Alerts This Week
Warning Icon 1 1,109
Alerts This Week
Warning Icon 1 1,109

openSUSE: 2020:1061-1 Important: Chromium Buffer Overflow Threats

opensuse
Calendar Grey July 26, 2020
Dist Opensuse Esm H88
openSUSE Security Update: Security update for chromium _____________________________________________
An update that fixes 26 vulnerabilities is now available.

Description

This update for chromium fixes the following issues:

- Update to 84.0.4147.89 boo#1174189:

* Critical CVE-2020-6510: Heap buffer overflow in background fetch.

* High CVE-2020-6511: Side-channel information leakage in content

security policy.

* High CVE-2020-6512: Type Confusion in V8.

* High CVE-2020-6513: Heap buffer overflow in PDFium.

* High CVE-2020-6514: Inappropriate implementation in WebRTC.

* High CVE-2020-6515: Use after free in tab strip.

* High CVE-2020-6516: Policy bypass in CORS.

* High CVE-2020-6517: Heap buffer overflow in history.

* Medium CVE-2020-6518: Use after free in developer tools.

* Medium CVE-2020-6519: Policy bypass in CSP.

* Medium CVE-2020-6520: Heap buffer overflow in Skia.

* Medium CVE-2020-6521: Side-channel information leakage in autofill.

* Medium CVE-2020-6522: Inappropriate implementation in external

protocol handlers.

* Medium CVE-2020-6523: Out of bounds...

Read the Full Advisory

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP1:

zypper in -t patch openSUSE-2020-1061=1

Package List

- openSUSE Backports SLE-15-SP1 (aarch64 x86_64):

chromedriver-84.0.4147.89-bp151.3.94.1

chromium-84.0.4147.89-bp151.3.94.1

References

https://www.suse.com/security/cve/CVE-2020-6510.html

https://www.suse.com/security/cve/CVE-2020-6511.html

https://www.suse.com/security/cve/CVE-2020-6512.html

https://www.suse.com/security/cve/CVE-2020-6513.html

https://www.suse.com/security/cve/CVE-2020-6514.html

https://www.suse.com/security/cve/CVE-2020-6515.html

https://www.suse.com/security/cve/CVE-2020-6516.html

https://www.suse.com/security/cve/CVE-2020-6517.html

https://www.suse.com/security/cve/CVE-2020-6518.html

https://www.suse.com/security/cve/CVE-2020-6519.html

https://www.suse.com/security/cve/CVE-2020-6520.html

https://www.suse.com/security/cve/CVE-2020-6521.html

https://www.suse.com/security/cve/CVE-2020-6522.html

https://www.suse.com/security/cve/CVE-2020-6523.html

https://www.suse.com/security/cve/CVE-2020-6524.html

https://www.suse.com/security/cve/CVE-2020-6525.html

https://www.suse.com/security/cve/CVE-2020-6526.html

https://www.suse.com/security/cve/CVE-2020-6527.html

https://www.suse.com/security/cve/CVE-2020-6528.html

https://www....

Read the Full Advisory

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2020:1061-1
Rating: important
Affected Products: openSUSE Backports SLE-15-SP1

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here