openSUSE: 2020:2010-1 important: chromium

Date 24 Nov 2020

Category openSUSE Linux Distribution - Security Advisories

1839

Posted By LinuxSecurity Advisories

An update that fixes 23 vulnerabilities is now available.

   openSUSE Security Update: Security update for chromium
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2020:2010-1
Rating:             important
References:         #1178923 
Cross-References:   CVE-2019-8075 CVE-2020-16012 CVE-2020-16014
                    CVE-2020-16015 CVE-2020-16018 CVE-2020-16019
                    CVE-2020-16020 CVE-2020-16021 CVE-2020-16022
                    CVE-2020-16023 CVE-2020-16024 CVE-2020-16025
                    CVE-2020-16026 CVE-2020-16027 CVE-2020-16028
                    CVE-2020-16029 CVE-2020-16030 CVE-2020-16031
                    CVE-2020-16032 CVE-2020-16033 CVE-2020-16034
                    CVE-2020-16035 CVE-2020-16036
Affected Products:
                    openSUSE Backports SLE-15-SP1
______________________________________________________________________________

   An update that fixes 23 vulnerabilities is now available.

Description:

   This update for chromium fixes the following issues:

   - Update to 87.0.4280.66 (boo#1178923)
     - Wayland support by default
     - CVE-2020-16018: Use after free in payments.
     - CVE-2020-16019: Inappropriate implementation in filesystem.
     - CVE-2020-16020: Inappropriate implementation in cryptohome.
     - CVE-2020-16021: Race in ImageBurner.
     - CVE-2020-16022: Insufficient policy enforcement in networking.
     - CVE-2020-16015: Insufficient data validation in WASM. R
     - CVE-2020-16014: Use after free in PPAPI.
     - CVE-2020-16023: Use after free in WebCodecs.
     - CVE-2020-16024: Heap buffer overflow in UI.
     - CVE-2020-16025: Heap buffer overflow in clipboard.
     - CVE-2020-16026: Use after free in WebRTC.
     - CVE-2020-16027: Insufficient policy enforcement in developer tools. R
     - CVE-2020-16028: Heap buffer overflow in WebRTC.
     - CVE-2020-16029: Inappropriate implementation in PDFium.
     - CVE-2020-16030: Insufficient data validation in Blink.
     - CVE-2019-8075: Insufficient data validation in Flash.
     - CVE-2020-16031: Incorrect security UI in tab preview.
     - CVE-2020-16032: Incorrect security UI in sharing.
     - CVE-2020-16033: Incorrect security UI in WebUSB.
     - CVE-2020-16034: Inappropriate implementation in WebRTC.
     - CVE-2020-16035: Insufficient data validation in cros-disks.
     - CVE-2020-16012: Side-channel information leakage in graphics.
     - CVE-2020-16036: Inappropriate implementation in cookies.


Patch Instructions:

   To install this openSUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - openSUSE Backports SLE-15-SP1:

      zypper in -t patch openSUSE-2020-2010=1



Package List:

   - openSUSE Backports SLE-15-SP1 (aarch64 x86_64):

      chromedriver-87.0.4280.66-bp151.3.131.1
      chromium-87.0.4280.66-bp151.3.131.1


References:

   https://www.suse.com/security/cve/CVE-2019-8075.html
   https://www.suse.com/security/cve/CVE-2020-16012.html
   https://www.suse.com/security/cve/CVE-2020-16014.html
   https://www.suse.com/security/cve/CVE-2020-16015.html
   https://www.suse.com/security/cve/CVE-2020-16018.html
   https://www.suse.com/security/cve/CVE-2020-16019.html
   https://www.suse.com/security/cve/CVE-2020-16020.html
   https://www.suse.com/security/cve/CVE-2020-16021.html
   https://www.suse.com/security/cve/CVE-2020-16022.html
   https://www.suse.com/security/cve/CVE-2020-16023.html
   https://www.suse.com/security/cve/CVE-2020-16024.html
   https://www.suse.com/security/cve/CVE-2020-16025.html
   https://www.suse.com/security/cve/CVE-2020-16026.html
   https://www.suse.com/security/cve/CVE-2020-16027.html
   https://www.suse.com/security/cve/CVE-2020-16028.html
   https://www.suse.com/security/cve/CVE-2020-16029.html
   https://www.suse.com/security/cve/CVE-2020-16030.html
   https://www.suse.com/security/cve/CVE-2020-16031.html
   https://www.suse.com/security/cve/CVE-2020-16032.html
   https://www.suse.com/security/cve/CVE-2020-16033.html
   https://www.suse.com/security/cve/CVE-2020-16034.html
   https://www.suse.com/security/cve/CVE-2020-16035.html
   https://www.suse.com/security/cve/CVE-2020-16036.html
   https://bugzilla.suse.com/1178923
_______________________________________________
openSUSE Security Announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it.
To unsubscribe, email This email address is being protected from spambots. You need JavaScript enabled to view it.
List Netiquette: https://en.opensuse.org/openSUSE:Mailing_list_netiquette
List Archives: https://lists.opensuse.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it.