Alerts This Week
Warning Icon 1 933
Alerts This Week
Warning Icon 1 933

openSUSE: 2020:0604-1 Important: Chromium Threat Mitigation

opensuse
Calendar Grey May 3, 2020
Dist Opensuse Esm H88
openSUSE introduces a critical update for Firefox addressing several vulnerabilities such as buffer overflow and input sanitization.
An update that fixes 5 vulnerabilities is now available.

Description

This update for chromium fixes the following issues:

Chromium was updated to 81.0.4044.129 (boo#1170107):

- CVE-2020-0561: Fixed a use after free in storage

- CVE-2020-6462: Fixed a use after free in task scheduling

- CVE-2020-6459: Fixed a use after free in payments

- CVE-2020-6460: Fixed an insufficient data validation in URL formatting

- CVE-2020-6458: Fixed an out of bounds read and write in PDFium

Topics%20covered

Topics Covered

security advisory important threat fix openSUSE data validation chromium use after free

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.1:

zypper in -t patch openSUSE-2020-604=1

- openSUSE Backports SLE-15-SP1:

zypper in -t patch openSUSE-2020-604=1

Package List

- openSUSE Leap 15.1 (x86_64):

chromedriver-81.0.4044.129-lp151.2.85.1

chromedriver-debuginfo-81.0.4044.129-lp151.2.85.1

chromium-81.0.4044.129-lp151.2.85.1

chromium-debuginfo-81.0.4044.129-lp151.2.85.1

chromium-debugsource-81.0.4044.129-lp151.2.85.1

- openSUSE Backports SLE-15-SP1 (x86_64):

chromedriver-81.0.4044.129-bp151.3.75.1

chromedriver-debuginfo-81.0.4044.129-bp151.3.75.1

chromium-81.0.4044.129-bp151.3.75.1

chromium-debuginfo-81.0.4044.129-bp151.3.75.1

chromium-debugsource-81.0.4044.129-bp151.3.75.1

References

https://www.suse.com/security/cve/CVE-2020-0561.html

https://www.suse.com/security/cve/CVE-2020-6458.html

https://www.suse.com/security/cve/CVE-2020-6459.html

https://www.suse.com/security/cve/CVE-2020-6460.html

https://www.suse.com/security/cve/CVE-2020-6462.html

https://bugzilla.suse.com/1170107

--

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2020:0604-1
Rating: important
Affected Products: openSUSE Leap 15.1 openSUSE Backports SLE-15-SP1

Topics%20covered

Topics Covered

security advisory important threat fix openSUSE data validation chromium use after free

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here