openSUSE: 2021:1582-1 Important: Chromium Fix for Multiple Threats
opensuse
December 13, 2021
An update that fixes 36 vulnerabilities is now available
Description
This update for chromium fixes the following issues:
- Ensure newer libs and LLVM is used on Leap (boo#1192310)
- Explicitly BuildRequire python3-six.
Chromium 96.0.4664.93 (boo#1193519):
* CVE-2021-4052: Use after free in web apps
* CVE-2021-4053: Use after free in UI
* CVE-2021-4079: Out of bounds write in WebRTC
* CVE-2021-4054: Incorrect security UI in autofill
* CVE-2021-4078: Type confusion in V8
* CVE-2021-4055: Heap buffer overflow in extensions
* CVE-2021-4056: Type Confusion in loader
* CVE-2021-4057: Use after free in file API
* CVE-2021-4058: Heap buffer overflow in ANGLE
* CVE-2021-4059: Insufficient data validation in loader
* CVE-2021-4061: Type Confusion in V8
* CVE-2021-4062: Heap buffer overflow in BFCache
* CVE-2021-4063: Use after free in developer tools
* CVE-2021-4064: Use after free in screen capture
* CVE-2021-4065: Use after free in autofill
* CVE-2021-4066: Integer underflow in ANGLE
*...
Read the Full Advisory
Patch
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP3:
zypper in -t patch openSUSE-2021-1582=1
Package List
- openSUSE Backports SLE-15-SP3 (x86_64):
chromedriver-96.0.4664.93-bp153.2.45.2
chromedriver-debuginfo-96.0.4664.93-bp153.2.45.2
chromium-96.0.4664.93-bp153.2.45.2
chromium-debuginfo-96.0.4664.93-bp153.2.45.2
References
https://www.suse.com/security/cve/CVE-2021-38005.html
https://www.suse.com/security/cve/CVE-2021-38006.html
https://www.suse.com/security/cve/CVE-2021-38007.html
https://www.suse.com/security/cve/CVE-2021-38008.html
https://www.suse.com/security/cve/CVE-2021-38009.html
https://www.suse.com/security/cve/CVE-2021-38010.html
https://www.suse.com/security/cve/CVE-2021-38011.html
https://www.suse.com/security/cve/CVE-2021-38012.html
https://www.suse.com/security/cve/CVE-2021-38013.html
https://www.suse.com/security/cve/CVE-2021-38014.html
https://www.suse.com/security/cve/CVE-2021-38015.html
https://www.suse.com/security/cve/CVE-2021-38016.html
https://www.suse.com/security/cve/CVE-2021-38017.html
https://www.suse.com/security/cve/CVE-2021-38018.html
https://www.suse.com/security/cve/CVE-2021-38019.html
https://www.suse.com/security/cve/CVE-2021-38020.html
https://www.suse.com/security/cve/CVE-2021-38021.html
https://www.suse.com/security/cve/CVE-2021-38022.html
https://www.suse.com/security/cve/CVE-2021-405...
Read the Full Advisory
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: openSUSE-SU-2021:1582-1
Rating: important
Affected Products:
openSUSE Backports SLE-15-SP3
.
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!