Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

openSUSE Leap 15.1 & 15.2 Important: Chromium Security Fix

opensuse
Calendar Grey November 5, 2020
Dist Opensuse Esm H88
Addresses significant vulnerabilities in Chromium for openSUSE, with crucial security patches set to be launched shortly.
An update that fixes 7 vulnerabilities is now available.

Description

This update for chromium fixes the following issues:

- Update to 86.0.4240.183 boo#1178375

- CVE-2020-16004: Use after free in user interface.

- CVE-2020-16005: Insufficient policy enforcement in ANGLE.

- CVE-2020-16006: Inappropriate implementation in V8

- CVE-2020-16007: Insufficient data validation in installer.

- CVE-2020-16008: Stack buffer overflow in WebRTC.

- CVE-2020-16009: Inappropriate implementation in V8.

- CVE-2020-16011: Heap buffer overflow in UI on Windows.

Topics%20covered

Topics Covered

security advisory buffer overflow important web security installer issue chromium openSUSE Leap

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.2:

zypper in -t patch openSUSE-2020-1831=1

- openSUSE Leap 15.1:

zypper in -t patch openSUSE-2020-1831=1

- openSUSE Backports SLE-15-SP1:

zypper in -t patch openSUSE-2020-1831=1

Package List

- openSUSE Leap 15.2 (x86_64):

chromedriver-86.0.4240.183-lp152.2.45.1

chromedriver-debuginfo-86.0.4240.183-lp152.2.45.1

chromium-86.0.4240.183-lp152.2.45.1

chromium-debuginfo-86.0.4240.183-lp152.2.45.1

- openSUSE Leap 15.1 (x86_64):

chromedriver-86.0.4240.183-lp151.2.150.1

chromedriver-debuginfo-86.0.4240.183-lp151.2.150.1

chromium-86.0.4240.183-lp151.2.150.1

chromium-debuginfo-86.0.4240.183-lp151.2.150.1

- openSUSE Backports SLE-15-SP1 (aarch64 x86_64):

chromedriver-86.0.4240.183-bp151.3.119.1

chromium-86.0.4240.183-bp151.3.119.1

References

https://www.suse.com/security/cve/CVE-2020-16004.html

https://www.suse.com/security/cve/CVE-2020-16005.html

https://www.suse.com/security/cve/CVE-2020-16006.html

https://www.suse.com/security/cve/CVE-2020-16007.html

https://www.suse.com/security/cve/CVE-2020-16008.html

https://www.suse.com/security/cve/CVE-2020-16009.html

https://www.suse.com/security/cve/CVE-2020-16011.html

https://bugzilla.suse.com/1178375

--

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2020:1831-1
Rating: important
Affected Products: openSUSE Leap 15.2 openSUSE Leap 15.1 openSUSE Backports SLE-15-SP1

Topics%20covered

Topics Covered

security advisory buffer overflow important web security installer issue chromium openSUSE Leap

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here