openSUSE: 2020:1829-1: important: chromium, gn
Description
This update for chromium, gn fixes the following issues: chromium was updated to 86.0.4240.183 boo#1178375 - CVE-2020-16004: Use after free in user interface. - CVE-2020-16005: Insufficient policy enforcement in ANGLE. - CVE-2020-16006: Inappropriate implementation in V8 - CVE-2020-16007: Insufficient data validation in installer. - CVE-2020-16008: Stack buffer overflow in WebRTC. - CVE-2020-16009: Inappropriate implementation in V8. - CVE-2020-16011: Heap buffer overflow in UI on Windows. Update to 86.0.4240.111 boo#1177936 - CVE-2020-16000: Inappropriate implementation in Blink. - CVE-2020-16001: Use after free in media. - CVE-2020-16002: Use after free in PDFium. - CVE-2020-15999: Heap buffer overflow in Freetype. - CVE-2020-16003: Use after free in printing. - chromium-86-f_seal.patch: F_SEAL* definitions added for leap 15.1 and 15.2 - Remove vdpau->vaapi bridge as it breaks a lot: (fixes welcome by someone else than me) - Fix cookiemonster: Update to 86.0.4240.75 boo#1177408: * CVE-2020-15967: Use after free in payments. * CVE-2020-15968: Use after free in Blink. * CVE-2020-15969: Use after free in WebRTC. * CVE-2020-15970: Use after free in NFC. * CVE-2020-15971: Use after free in printing. * CVE-2020-15972: Use after free in audio. * CVE-2020-15990: Use after free in autofill. * CVE-2020-15991: Use after free in password manager. * CVE-2020-15973: Insufficient policy enforcement in extensions. * CVE-2020-15974: Integer overflow in Blink. * CVE-2020-15975: Integer overflow in SwiftShader. * CVE-2020-15976: Use after free in WebXR. * CVE-2020-6557: Inappropriate implementation in networking. * CVE-2020-15977: Insufficient data validation in dialogs. * CVE-2020-15978: Insufficient data validation in navigation. * CVE-2020-15979: Inappropriate implementation in V8. * CVE-2020-15980: Insufficient policy enforcement in Intents. * CVE-2020-15981: Out of bounds read in audio. * CVE-2020-15982: Side-channel information leakage in cache. * CVE-2020-15983: Insufficient data validation in webUI. * CVE-2020-15984: Insufficient policy enforcement in Omnibox. * CVE-2020-15985: Inappropriate implementation in Blink. * CVE-2020-15986: Integer overflow in media. * CVE-2020-15987: Use after free in WebRTC. * CVE-2020-15992: Insufficient policy enforcement in networking. * CVE-2020-15988: Insufficient policy enforcement in downloads. * CVE-2020-15989: Uninitialized Use in PDFium. - Update to 0.1807: * no upstream changelog
Patch
Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP2: zypper in -t patch openSUSE-2020-1829=1
Package List
- openSUSE Backports SLE-15-SP2 (aarch64 ppc64le s390x x86_64): gn-0.1807-bp152.2.3.4 gn-debuginfo-0.1807-bp152.2.3.4 gn-debugsource-0.1807-bp152.2.3.4 - openSUSE Backports SLE-15-SP2 (aarch64 x86_64): chromedriver-86.0.4240.183-bp152.2.26.1 chromium-86.0.4240.183-bp152.2.26.1
References
https://www.suse.com/security/cve/CVE-2020-15967.html https://www.suse.com/security/cve/CVE-2020-15968.html https://www.suse.com/security/cve/CVE-2020-15969.html https://www.suse.com/security/cve/CVE-2020-15970.html https://www.suse.com/security/cve/CVE-2020-15971.html https://www.suse.com/security/cve/CVE-2020-15972.html https://www.suse.com/security/cve/CVE-2020-15973.html https://www.suse.com/security/cve/CVE-2020-15974.html https://www.suse.com/security/cve/CVE-2020-15975.html https://www.suse.com/security/cve/CVE-2020-15976.html https://www.suse.com/security/cve/CVE-2020-15977.html https://www.suse.com/security/cve/CVE-2020-15978.html https://www.suse.com/security/cve/CVE-2020-15979.html https://www.suse.com/security/cve/CVE-2020-15980.html https://www.suse.com/security/cve/CVE-2020-15981.html https://www.suse.com/security/cve/CVE-2020-15982.html https://www.suse.com/security/cve/CVE-2020-15983.html https://www.suse.com/security/cve/CVE-2020-15984.html https://www.suse.com/security/cve/CVE-2020-15985.html https://www.suse.com/security/cve/CVE-2020-15986.html https://www.suse.com/security/cve/CVE-2020-15987.html https://www.suse.com/security/cve/CVE-2020-15988.html https://www.suse.com/security/cve/CVE-2020-15989.html https://www.suse.com/security/cve/CVE-2020-15990.html https://www.suse.com/security/cve/CVE-2020-15991.html https://www.suse.com/security/cve/CVE-2020-15992.html https://www.suse.com/security/cve/CVE-2020-15999.html https://www.suse.com/security/cve/CVE-2020-16000.html https://www.suse.com/security/cve/CVE-2020-16001.html https://www.suse.com/security/cve/CVE-2020-16002.html https://www.suse.com/security/cve/CVE-2020-16003.html https://www.suse.com/security/cve/CVE-2020-16004.html https://www.suse.com/security/cve/CVE-2020-16005.html https://www.suse.com/security/cve/CVE-2020-16006.html https://www.suse.com/security/cve/CVE-2020-16007.html https://www.suse.com/security/cve/CVE-2020-16008.html https://www.suse.com/security/cve/CVE-2020-16009.html https://www.suse.com/security/cve/CVE-2020-16011.html https://www.suse.com/security/cve/CVE-2020-6557.html https://bugzilla.suse.com/1177408 https://bugzilla.suse.com/1177936 https://bugzilla.suse.com/1178375--