Alerts This Week
Warning Icon 1 485
Alerts This Week
Warning Icon 1 485

openSUSE Leap 15.2: 2021:0392-1 Important Heap Overflow Fixes

opensuse
Calendar Grey March 8, 2021
Dist Opensuse Esm H88
openSUSE Security Update: Security update for chromium _____________________________________________
An update that fixes 42 vulnerabilities is now available

Description

This update for chromium fixes the following issues:

Update to 89.0.4389.72 (boo#1182358, boo#1182960):

- CVE-2021-21159: Heap buffer overflow in TabStrip.

- CVE-2021-21160: Heap buffer overflow in WebAudio.

- CVE-2021-21161: Heap buffer overflow in TabStrip.

- CVE-2021-21162: Use after free in WebRTC.

- CVE-2021-21163: Insufficient data validation in Reader Mode.

- CVE-2021-21164: Insufficient data validation in Chrome for iOS.

- CVE-2021-21165: Object lifecycle issue in audio.

- CVE-2021-21166: Object lifecycle issue in audio.

- CVE-2021-21167: Use after free in bookmarks.

- CVE-2021-21168: Insufficient policy enforcement in appcache.

- CVE-2021-21169: Out of bounds memory access in V8.

- CVE-2021-21170: Incorrect security UI in Loader.

- CVE-2021-21171: Incorrect security UI in TabStrip and Navigation.

- CVE-2021-21172: Insufficient policy enforcement in File System API.

- CVE-2021-21173: Side-channel information leakage in...

Read the Full Advisory

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.2:

zypper in -t patch openSUSE-2021-392=1

Package List

- openSUSE Leap 15.2 (x86_64):

chromedriver-89.0.4389.72-lp152.2.77.1

chromedriver-debuginfo-89.0.4389.72-lp152.2.77.1

chromium-89.0.4389.72-lp152.2.77.1

chromium-debuginfo-89.0.4389.72-lp152.2.77.1

References

https://www.suse.com/security/cve/CVE-2020-27844.html

https://www.suse.com/security/cve/CVE-2021-21149.html

https://www.suse.com/security/cve/CVE-2021-21150.html

https://www.suse.com/security/cve/CVE-2021-21151.html

https://www.suse.com/security/cve/CVE-2021-21152.html

https://www.suse.com/security/cve/CVE-2021-21153.html

https://www.suse.com/security/cve/CVE-2021-21154.html

https://www.suse.com/security/cve/CVE-2021-21155.html

https://www.suse.com/security/cve/CVE-2021-21156.html

https://www.suse.com/security/cve/CVE-2021-21157.html

https://www.suse.com/security/cve/CVE-2021-21159.html

https://www.suse.com/security/cve/CVE-2021-21160.html

https://www.suse.com/security/cve/CVE-2021-21161.html

https://www.suse.com/security/cve/CVE-2021-21162.html

https://www.suse.com/security/cve/CVE-2021-21163.html

https://www.suse.com/security/cve/CVE-2021-21164.html

https://www.suse.com/security/cve/CVE-2021-21165.html

https://www.suse.com/security/cve/CVE-2021-21166.html

https://www.suse.com/security/cve/CVE-2021-211...

Read the Full Advisory

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2021:0392-1
Rating: important
Affected Products: openSUSE Leap 15.2 .

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here