openSUSE: 2020:2010-1 important: chromium.

   openSUSE Security Update: Security update for chromium
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2020:2010-1
Rating:             important
References:         #1178923 
Cross-References:   CVE-2019-8075 CVE-2020-16012 CVE-2020-16014
                    CVE-2020-16015 CVE-2020-16018 CVE-2020-16019
                    CVE-2020-16020 CVE-2020-16021 CVE-2020-16022
                    CVE-2020-16023 CVE-2020-16024 CVE-2020-16025
                    CVE-2020-16026 CVE-2020-16027 CVE-2020-16028
                    CVE-2020-16029 CVE-2020-16030 CVE-2020-16031
                    CVE-2020-16032 CVE-2020-16033 CVE-2020-16034
                    CVE-2020-16035 CVE-2020-16036
Affected Products:
                    openSUSE Backports SLE-15-SP1
______________________________________________________________________________

   An update that fixes 23 vulnerabilities is now available.

Description:

   This update for chromium fixes the following issues:

   - Update to 87.0.4280.66 (boo#1178923)
     - Wayland support by default
     - CVE-2020-16018: Use after free in payments.
     - CVE-2020-16019: Inappropriate implementation in filesystem.
     - CVE-2020-16020: Inappropriate implementation in cryptohome.
     - CVE-2020-16021: Race in ImageBurner.
     - CVE-2020-16022: Insufficient policy enforcement in networking.
     - CVE-2020-16015: Insufficient data validation in WASM. R
     - CVE-2020-16014: Use after free in PPAPI.
     - CVE-2020-16023: Use after free in WebCodecs.
     - CVE-2020-16024: Heap buffer overflow in UI.
     - CVE-2020-16025: Heap buffer overflow in clipboard.
     - CVE-2020-16026: Use after free in WebRTC.
     - CVE-2020-16027: Insufficient policy enforcement in developer tools. R
     - CVE-2020-16028: Heap buffer overflow in WebRTC.
     - CVE-2020-16029: Inappropriate implementation in PDFium.
     - CVE-2020-16030: Insufficient data validation in Blink.
     - CVE-2019-8075: Insufficient data validation in Flash.
     - CVE-2020-16031: Incorrect security UI in tab preview.
     - CVE-2020-16032: Incorrect security UI in sharing.
     - CVE-2020-16033: Incorrect security UI in WebUSB.
     - CVE-2020-16034: Inappropriate implementation in WebRTC.
     - CVE-2020-16035: Insufficient data validation in cros-disks.
     - CVE-2020-16012: Side-channel information leakage in graphics.
     - CVE-2020-16036: Inappropriate implementation in cookies.


Patch Instructions:

   To install this openSUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - openSUSE Backports SLE-15-SP1:

      zypper in -t patch openSUSE-2020-2010=1



Package List:

   - openSUSE Backports SLE-15-SP1 (aarch64 x86_64):

      chromedriver-87.0.4280.66-bp151.3.131.1
      chromium-87.0.4280.66-bp151.3.131.1


References:

   https://www.suse.com/security/cve/CVE-2019-8075.html
   https://www.suse.com/security/cve/CVE-2020-16012.html
   https://www.suse.com/security/cve/CVE-2020-16014.html
   https://www.suse.com/security/cve/CVE-2020-16015.html
   https://www.suse.com/security/cve/CVE-2020-16018.html
   https://www.suse.com/security/cve/CVE-2020-16019.html
   https://www.suse.com/security/cve/CVE-2020-16020.html
   https://www.suse.com/security/cve/CVE-2020-16021.html
   https://www.suse.com/security/cve/CVE-2020-16022.html
   https://www.suse.com/security/cve/CVE-2020-16023.html
   https://www.suse.com/security/cve/CVE-2020-16024.html
   https://www.suse.com/security/cve/CVE-2020-16025.html
   https://www.suse.com/security/cve/CVE-2020-16026.html
   https://www.suse.com/security/cve/CVE-2020-16027.html
   https://www.suse.com/security/cve/CVE-2020-16028.html
   https://www.suse.com/security/cve/CVE-2020-16029.html
   https://www.suse.com/security/cve/CVE-2020-16030.html
   https://www.suse.com/security/cve/CVE-2020-16031.html
   https://www.suse.com/security/cve/CVE-2020-16032.html
   https://www.suse.com/security/cve/CVE-2020-16033.html
   https://www.suse.com/security/cve/CVE-2020-16034.html
   https://www.suse.com/security/cve/CVE-2020-16035.html
   https://www.suse.com/security/cve/CVE-2020-16036.html
   https://bugzilla.suse.com/1178923
_______________________________________________
openSUSE Security Announce mailing list -- [email protected]
To unsubscribe, email [email protected]
List Netiquette: https://en.opensuse.org/openSUSE:Mailing_list_netiquette
List Archives: https://lists.opensuse.org/archives/list/[email protected]

Advisories

What Are You Looking For?

Popular Tags

openSUSE: 2020:2010-1 important: chromium

Description

Patch

Package List

References

Related News

RHEL and CentOS 7 Users Get New Kernel Security Update to Fix Intel Graphics Flaws

Firefox 89.0.1 Released to Improve WebRender Performance, Fix Scrollbars on GTK Themes

Open-source security: Google has a new plan to stop software supply chain attacks

News

Advisories

HOWTOs

Features

Secure Linux Hosting for Businesses

What Is Threat Intelligence?

CloudLinux Simplifies & Enhances Linux Security with its TuxCare Unified Enterprise Support Services

LinuxSecurity, Leading Provider of Linux Security News and Information, Unveils its New Website

Biden’s New Executive Cybersecurity Order Highlights the Power of Open-Source Security

About Us

Powered By

Advisories

What Are You Looking For?

Popular Tags

Sign In

Not a Member Yet?

openSUSE: 2020:2010-1 important: chromium

Description

Patch

Package List

References

Get the Latest News & Insights

Related News

News

Advisories

HOWTOs

Features

About Us

Powered By