Linux Security
    Linux Security
    Linux Security

    openSUSE: 2020:2055-1 important: chromium

    Date 26 Nov 2020
    63
    Posted By LinuxSecurity Advisories
    An update that fixes 23 vulnerabilities is now available.
       openSUSE Security Update: Security update for chromium
    ______________________________________________________________________________
    
    Announcement ID:    openSUSE-SU-2020:2055-1
    Rating:             important
    References:         #1178923 
    Cross-References:   CVE-2019-8075 CVE-2020-16012 CVE-2020-16014
                        CVE-2020-16015 CVE-2020-16018 CVE-2020-16019
                        CVE-2020-16020 CVE-2020-16021 CVE-2020-16022
                        CVE-2020-16023 CVE-2020-16024 CVE-2020-16025
                        CVE-2020-16026 CVE-2020-16027 CVE-2020-16028
                        CVE-2020-16029 CVE-2020-16030 CVE-2020-16031
                        CVE-2020-16032 CVE-2020-16033 CVE-2020-16034
                        CVE-2020-16035 CVE-2020-16036
    Affected Products:
                        openSUSE Backports SLE-15-SP1
    ______________________________________________________________________________
    
       An update that fixes 23 vulnerabilities is now available.
    
    Description:
    
       This update for chromium fixes the following issues:
    
       - Update to 87.0.4280.66 (boo#1178923)
         - Wayland support by default
         - CVE-2020-16018: Use after free in payments.
         - CVE-2020-16019: Inappropriate implementation in filesystem.
         - CVE-2020-16020: Inappropriate implementation in cryptohome.
         - CVE-2020-16021: Race in ImageBurner.
         - CVE-2020-16022: Insufficient policy enforcement in networking.
         - CVE-2020-16015: Insufficient data validation in WASM. R
         - CVE-2020-16014: Use after free in PPAPI.
         - CVE-2020-16023: Use after free in WebCodecs.
         - CVE-2020-16024: Heap buffer overflow in UI.
         - CVE-2020-16025: Heap buffer overflow in clipboard.
         - CVE-2020-16026: Use after free in WebRTC.
         - CVE-2020-16027: Insufficient policy enforcement in developer tools. R
         - CVE-2020-16028: Heap buffer overflow in WebRTC.
         - CVE-2020-16029: Inappropriate implementation in PDFium.
         - CVE-2020-16030: Insufficient data validation in Blink.
         - CVE-2019-8075: Insufficient data validation in Flash.
         - CVE-2020-16031: Incorrect security UI in tab preview.
         - CVE-2020-16032: Incorrect security UI in sharing.
         - CVE-2020-16033: Incorrect security UI in WebUSB.
         - CVE-2020-16034: Inappropriate implementation in WebRTC.
         - CVE-2020-16035: Insufficient data validation in cros-disks.
         - CVE-2020-16012: Side-channel information leakage in graphics.
         - CVE-2020-16036: Inappropriate implementation in cookies.
    
       This update was imported from the openSUSE:Leap:15.1:Update update project.
    
    
    Patch Instructions:
    
       To install this openSUSE Security Update use the SUSE recommended installation methods
       like YaST online_update or "zypper patch".
    
       Alternatively you can run the command listed for your product:
    
       - openSUSE Backports SLE-15-SP1:
    
          zypper in -t patch openSUSE-2020-2055=1
    
    
    
    Package List:
    
       - openSUSE Backports SLE-15-SP1 (aarch64 x86_64):
    
          chromedriver-87.0.4280.66-bp151.3.137.1
          chromium-87.0.4280.66-bp151.3.137.1
    
    
    References:
    
       https://www.suse.com/security/cve/CVE-2019-8075.html
       https://www.suse.com/security/cve/CVE-2020-16012.html
       https://www.suse.com/security/cve/CVE-2020-16014.html
       https://www.suse.com/security/cve/CVE-2020-16015.html
       https://www.suse.com/security/cve/CVE-2020-16018.html
       https://www.suse.com/security/cve/CVE-2020-16019.html
       https://www.suse.com/security/cve/CVE-2020-16020.html
       https://www.suse.com/security/cve/CVE-2020-16021.html
       https://www.suse.com/security/cve/CVE-2020-16022.html
       https://www.suse.com/security/cve/CVE-2020-16023.html
       https://www.suse.com/security/cve/CVE-2020-16024.html
       https://www.suse.com/security/cve/CVE-2020-16025.html
       https://www.suse.com/security/cve/CVE-2020-16026.html
       https://www.suse.com/security/cve/CVE-2020-16027.html
       https://www.suse.com/security/cve/CVE-2020-16028.html
       https://www.suse.com/security/cve/CVE-2020-16029.html
       https://www.suse.com/security/cve/CVE-2020-16030.html
       https://www.suse.com/security/cve/CVE-2020-16031.html
       https://www.suse.com/security/cve/CVE-2020-16032.html
       https://www.suse.com/security/cve/CVE-2020-16033.html
       https://www.suse.com/security/cve/CVE-2020-16034.html
       https://www.suse.com/security/cve/CVE-2020-16035.html
       https://www.suse.com/security/cve/CVE-2020-16036.html
       https://bugzilla.suse.com/1178923
    _______________________________________________
    openSUSE Security Announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it.
    To unsubscribe, email This email address is being protected from spambots. You need JavaScript enabled to view it.
    List Netiquette: https://en.opensuse.org/openSUSE:Mailing_list_netiquette
    List Archives: https://lists.opensuse.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it.
    

    LinuxSecurity Poll

    'Tis the season of giving! How have you given back to the open-source community?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/49-tis-the-season-of-giving-how-have-you-given-back-to-the-open-source-community?task=poll.vote&format=json
    49
    radio
    [{"id":"171","title":"I've contributed to the development of an open-source project.","votes":"22","type":"x","order":"1","pct":34.92,"resources":[]},{"id":"172","title":"I've reviewed open-source code for security bugs.","votes":"13","type":"x","order":"2","pct":20.63,"resources":[]},{"id":"173","title":"I've made a donation to an open-source project.","votes":"28","type":"x","order":"3","pct":44.44,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.