openSUSE: 2020:0010-1: important: chromium, re2

    Date13 Jan 2020
    Posted ByLinuxSecurity Advisories
    An update that fixes 21 vulnerabilities is now available.
       openSUSE Security Update: Security update for chromium, re2
    Announcement ID:    openSUSE-SU-2020:0010-1
    Rating:             important
    References:         #1154806 
    Cross-References:   CVE-2019-13699 CVE-2019-13700 CVE-2019-13701
                        CVE-2019-13702 CVE-2019-13703 CVE-2019-13704
                        CVE-2019-13705 CVE-2019-13706 CVE-2019-13707
                        CVE-2019-13708 CVE-2019-13709 CVE-2019-13710
                        CVE-2019-13711 CVE-2019-13713 CVE-2019-13714
                        CVE-2019-13715 CVE-2019-13716 CVE-2019-13717
                        CVE-2019-13718 CVE-2019-13719 CVE-2019-15903
    Affected Products:
                        openSUSE Backports SLE-15-SP1
       An update that fixes 21 vulnerabilities is now available.
       This update for chromium, re2 fixes the following issues:
       Chromium was updated to 78.0.3904.70 boo#1154806:
       * CVE-2019-13699: Use-after-free in media
       * CVE-2019-13700: Buffer overrun in Blink
       * CVE-2019-13701: URL spoof in navigation
       * CVE-2019-13702: Privilege elevation in Installer
       * CVE-2019-13703: URL bar spoofing
       * CVE-2019-13704: CSP bypass
       * CVE-2019-13705: Extension permission bypass
       * CVE-2019-13706: Out-of-bounds read in PDFium
       * CVE-2019-13707: File storage disclosure
       * CVE-2019-13708: HTTP authentication spoof
       * CVE-2019-13709: File download protection bypass
       * CVE-2019-13710: File download protection bypass
       * CVE-2019-13711: Cross-context information leak
       * CVE-2019-15903: Buffer overflow in expat
       * CVE-2019-13713: Cross-origin data leak
       * CVE-2019-13714: CSS injection
       * CVE-2019-13715: Address bar spoofing
       * CVE-2019-13716: Service worker state error
       * CVE-2019-13717: Notification obscured
       * CVE-2019-13718: IDN spoof
       * CVE-2019-13719: Notification obscured
       * Various fixes from internal audits, fuzzing and other initiatives
       - Use internal resources for icon and appdata
       This update was imported from the openSUSE:Leap:15.0:Update update project.
    Patch Instructions:
       To install this openSUSE Security Update use the SUSE recommended installation methods
       like YaST online_update or "zypper patch".
       Alternatively you can run the command listed for your product:
       - openSUSE Backports SLE-15-SP1:
          zypper in -t patch openSUSE-2020-10=1
    Package List:
       - openSUSE Backports SLE-15-SP1 (aarch64 ppc64le s390x x86_64):
       - openSUSE Backports SLE-15-SP1 (aarch64 x86_64):
       - openSUSE Backports SLE-15-SP1 (aarch64_ilp32):
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the LinuxSecurity Privacy news articles?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    [{"id":"90","title":"Love them!","votes":"35","type":"x","order":"1","pct":92.11,"resources":[]},{"id":"91","title":"I'm indifferent","votes":"2","type":"x","order":"2","pct":5.26,"resources":[]},{"id":"92","title":"Not interested in this topic","votes":"1","type":"x","order":"3","pct":2.63,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.