Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

openSUSE: 2020:1937-1 Important: Chromium Buffer Overflow and More

opensuse
Calendar Grey November 15, 2020
Dist Opensuse Esm H88
A significant security patch for chromium on openSUSE that tackles various vulnerabilities and essential corrections.
An update that fixes 7 vulnerabilities is now available.

Description

This update for chromium fixes the following issues:

- Update to 86.0.4240.183 boo#1178375

- CVE-2020-16004: Use after free in user interface.

- CVE-2020-16005: Insufficient policy enforcement in ANGLE.

- CVE-2020-16006: Inappropriate implementation in V8

- CVE-2020-16007: Insufficient data validation in installer.

- CVE-2020-16008: Stack buffer overflow in WebRTC.

- CVE-2020-16009: Inappropriate implementation in V8.

- CVE-2020-16011: Heap buffer overflow in UI on Windows.

This update was imported from the openSUSE:Leap:15.1:Update update project.

Topics%20covered

Topics Covered

security advisory buffer overflow important user interface policy enforcement data validation chromium

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP1:

zypper in -t patch openSUSE-2020-1937=1

Package List

- openSUSE Backports SLE-15-SP1 (aarch64 x86_64):

chromedriver-86.0.4240.183-bp151.3.125.1

chromium-86.0.4240.183-bp151.3.125.1

References

https://www.suse.com/security/cve/CVE-2020-16004.html

https://www.suse.com/security/cve/CVE-2020-16005.html

https://www.suse.com/security/cve/CVE-2020-16006.html

https://www.suse.com/security/cve/CVE-2020-16007.html

https://www.suse.com/security/cve/CVE-2020-16008.html

https://www.suse.com/security/cve/CVE-2020-16009.html

https://www.suse.com/security/cve/CVE-2020-16011.html

https://bugzilla.suse.com/1178375

openSUSE Security Announce mailing list -- security-announce@lists.opensuse.org

To unsubscribe, email security-announce-leave@lists.opensuse.org

List Netiquette: https://en.opensuse.org/openSUSE:Mailing_list_netiquette

List Archives:

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2020:1937-1
Rating: important
Affected Products: openSUSE Backports SLE-15-SP1

Topics%20covered

Topics Covered

security advisory buffer overflow important user interface policy enforcement data validation chromium

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here