openSUSE: 2020:2012-1 important: chromium
An update that fixes 23 vulnerabilities is now available.
Description
This update for chromium fixes the following issues: - Update to 87.0.4280.66 (boo#1178923) - Wayland support by default - CVE-2020-16018: Use after free in payments. - CVE-2020-16019: Inappropriate implementation in filesystem. - CVE-2020-16020: Inappropriate implementation in cryptohome. - CVE-2020-16021: Race in ImageBurner. - CVE-2020-16022: Insufficient policy enforcement in networking. - CVE-2020-16015: Insufficient data validation in WASM. R - CVE-2020-16014: Use after free in PPAPI. - CVE-2020-16023: Use after free in WebCodecs. - CVE-2020-16024: Heap buffer overflow in UI. - CVE-2020-16025: Heap buffer overflow in clipboard. - CVE-2020-16026: Use after free in WebRTC. - CVE-2020-16027: Insufficient policy enforcement in developer tools. R - CVE-2020-16028: Heap buffer overflow in WebRTC. - CVE-2020-16029: Inappropriate implementation in PDFium. - CVE-2020-16030: Insufficient data validation in Blink. - CVE-2019-8075: Insufficient data validation in Flash. - CVE-2020-16031: Incorrect security UI in tab preview. - CVE-2020-16032: Incorrect security UI in sharing. - CVE-2020-16033: Incorrect security UI in WebUSB. - CVE-2020-16034: Inappropriate implementation in WebRTC. - CVE-2020-16035: Insufficient data validation in cros-disks. - CVE-2020-16012: Side-channel information leakage in graphics. - CVE-2020-16036: Inappropriate implementation in cookies.
Patch
Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP2: zypper in -t patch openSUSE-2020-2012=1
Package List
- openSUSE Backports SLE-15-SP2 (aarch64 x86_64): chromedriver-87.0.4280.66-bp152.2.32.1 chromium-87.0.4280.66-bp152.2.32.1
References
https://www.suse.com/security/cve/CVE-2019-8075.html https://www.suse.com/security/cve/CVE-2020-16012.html https://www.suse.com/security/cve/CVE-2020-16014.html https://www.suse.com/security/cve/CVE-2020-16015.html https://www.suse.com/security/cve/CVE-2020-16018.html https://www.suse.com/security/cve/CVE-2020-16019.html https://www.suse.com/security/cve/CVE-2020-16020.html https://www.suse.com/security/cve/CVE-2020-16021.html https://www.suse.com/security/cve/CVE-2020-16022.html https://www.suse.com/security/cve/CVE-2020-16023.html https://www.suse.com/security/cve/CVE-2020-16024.html https://www.suse.com/security/cve/CVE-2020-16025.html https://www.suse.com/security/cve/CVE-2020-16026.html https://www.suse.com/security/cve/CVE-2020-16027.html https://www.suse.com/security/cve/CVE-2020-16028.html https://www.suse.com/security/cve/CVE-2020-16029.html https://www.suse.com/security/cve/CVE-2020-16030.html https://www.suse.com/security/cve/CVE-2020-16031.html https://www.suse.com/security/cve/CVE-2020-16032.html https://www.suse.com/security/cve/CVE-2020-16033.html https://www.suse.com/security/cve/CVE-2020-16034.html https://www.suse.com/security/cve/CVE-2020-16035.html https://www.suse.com/security/cve/CVE-2020-16036.html https://bugzilla.suse.com/1178923 openSUSE Security Announce mailing list -- security-announce@lists.opensuse.org To unsubscribe, email security-announce-leave@lists.opensuse.org List Netiquette: https://en.opensuse.org/openSUSE:Mailing_list_netiquette List Archives: https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/
