SUSE 5181 Published by

A chromium security update has been released for openSUSE Leap 15.1 and openSUSE Leap 15.2.



security-announce: openSUSE-SU-2020:1705-1: critical: Security update for chromium


openSUSE Security Update: Security update for chromium
______________________________________________________________________________

Announcement ID: openSUSE-SU-2020:1705-1
Rating: critical
References: #1177408
Cross-References: CVE-2020-15967 CVE-2020-15968 CVE-2020-15969
CVE-2020-15970 CVE-2020-15971 CVE-2020-15972
CVE-2020-15973 CVE-2020-15974 CVE-2020-15975
CVE-2020-15976 CVE-2020-15977 CVE-2020-15978
CVE-2020-15979 CVE-2020-15980 CVE-2020-15981
CVE-2020-15982 CVE-2020-15983 CVE-2020-15984
CVE-2020-15985 CVE-2020-15986 CVE-2020-15987
CVE-2020-15988 CVE-2020-15989 CVE-2020-15990
CVE-2020-15991 CVE-2020-15992 CVE-2020-6557

Affected Products:
openSUSE Leap 15.2
openSUSE Leap 15.1
______________________________________________________________________________

An update that fixes 27 vulnerabilities is now available.

Description:

This update for chromium fixes the following issues:

-chromium was updated to 86.0.4240.75 (boo#1177408):
- CVE-2020-15967: Fixed Use after free in payments.
- CVE-2020-15968: Fixed Use after free in Blink.
- CVE-2020-15969: Fixed Use after free in WebRTC.
- CVE-2020-15970: Fixed Use after free in NFC.
- CVE-2020-15971: Fixed Use after free in printing.
- CVE-2020-15972: Fixed Use after free in audio.
- CVE-2020-15990: Fixed Use after free in autofill.
- CVE-2020-15991: Fixed Use after free in password manager.
- CVE-2020-15973: Fixed Insufficient policy enforcement in extensions.
- CVE-2020-15974: Fixed Integer overflow in Blink.
- CVE-2020-15975: Fixed Integer overflow in SwiftShader.
- CVE-2020-15976: Fixed Use after free in WebXR.
- CVE-2020-6557: Fixed Inappropriate implementation in networking.
- CVE-2020-15977: Fixed Insufficient data validation in dialogs.
- CVE-2020-15978: Fixed Insufficient data validation in navigation.
- CVE-2020-15979: Fixed Inappropriate implementation in V8.
- CVE-2020-15980: Fixed Insufficient policy enforcement in Intents.
- CVE-2020-15981: Fixed Out of bounds read in audio.
- CVE-2020-15982: Fixed Side-channel information leakage in cache.
- CVE-2020-15983: Fixed Insufficient data validation in webUI.
- CVE-2020-15984: Fixed Insufficient policy enforcement in Omnibox.
- CVE-2020-15985: Fixed Inappropriate implementation in Blink.
- CVE-2020-15986: Fixed Integer overflow in media.
- CVE-2020-15987: Fixed Use after free in WebRTC.
- CVE-2020-15992: Fixed Insufficient policy enforcement in networking.
- CVE-2020-15988: Fixed Insufficient policy enforcement in downloads.
- CVE-2020-15989: Fixed Uninitialized Use in PDFium.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.2:

zypper in -t patch openSUSE-2020-1705=1

- openSUSE Leap 15.1:

zypper in -t patch openSUSE-2020-1705=1


Package List:

- openSUSE Leap 15.2 (x86_64):

chromedriver-86.0.4240.75-lp152.2.39.1
chromedriver-debuginfo-86.0.4240.75-lp152.2.39.1
chromium-86.0.4240.75-lp152.2.39.1
chromium-debuginfo-86.0.4240.75-lp152.2.39.1
gn-0.1807-lp152.2.3.1
gn-debuginfo-0.1807-lp152.2.3.1
gn-debugsource-0.1807-lp152.2.3.1

- openSUSE Leap 15.1 (x86_64):

chromedriver-86.0.4240.75-lp151.2.144.1
chromedriver-debuginfo-86.0.4240.75-lp151.2.144.1
chromium-86.0.4240.75-lp151.2.144.1
chromium-debuginfo-86.0.4240.75-lp151.2.144.1
gn-0.1807-lp151.2.6.1
gn-debuginfo-0.1807-lp151.2.6.1
gn-debugsource-0.1807-lp151.2.6.1

References:

  https://www.suse.com/security/cve/CVE-2020-15967.html
  https://www.suse.com/security/cve/CVE-2020-15968.html
  https://www.suse.com/security/cve/CVE-2020-15969.html
  https://www.suse.com/security/cve/CVE-2020-15970.html
  https://www.suse.com/security/cve/CVE-2020-15971.html
  https://www.suse.com/security/cve/CVE-2020-15972.html
  https://www.suse.com/security/cve/CVE-2020-15973.html
  https://www.suse.com/security/cve/CVE-2020-15974.html
  https://www.suse.com/security/cve/CVE-2020-15975.html
  https://www.suse.com/security/cve/CVE-2020-15976.html
  https://www.suse.com/security/cve/CVE-2020-15977.html
  https://www.suse.com/security/cve/CVE-2020-15978.html
  https://www.suse.com/security/cve/CVE-2020-15979.html
  https://www.suse.com/security/cve/CVE-2020-15980.html
  https://www.suse.com/security/cve/CVE-2020-15981.html
  https://www.suse.com/security/cve/CVE-2020-15982.html
  https://www.suse.com/security/cve/CVE-2020-15983.html
  https://www.suse.com/security/cve/CVE-2020-15984.html
  https://www.suse.com/security/cve/CVE-2020-15985.html
  https://www.suse.com/security/cve/CVE-2020-15986.html
  https://www.suse.com/security/cve/CVE-2020-15987.html
  https://www.suse.com/security/cve/CVE-2020-15988.html
  https://www.suse.com/security/cve/CVE-2020-15989.html
  https://www.suse.com/security/cve/CVE-2020-15990.html
  https://www.suse.com/security/cve/CVE-2020-15991.html
  https://www.suse.com/security/cve/CVE-2020-15992.html
  https://www.suse.com/security/cve/CVE-2020-6557.html
  https://bugzilla.suse.com/1177408