openSUSE: 2022:10120-1 important: chromium | LinuxSecurity.com

   openSUSE Security Update: Security update for chromium
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2022:10120-1
Rating:             important
References:         #1202403 #1202964 #1203102 
Cross-References:   CVE-2022-3038 CVE-2022-3039 CVE-2022-3040
                    CVE-2022-3041 CVE-2022-3042 CVE-2022-3043
                    CVE-2022-3044 CVE-2022-3045 CVE-2022-3046
                    CVE-2022-3047 CVE-2022-3048 CVE-2022-3049
                    CVE-2022-3050 CVE-2022-3051 CVE-2022-3052
                    CVE-2022-3053 CVE-2022-3054 CVE-2022-3055
                    CVE-2022-3056 CVE-2022-3057 CVE-2022-3058
                    CVE-2022-3071 CVE-2022-3075
Affected Products:
                    openSUSE Backports SLE-15-SP3
______________________________________________________________________________

   An update that fixes 23 vulnerabilities is now available.

Description:

   This update for chromium fixes the following issues:

   Chromium 105.0.5195.102 (boo#1203102):

   * CVE-2022-3075: Insufficient data validation in Mojo

   Chromium 105.0.5195.52 (boo#1202964):

   * CVE-2022-3038: Use after free in Network Service
   * CVE-2022-3039: Use after free in WebSQL
   * CVE-2022-3040: Use after free in Layout
   * CVE-2022-3041: Use after free in WebSQL
   * CVE-2022-3042: Use after free in PhoneHub
   * CVE-2022-3043: Heap buffer overflow in Screen Capture
   * CVE-2022-3044: Inappropriate implementation in Site Isolation
   * CVE-2022-3045: Insufficient validation of untrusted input in V8
   * CVE-2022-3046: Use after free in Browser Tag
   * CVE-2022-3071: Use after free in Tab Strip
   * CVE-2022-3047: Insufficient policy enforcement in Extensions API
   * CVE-2022-3048: Inappropriate implementation in Chrome OS lockscreen
   * CVE-2022-3049: Use after free in SplitScreen
   * CVE-2022-3050: Heap buffer overflow in WebUI
   * CVE-2022-3051: Heap buffer overflow in Exosphere
   * CVE-2022-3052: Heap buffer overflow in Window Manager
   * CVE-2022-3053: Inappropriate implementation in Pointer Lock
   * CVE-2022-3054: Insufficient policy enforcement in DevTools
   * CVE-2022-3055: Use after free in Passwords
   * CVE-2022-3056: Insufficient policy enforcement in Content Security Policy
   * CVE-2022-3057: Inappropriate implementation in iframe Sandbox
   * CVE-2022-3058: Use after free in Sign-In Flow

   - Update chromium-symbolic.svg: this fixes boo#1202403.
   - Fix quoting in chrome-wrapper, don't put cwd on LD_LIBRARY_PATH


Patch Instructions:

   To install this openSUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - openSUSE Backports SLE-15-SP3:

      zypper in -t patch openSUSE-2022-10120=1



Package List:

   - openSUSE Backports SLE-15-SP3 (aarch64 x86_64):

      chromedriver-105.0.5195.102-bp153.2.119.1
      chromium-105.0.5195.102-bp153.2.119.1


References:

   https://www.suse.com/security/cve/CVE-2022-3038.html
   https://www.suse.com/security/cve/CVE-2022-3039.html
   https://www.suse.com/security/cve/CVE-2022-3040.html
   https://www.suse.com/security/cve/CVE-2022-3041.html
   https://www.suse.com/security/cve/CVE-2022-3042.html
   https://www.suse.com/security/cve/CVE-2022-3043.html
   https://www.suse.com/security/cve/CVE-2022-3044.html
   https://www.suse.com/security/cve/CVE-2022-3045.html
   https://www.suse.com/security/cve/CVE-2022-3046.html
   https://www.suse.com/security/cve/CVE-2022-3047.html
   https://www.suse.com/security/cve/CVE-2022-3048.html
   https://www.suse.com/security/cve/CVE-2022-3049.html
   https://www.suse.com/security/cve/CVE-2022-3050.html
   https://www.suse.com/security/cve/CVE-2022-3051.html
   https://www.suse.com/security/cve/CVE-2022-3052.html
   https://www.suse.com/security/cve/CVE-2022-3053.html
   https://www.suse.com/security/cve/CVE-2022-3054.html
   https://www.suse.com/security/cve/CVE-2022-3055.html
   https://www.suse.com/security/cve/CVE-2022-3056.html
   https://www.suse.com/security/cve/CVE-2022-3057.html
   https://www.suse.com/security/cve/CVE-2022-3058.html
   https://www.suse.com/security/cve/CVE-2022-3071.html
   https://www.suse.com/security/cve/CVE-2022-3075.html
   https://bugzilla.suse.com/1202403
   https://bugzilla.suse.com/1202964
   https://bugzilla.suse.com/1203102

openSUSE: 2022:10120-1 important: chromium

September 12, 2022
An update that fixes 23 vulnerabilities is now available

Description

This update for chromium fixes the following issues: Chromium 105.0.5195.102 (boo#1203102): * CVE-2022-3075: Insufficient data validation in Mojo Chromium 105.0.5195.52 (boo#1202964): * CVE-2022-3038: Use after free in Network Service * CVE-2022-3039: Use after free in WebSQL * CVE-2022-3040: Use after free in Layout * CVE-2022-3041: Use after free in WebSQL * CVE-2022-3042: Use after free in PhoneHub * CVE-2022-3043: Heap buffer overflow in Screen Capture * CVE-2022-3044: Inappropriate implementation in Site Isolation * CVE-2022-3045: Insufficient validation of untrusted input in V8 * CVE-2022-3046: Use after free in Browser Tag * CVE-2022-3071: Use after free in Tab Strip * CVE-2022-3047: Insufficient policy enforcement in Extensions API * CVE-2022-3048: Inappropriate implementation in Chrome OS lockscreen * CVE-2022-3049: Use after free in SplitScreen * CVE-2022-3050: Heap buffer overflow in WebUI * CVE-2022-3051: Heap buffer overflow in Exosphere * CVE-2022-3052: Heap buffer overflow in Window Manager * CVE-2022-3053: Inappropriate implementation in Pointer Lock * CVE-2022-3054: Insufficient policy enforcement in DevTools * CVE-2022-3055: Use after free in Passwords * CVE-2022-3056: Insufficient policy enforcement in Content Security Policy * CVE-2022-3057: Inappropriate implementation in iframe Sandbox * CVE-2022-3058: Use after free in Sign-In Flow - Update chromium-symbolic.svg: this fixes boo#1202403. - Fix quoting in chrome-wrapper, don't put cwd on LD_LIBRARY_PATH

 

Patch

To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP3: zypper in -t patch openSUSE-2022-10120=1

Package List

- openSUSE Backports SLE-15-SP3 (aarch64 x86_64): chromedriver-105.0.5195.102-bp153.2.119.1 chromium-105.0.5195.102-bp153.2.119.1

References

https://www.suse.com/security/cve/CVE-2022-3038.html https://www.suse.com/security/cve/CVE-2022-3039.html https://www.suse.com/security/cve/CVE-2022-3040.html https://www.suse.com/security/cve/CVE-2022-3041.html https://www.suse.com/security/cve/CVE-2022-3042.html https://www.suse.com/security/cve/CVE-2022-3043.html https://www.suse.com/security/cve/CVE-2022-3044.html https://www.suse.com/security/cve/CVE-2022-3045.html https://www.suse.com/security/cve/CVE-2022-3046.html https://www.suse.com/security/cve/CVE-2022-3047.html https://www.suse.com/security/cve/CVE-2022-3048.html https://www.suse.com/security/cve/CVE-2022-3049.html https://www.suse.com/security/cve/CVE-2022-3050.html https://www.suse.com/security/cve/CVE-2022-3051.html https://www.suse.com/security/cve/CVE-2022-3052.html https://www.suse.com/security/cve/CVE-2022-3053.html https://www.suse.com/security/cve/CVE-2022-3054.html https://www.suse.com/security/cve/CVE-2022-3055.html https://www.suse.com/security/cve/CVE-2022-3056.html https://www.suse.com/security/cve/CVE-2022-3057.html https://www.suse.com/security/cve/CVE-2022-3058.html https://www.suse.com/security/cve/CVE-2022-3071.html https://www.suse.com/security/cve/CVE-2022-3075.html https://bugzilla.suse.com/1202403 https://bugzilla.suse.com/1202964 https://bugzilla.suse.com/1203102

Severity
Announcement ID: openSUSE-SU-2022:10120-1
Rating: important
Affected Products: openSUSE Backports SLE-15-SP3 .

Related News

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.