Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

openSUSE Leap 15.2: openSUSE-SU-2021:0762-1 Important: Heap Overflows

opensuse
Calendar Grey May 22, 2021
Dist Opensuse Esm H88
This important enhancement addresses a variety of concerns in chromium for openSUSE, improving both application safety and performance.
An update that fixes 15 vulnerabilities is now available

Description

This update for chromium fixes the following issues:

(This is a rerelease with aarch64 enabled.)

Chromium 90.0.4430.212 (boo#1185908)

* CVE-2021-30506: Incorrect security UI in Web App Installs

* CVE-2021-30507: Inappropriate implementation in Offline

* CVE-2021-30508: Heap buffer overflow in Media Feeds

* CVE-2021-30509: Out of bounds write in Tab Strip

* CVE-2021-30510: Race in Aura

* CVE-2021-30511: Out of bounds read in Tab Group

* CVE-2021-30512: Use after free in Notifications

* CVE-2021-30513: Type Confusion in V8

* CVE-2021-30514: Use after free in Autofill

* CVE-2021-30515: Use after free in File API

* CVE-2021-30516: Heap buffer overflow in History

* CVE-2021-30517: Type Confusion in V8

* CVE-2021-30518: Heap buffer overflow in Reader Mode

* CVE-2021-30519: Use after free in Payments

* CVE-2021-30520: Use after free in Tab Strip

- FTP support disabled at runtime by default since release 88. Chromium 91

will...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory critical software update patch important heap overflow openSUSE chromium

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.2:

zypper in -t patch openSUSE-2021-762=1

Package List

- openSUSE Leap 15.2 (x86_64):

chromedriver-90.0.4430.212-lp152.2.95.1

chromedriver-debuginfo-90.0.4430.212-lp152.2.95.1

chromium-90.0.4430.212-lp152.2.95.1

chromium-debuginfo-90.0.4430.212-lp152.2.95.1

References

https://www.suse.com/security/cve/CVE-2021-30506.html

https://www.suse.com/security/cve/CVE-2021-30507.html

https://www.suse.com/security/cve/CVE-2021-30508.html

https://www.suse.com/security/cve/CVE-2021-30509.html

https://www.suse.com/security/cve/CVE-2021-30510.html

https://www.suse.com/security/cve/CVE-2021-30511.html

https://www.suse.com/security/cve/CVE-2021-30512.html

https://www.suse.com/security/cve/CVE-2021-30513.html

https://www.suse.com/security/cve/CVE-2021-30514.html

https://www.suse.com/security/cve/CVE-2021-30515.html

https://www.suse.com/security/cve/CVE-2021-30516.html

https://www.suse.com/security/cve/CVE-2021-30517.html

https://www.suse.com/security/cve/CVE-2021-30518.html

https://www.suse.com/security/cve/CVE-2021-30519.html

https://www.suse.com/security/cve/CVE-2021-30520.html

https://bugzilla.suse.com/1185496

https://bugzilla.suse.com/1185716

https://bugzilla.suse.com/1185908

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2021:0762-1
Rating: important
Affected Products: openSUSE Leap 15.2 .

Topics%20covered

Topics Covered

security advisory critical software update patch important heap overflow openSUSE chromium

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here