SUSE 5179 Published by

Updated Chromium packages are available for SUSE Linux Enterprise 12



openSUSE Security Update: Security update for chromium
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:2447-1
Rating: important
References: #1143492 #1144625 #1145242 #1146219 #1149143 #1150425 #1151229 #1153660 #1154806 #1155643
Cross-References: CVE-2019-13659 CVE-2019-13660 CVE-2019-13661 CVE-2019-13662 CVE-2019-13663 CVE-2019-13664 CVE-2019-13665 CVE-2019-13666 CVE-2019-13667 CVE-2019-13668 CVE-2019-13669 CVE-2019-13670 CVE-2019-13671 CVE-2019-13673 CVE-2019-13674 CVE-2019-13675 CVE-2019-13676 CVE-2019-13677 CVE-2019-13678 CVE-2019-13679 CVE-2019-13680 CVE-2019-13681 CVE-2019-13682 CVE-2019-13683 CVE-2019-13685 CVE-2019-13686 CVE-2019-13687 CVE-2019-13688 CVE-2019-13693 CVE-2019-13694 CVE-2019-13695 CVE-2019-13696 CVE-2019-13697 CVE-2019-13699 CVE-2019-13700 CVE-2019-13701 CVE-2019-13702 CVE-2019-13703 CVE-2019-13704 CVE-2019-13705 CVE-2019-13706 CVE-2019-13707 CVE-2019-13708 CVE-2019-13709 CVE-2019-13710 CVE-2019-13711 CVE-2019-13713 CVE-2019-13714 CVE-2019-13715 CVE-2019-13716 CVE-2019-13717 CVE-2019-13718 CVE-2019-13719 CVE-2019-13720 CVE-2019-13721 CVE-2019-15903 CVE-2019-5850 CVE-2019-5851 CVE-2019-5852 CVE-2019-5853 CVE-2019-5854 CVE-2019-5855 CVE-2019-5856 CVE-2019-5857 CVE-2019-5858 CVE-2019-5859 CVE-2019-5860 CVE-2019-5861 CVE-2019-5862 CVE-2019-5863 CVE-2019-5864 CVE-2019-5865 CVE-2019-5867 CVE-2019-5868 CVE-2019-5869 CVE-2019-5870 CVE-2019-5871 CVE-2019-5872 CVE-2019-5874 CVE-2019-5875 CVE-2019-5876 CVE-2019-5877 CVE-2019-5878 CVE-2019-5879 CVE-2019-5880 CVE-2019-5881
Affected Products:
SUSE Package Hub for SUSE Linux Enterprise 12 ______________________________________________________________________________

An update that fixes 86 vulnerabilities is now available.
Description:

This update for chromium fixes the following issues:

Chromium was updated to 78.0.3904.87:
(boo#1155643,boo#1154806,boo#1153660,
boo#1151229,boo#1149143,boo#1145242,boo#1143492)

Security issues fixed with this version update:

* CVE-2019-13721: Use-after-free in PDFium
* CVE-2019-13720: Use-after-free in audio
* CVE-2019-13699: Use-after-free in media
* CVE-2019-13700: Buffer overrun in Blink
* CVE-2019-13701: URL spoof in navigation
* CVE-2019-13702: Privilege elevation in Installer
* CVE-2019-13703: URL bar spoofing
* CVE-2019-13704: CSP bypass
* CVE-2019-13705: Extension permission bypass
* CVE-2019-13706: Out-of-bounds read in PDFium
* CVE-2019-13707: File storage disclosure
* CVE-2019-13708: HTTP authentication spoof
* CVE-2019-13709: File download protection bypass
* CVE-2019-13710: File download protection bypass
* CVE-2019-13711: Cross-context information leak
* CVE-2019-15903: Buffer overflow in expat
* CVE-2019-13713: Cross-origin data leak
* CVE-2019-13714: CSS injection
* CVE-2019-13715: Address bar spoofing
* CVE-2019-13716: Service worker state error
* CVE-2019-13717: Notification obscured
* CVE-2019-13718: IDN spoof
* CVE-2019-13719: Notification obscured
* CVE-2019-13693: Use-after-free in IndexedDB
* CVE-2019-13694: Use-after-free in WebRTC
* CVE-2019-13695: Use-after-free in audio
* CVE-2019-13696: Use-after-free in V8
* CVE-2019-13697: Cross-origin size leak.
* CVE-2019-13685: Use-after-free in UI
* CVE-2019-13688: Use-after-free in media
* CVE-2019-13687: Use-after-free in media
* CVE-2019-13686: Use-after-free in offline pages
* CVE-2019-5870: Use-after-free in media
* CVE-2019-5871: Heap overflow in Skia
* CVE-2019-5872: Use-after-free in Mojo
* CVE-2019-5874: External URIs may trigger other browsers * CVE-2019-5875: URL bar spoof via download redirect
* CVE-2019-5876: Use-after-free in media
* CVE-2019-5877: Out-of-bounds access in V8
* CVE-2019-5878: Use-after-free in V8
* CVE-2019-5879: Extension can bypass same origin policy * CVE-2019-5880: SameSite cookie bypass
* CVE-2019-5881: Arbitrary read in SwiftShader
* CVE-2019-13659: URL spoof
* CVE-2019-13660: Full screen notification overlap
* CVE-2019-13661: Full screen notification spoof
* CVE-2019-13662: CSP bypass
* CVE-2019-13663: IDN spoof
* CVE-2019-13664: CSRF bypass
* CVE-2019-13665: Multiple file download protection bypass * CVE-2019-13666: Side channel using storage size estimate * CVE-2019-13667: URI bar spoof when using external app URIs * CVE-2019-13668: Global window leak via console
* CVE-2019-13669: HTTP authentication spoof
* CVE-2019-13670: V8 memory corruption in regex
* CVE-2019-13671: Dialog box fails to show origin
* CVE-2019-13673: Cross-origin information leak using devtools * CVE-2019-13674: IDN spoofing
* CVE-2019-13675: Extensions can be disabled by trailing slash * CVE-2019-13676: Google URI shown for certificate warning * CVE-2019-13677: Chrome web store origin needs to be isolated * CVE-2019-13678: Download dialog spoofing
* CVE-2019-13679: User gesture needed for printing
* CVE-2019-13680: IP address spoofing to servers
* CVE-2019-13681: Bypass on download restrictions
* CVE-2019-13682: Site isolation bypass
* CVE-2019-13683: Exceptions leaked by devtools
* CVE-2019-5869: Use-after-free in Blink
* CVE-2019-5868: Use-after-free in PDFium ExecuteFieldAction * CVE-2019-5867: Out-of-bounds read in V8
* CVE-2019-5850: Use-after-free in offline page fetcher * CVE-2019-5860: Use-after-free in PDFium
* CVE-2019-5853: Memory corruption in regexp length check * CVE-2019-5851: Use-after-poison in offline audio context * CVE-2019-5859: res: URIs can load alternative browsers * CVE-2019-5856: Insufficient checks on filesystem: URI permissions * CVE-2019-5855: Integer overflow in PDFium
* CVE-2019-5865: Site isolation bypass from compromised renderer * CVE-2019-5858: Insufficient filtering of Open URL service parameters * CVE-2019-5864: Insufficient port filtering in CORS for extensions * CVE-2019-5862: AppCache not robust to compromised renderers * CVE-2019-5861: Click location incorrectly checked
* CVE-2019-5857: Comparison of -0 and null yields crash * CVE-2019-5854: Integer overflow in PDFium text rendering * CVE-2019-5852: Object leak of utility functions

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:
- SUSE Package Hub for SUSE Linux Enterprise 12:

zypper in -t patch openSUSE-2019-2447=1


Package List:

- SUSE Package Hub for SUSE Linux Enterprise 12 (aarch64 x86_64):
chromedriver-78.0.3904.87-10.1
chromium-78.0.3904.87-10.1

References:

https://www.suse.com/security/cve/CVE-2019-13659.html
https://www.suse.com/security/cve/CVE-2019-13660.html
https://www.suse.com/security/cve/CVE-2019-13661.html
https://www.suse.com/security/cve/CVE-2019-13662.html
https://www.suse.com/security/cve/CVE-2019-13663.html
https://www.suse.com/security/cve/CVE-2019-13664.html
https://www.suse.com/security/cve/CVE-2019-13665.html
https://www.suse.com/security/cve/CVE-2019-13666.html
https://www.suse.com/security/cve/CVE-2019-13667.html
https://www.suse.com/security/cve/CVE-2019-13668.html
https://www.suse.com/security/cve/CVE-2019-13669.html
https://www.suse.com/security/cve/CVE-2019-13670.html
https://www.suse.com/security/cve/CVE-2019-13671.html
https://www.suse.com/security/cve/CVE-2019-13673.html
https://www.suse.com/security/cve/CVE-2019-13674.html
https://www.suse.com/security/cve/CVE-2019-13675.html
https://www.suse.com/security/cve/CVE-2019-13676.html
https://www.suse.com/security/cve/CVE-2019-13677.html
https://www.suse.com/security/cve/CVE-2019-13678.html
https://www.suse.com/security/cve/CVE-2019-13679.html
https://www.suse.com/security/cve/CVE-2019-13680.html
https://www.suse.com/security/cve/CVE-2019-13681.html
https://www.suse.com/security/cve/CVE-2019-13682.html
https://www.suse.com/security/cve/CVE-2019-13683.html
https://www.suse.com/security/cve/CVE-2019-13685.html
https://www.suse.com/security/cve/CVE-2019-13686.html
https://www.suse.com/security/cve/CVE-2019-13687.html
https://www.suse.com/security/cve/CVE-2019-13688.html
https://www.suse.com/security/cve/CVE-2019-13693.html
https://www.suse.com/security/cve/CVE-2019-13694.html
https://www.suse.com/security/cve/CVE-2019-13695.html
https://www.suse.com/security/cve/CVE-2019-13696.html
https://www.suse.com/security/cve/CVE-2019-13697.html
https://www.suse.com/security/cve/CVE-2019-13699.html
https://www.suse.com/security/cve/CVE-2019-13700.html
https://www.suse.com/security/cve/CVE-2019-13701.html
https://www.suse.com/security/cve/CVE-2019-13702.html
https://www.suse.com/security/cve/CVE-2019-13703.html
https://www.suse.com/security/cve/CVE-2019-13704.html
https://www.suse.com/security/cve/CVE-2019-13705.html
https://www.suse.com/security/cve/CVE-2019-13706.html
https://www.suse.com/security/cve/CVE-2019-13707.html
https://www.suse.com/security/cve/CVE-2019-13708.html
https://www.suse.com/security/cve/CVE-2019-13709.html
https://www.suse.com/security/cve/CVE-2019-13710.html
https://www.suse.com/security/cve/CVE-2019-13711.html
https://www.suse.com/security/cve/CVE-2019-13713.html
https://www.suse.com/security/cve/CVE-2019-13714.html
https://www.suse.com/security/cve/CVE-2019-13715.html
https://www.suse.com/security/cve/CVE-2019-13716.html
https://www.suse.com/security/cve/CVE-2019-13717.html
https://www.suse.com/security/cve/CVE-2019-13718.html
https://www.suse.com/security/cve/CVE-2019-13719.html
https://www.suse.com/security/cve/CVE-2019-13720.html
https://www.suse.com/security/cve/CVE-2019-13721.html
https://www.suse.com/security/cve/CVE-2019-15903.html
https://www.suse.com/security/cve/CVE-2019-5850.html
https://www.suse.com/security/cve/CVE-2019-5851.html
https://www.suse.com/security/cve/CVE-2019-5852.html
https://www.suse.com/security/cve/CVE-2019-5853.html
https://www.suse.com/security/cve/CVE-2019-5854.html
https://www.suse.com/security/cve/CVE-2019-5855.html
https://www.suse.com/security/cve/CVE-2019-5856.html
https://www.suse.com/security/cve/CVE-2019-5857.html
https://www.suse.com/security/cve/CVE-2019-5858.html
https://www.suse.com/security/cve/CVE-2019-5859.html
https://www.suse.com/security/cve/CVE-2019-5860.html
https://www.suse.com/security/cve/CVE-2019-5861.html
https://www.suse.com/security/cve/CVE-2019-5862.html
https://www.suse.com/security/cve/CVE-2019-5863.html
https://www.suse.com/security/cve/CVE-2019-5864.html
https://www.suse.com/security/cve/CVE-2019-5865.html
https://www.suse.com/security/cve/CVE-2019-5867.html
https://www.suse.com/security/cve/CVE-2019-5868.html
https://www.suse.com/security/cve/CVE-2019-5869.html
https://www.suse.com/security/cve/CVE-2019-5870.html
https://www.suse.com/security/cve/CVE-2019-5871.html
https://www.suse.com/security/cve/CVE-2019-5872.html
https://www.suse.com/security/cve/CVE-2019-5874.html
https://www.suse.com/security/cve/CVE-2019-5875.html
https://www.suse.com/security/cve/CVE-2019-5876.html
https://www.suse.com/security/cve/CVE-2019-5877.html
https://www.suse.com/security/cve/CVE-2019-5878.html
https://www.suse.com/security/cve/CVE-2019-5879.html
https://www.suse.com/security/cve/CVE-2019-5880.html
https://www.suse.com/security/cve/CVE-2019-5881.html
https://bugzilla.suse.com/1143492
https://bugzilla.suse.com/1144625
https://bugzilla.suse.com/1145242
https://bugzilla.suse.com/1146219
https://bugzilla.suse.com/1149143
https://bugzilla.suse.com/1150425
https://bugzilla.suse.com/1151229
https://bugzilla.suse.com/1153660
https://bugzilla.suse.com/1154806
https://bugzilla.suse.com/1155643