CVE-2019-5872: Use-after-free in Mojo
         * CVE-2019-5874: External URIs may trigger other browsers
         * CVE-2019-5875: URL bar spoof via download redirect
         * CVE-2019-5876: Use-after-free in media
         * CVE-2019-5877: Out-of-bounds access in V8
         * CVE-2019-5878: Use-after-free in V8
         * CVE-2019-5879: Extension can bypass same origin policy
         * CVE-2019-5880: SameSite cookie bypass
         * CVE-2019-5881: Arbitrary read in SwiftShader
         * CVE-2019-13659: URL spoof
         * CVE-2019-13660: Full screen notification overlap
         * CVE-2019-13661: Full screen notification spoof
         * CVE-2019-13662: CSP bypass
         * CVE-2019-13663: IDN spoof
         * CVE-2019-13664: CSRF bypass
         * CVE-2019-13665: Multiple file download protection bypass
         * CVE-2019-13666: Side channel using storage size estimate
         * CVE-2019-13667: URI bar spoof when using external app URIs
         * CVE-2019-13668: Global window leak via console
         * CVE-2019-13669: HTTP authentication spoof
         * CVE-2019-13670: V8 memory corruption in regex
         * CVE-2019-13671: Dialog box fails to show origin
         * CVE-2019-13673: Cross-origin information leak using devtools
         * CVE-2019-13674: IDN spoofing
         * CVE-2019-13675: Extensions can be disabled by trailing slash
         * CVE-2019-13676: Google URI shown for certificate warning
         * CVE-2019-13677: Chrome web store origin needs to be isolated
         * CVE-2019-13678: Download dialog spoofing
         * CVE-2019-13679: User gesture needed for printing
         * CVE-2019-13680: IP address spoofing to servers
         * CVE-2019-13681: Bypass on download restrictions
         * CVE-2019-13682: Site isolation bypass
         * CVE-2019-13683: Exceptions leaked by devtools
         * CVE-2019-5869: Use-after-free in Blink
         * CVE-2019-5868: Use-after-free in PDFium ExecuteFieldAction
         * CVE-2019-5867: Out-of-bounds read in V8
         * CVE-2019-5850: Use-after-free in offline page fetcher
         * CVE-2019-5860: Use-after-free in PDFium
         * CVE-2019-5853: Memory corruption in regexp length check
         * CVE-2019-5851: Use-after-poison in offline audio context
         * CVE-2019-5859: res: URIs can load alternative browsers
         * CVE-2019-5856: Insufficient checks on filesystem: URI permissions
         * CVE-2019-5855: Integer overflow in PDFium
         * CVE-2019-5865: Site isolation bypass from compromised renderer
         * CVE-2019-5858: Insufficient filtering of Open URL service parameters
         * CVE-2019-5864: Insufficient port filtering in CORS for extensions
         * CVE-2019-5862: AppCache not robust to compromised renderers
         * CVE-2019-5861: Click location incorrectly checked
         * CVE-2019-5857: Comparison of -0 and null yields crash
         * CVE-2019-5854: Integer overflow in PDFium text rendering
         * CVE-2019-5852: Object leak of utility functions
    
    
    Patch Instructions:
    
       To install this openSUSE Security Update use the SUSE recommended installation methods
       like YaST online_update or "zypper patch".
    
       Alternatively you can run the command listed for your product:
    
       - SUSE Package Hub for SUSE Linux Enterprise 12:
    
          zypper in -t patch openSUSE-2019-2447=1
    
    
    
    Package List:
    
       - SUSE Package Hub for SUSE Linux Enterprise 12 (aarch64 x86_64):
    
          chromedriver-78.0.3904.87-10.1
          chromium-78.0.3904.87-10.1
    
    
    References:
    
       https://www.suse.com/security/cve/CVE-2019-13659.html
       https://www.suse.com/security/cve/CVE-2019-13660.html
       https://www.suse.com/security/cve/CVE-2019-13661.html
       https://www.suse.com/security/cve/CVE-2019-13662.html
       https://www.suse.com/security/cve/CVE-2019-13663.html
       https://www.suse.com/security/cve/CVE-2019-13664.html
       https://www.suse.com/security/cve/CVE-2019-13665.html
       https://www.suse.com/security/cve/CVE-2019-13666.html
       https://www.suse.com/security/cve/CVE-2019-13667.html
       https://www.suse.com/security/cve/CVE-2019-13668.html
       https://www.suse.com/security/cve/CVE-2019-13669.html
       https://www.suse.com/security/cve/CVE-2019-13670.html
       https://www.suse.com/security/cve/CVE-2019-13671.html
       https://www.suse.com/security/cve/CVE-2019-13673.html
       https://www.suse.com/security/cve/CVE-2019-13674.html
       https://www.suse.com/security/cve/CVE-2019-13675.html
       https://www.suse.com/security/cve/CVE-2019-13676.html
       https://www.suse.com/security/cve/CVE-2019-13677.html
       https://www.suse.com/security/cve/CVE-2019-13678.html
       https://www.suse.com/security/cve/CVE-2019-13679.html
       https://www.suse.com/security/cve/CVE-2019-13680.html
       https://www.suse.com/security/cve/CVE-2019-13681.html
       https://www.suse.com/security/cve/CVE-2019-13682.html
       https://www.suse.com/security/cve/CVE-2019-13683.html
       https://www.suse.com/security/cve/CVE-2019-13685.html
       https://www.suse.com/security/cve/CVE-2019-13686.html
       https://www.suse.com/security/cve/CVE-2019-13687.html
       https://www.suse.com/security/cve/CVE-2019-13688.html
       https://www.suse.com/security/cve/CVE-2019-13693.html
       https://www.suse.com/security/cve/CVE-2019-13694.html
       https://www.suse.com/security/cve/CVE-2019-13695.html
       https://www.suse.com/security/cve/CVE-2019-13696.html
       https://www.suse.com/security/cve/CVE-2019-13697.html
       https://www.suse.com/security/cve/CVE-2019-13699.html
       https://www.suse.com/security/cve/CVE-2019-13700.html
       https://www.suse.com/security/cve/CVE-2019-13701.html
       https://www.suse.com/security/cve/CVE-2019-13702.html
       https://www.suse.com/security/cve/CVE-2019-13703.html
       https://www.suse.com/security/cve/CVE-2019-13704.html
       https://www.suse.com/security/cve/CVE-2019-13705.html
       https://www.suse.com/security/cve/CVE-2019-13706.html
       https://www.suse.com/security/cve/CVE-2019-13707.html
       https://www.suse.com/security/cve/CVE-2019-13708.html
       https://www.suse.com/security/cve/CVE-2019-13709.html
       https://www.suse.com/security/cve/CVE-2019-13710.html
       https://www.suse.com/security/cve/CVE-2019-13711.html
       https://www.suse.com/security/cve/CVE-2019-13713.html
       https://www.suse.com/security/cve/CVE-2019-13714.html
       https://www.suse.com/security/cve/CVE-2019-13715.html
       https://www.suse.com/security/cve/CVE-2019-13716.html
       https://www.suse.com/security/cve/CVE-2019-13717.html
       https://www.suse.com/security/cve/CVE-2019-13718.html
       https://www.suse.com/security/cve/CVE-2019-13719.html
       https://www.suse.com/security/cve/CVE-2019-13720.html
       https://www.suse.com/security/cve/CVE-2019-13721.html
       https://www.suse.com/security/cve/CVE-2019-15903.html
       https://www.suse.com/security/cve/CVE-2019-5850.html
       https://www.suse.com/security/cve/CVE-2019-5851.html
       https://www.suse.com/security/cve/CVE-2019-5852.html
       https://www.suse.com/security/cve/CVE-2019-5853.html
       https://www.suse.com/security/cve/CVE-2019-5854.html
       https://www.suse.com/security/cve/CVE-2019-5855.html
       https://www.suse.com/security/cve/CVE-2019-5856.html
       https://www.suse.com/security/cve/CVE-2019-5857.html
       https://www.suse.com/security/cve/CVE-2019-5858.html
       https://www.suse.com/security/cve/CVE-2019-5859.html
       https://www.suse.com/security/cve/CVE-2019-5860.html
       https://www.suse.com/security/cve/CVE-2019-5861.html
       https://www.suse.com/security/cve/CVE-2019-5862.html
       https://www.suse.com/security/cve/CVE-2019-5863.html
       https://www.suse.com/security/cve/CVE-2019-5864.html
       https://www.suse.com/security/cve/CVE-2019-5865.html
       https://www.suse.com/security/cve/CVE-2019-5867.html
       https://www.suse.com/security/cve/CVE-2019-5868.html
       https://www.suse.com/security/cve/CVE-2019-5869.html
       https://www.suse.com/security/cve/CVE-2019-5870.html
       https://www.suse.com/security/cve/CVE-2019-5871.html
       https://www.suse.com/security/cve/CVE-2019-5872.html
       https://www.suse.com/security/cve/CVE-2019-5874.html
       https://www.suse.com/security/cve/CVE-2019-5875.html
       https://www.suse.com/security/cve/CVE-2019-5876.html
       https://www.suse.com/security/cve/CVE-2019-5877.html
       https://www.suse.com/security/cve/CVE-2019-5878.html
       https://www.suse.com/security/cve/CVE-2019-5879.html
       https://www.suse.com/security/cve/CVE-2019-5880.html
       https://www.suse.com/security/cve/CVE-2019-5881.html
       https://bugzilla.suse.com/1143492
       https://bugzilla.suse.com/1144625
       https://bugzilla.suse.com/1145242
       https://bugzilla.suse.com/1146219
       https://bugzilla.suse.com/1149143
       https://bugzilla.suse.com/1150425
       https://bugzilla.suse.com/1151229
       https://bugzilla.suse.com/1153660
       https://bugzilla.suse.com/1154806
       https://bugzilla.suse.com/1155643
    
    -- 
    

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"39","type":"x","order":"1","pct":50.65,"resources":[]},{"id":"88","title":"Should be more technical","votes":"11","type":"x","order":"2","pct":14.29,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"27","type":"x","order":"3","pct":35.06,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.