You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa chromium

Sigurnosni nedostaci programskog paketa chromium

by - 0
  • Detalji os-a: WN7
  • Važnost: URG
  • Operativni sustavi: L
  • Kategorije: LSU

openSUSE Security Update: Security update for chromium
______________________________________________________________________________

Announcement ID: openSUSE-SU-2020:1715-1
Rating: critical
References: #1177408
Cross-References: CVE-2020-15967 CVE-2020-15968 CVE-2020-15969
CVE-2020-15970 CVE-2020-15971 CVE-2020-15972
CVE-2020-15973 CVE-2020-15974 CVE-2020-15975
CVE-2020-15976 CVE-2020-15977 CVE-2020-15978
CVE-2020-15979 CVE-2020-15980 CVE-2020-15981
CVE-2020-15982 CVE-2020-15983 CVE-2020-15984
CVE-2020-15985 CVE-2020-15986 CVE-2020-15987
CVE-2020-15988 CVE-2020-15989 CVE-2020-15990
CVE-2020-15991 CVE-2020-15992 CVE-2020-6557

Affected Products:
openSUSE Backports SLE-15-SP1
______________________________________________________________________________

An update that fixes 27 vulnerabilities is now available.

Description:

This update for chromium fixes the following issues:

-chromium was updated to 86.0.4240.75 (boo#1177408):
– CVE-2020-15967: Fixed Use after free in payments.
– CVE-2020-15968: Fixed Use after free in Blink.
– CVE-2020-15969: Fixed Use after free in WebRTC.
– CVE-2020-15970: Fixed Use after free in NFC.
– CVE-2020-15971: Fixed Use after free in printing.
– CVE-2020-15972: Fixed Use after free in audio.
– CVE-2020-15990: Fixed Use after free in autofill.
– CVE-2020-15991: Fixed Use after free in password manager.
– CVE-2020-15973: Fixed Insufficient policy enforcement in extensions.
– CVE-2020-15974: Fixed Integer overflow in Blink.
– CVE-2020-15975: Fixed Integer overflow in SwiftShader.
– CVE-2020-15976: Fixed Use after free in WebXR.
– CVE-2020-6557: Fixed Inappropriate implementation in networking.
– CVE-2020-15977: Fixed Insufficient data validation in dialogs.
– CVE-2020-15978: Fixed Insufficient data validation in navigation.
– CVE-2020-15979: Fixed Inappropriate implementation in V8.
– CVE-2020-15980: Fixed Insufficient policy enforcement in Intents.
– CVE-2020-15981: Fixed Out of bounds read in audio.
– CVE-2020-15982: Fixed Side-channel information leakage in cache.
– CVE-2020-15983: Fixed Insufficient data validation in webUI.
– CVE-2020-15984: Fixed Insufficient policy enforcement in Omnibox.
– CVE-2020-15985: Fixed Inappropriate implementation in Blink.
– CVE-2020-15986: Fixed Integer overflow in media.
– CVE-2020-15987: Fixed Use after free in WebRTC.
– CVE-2020-15992: Fixed Insufficient policy enforcement in networking.
– CVE-2020-15988: Fixed Insufficient policy enforcement in downloads.
– CVE-2020-15989: Fixed Uninitialized Use in PDFium.

This update was imported from the openSUSE:Leap:15.1:Update update project.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

– openSUSE Backports SLE-15-SP1:

zypper in -t patch openSUSE-2020-1715=1

Package List:

– openSUSE Backports SLE-15-SP1 (aarch64 ppc64le s390x x86_64):

gn-0.1807-bp151.3.6.1
gn-debuginfo-0.1807-bp151.3.6.1
gn-debugsource-0.1807-bp151.3.6.1

– openSUSE Backports SLE-15-SP1 (aarch64 x86_64):

chromedriver-86.0.4240.75-bp151.3.113.1
chromium-86.0.4240.75-bp151.3.113.1

References:

https://protect2.fireeye.com/v1/url?k=decb7c26-82d9c822-decce1ea-000babd90757-c6269d677e8793c3&q=1&e=1a8d1b8c-92da-49d5-b86a-1a153c12137a&u=https%3A%2F%2Fwww.suse.com%2Fsecurity%2Fcve%2FCVE-2020-15967.html
https://protect2.fireeye.com/v1/url?k=ed12eb58-b1005f5c-ed157694-000babd90757-bbb31005c40a1a07&q=1&e=1a8d1b8c-92da-49d5-b86a-1a153c12137a&u=https%3A%2F%2Fwww.suse.com%2Fsecurity%2Fcve%2FCVE-2020-15968.html
https://protect2.fireeye.com/v1/url?k=086355bc-5471e1b8-0864c870-000babd90757-1774f403d23f2b30&q=1&e=1a8d1b8c-92da-49d5-b86a-1a153c12137a&u=https%3A%2F%2Fwww.suse.com%2Fsecurity%2Fcve%2FCVE-2020-15969.html
https://protect2.fireeye.com/v1/url?k=8f040c44-d316b840-8f039188-000babd90757-38db3bc1af42a5ea&q=1&e=1a8d1b8c-92da-49d5-b86a-1a153c12137a&u=https%3A%2F%2Fwww.suse.com%2Fsecurity%2Fcve%2FCVE-2020-15970.html
https://protect2.fireeye.com/v1/url?k=c9834979-9591fd7d-c984d4b5-000babd90757-034b18419abaa32b&q=1&e=1a8d1b8c-92da-49d5-b86a-1a153c12137a&u=https%3A%2F%2Fwww.suse.com%2Fsecurity%2Fcve%2FCVE-2020-15971.html
https://protect2.fireeye.com/v1/url?k=7ccde500-20df5104-7cca78cc-000babd90757-f79bf7c73eae6f9b&q=1&e=1a8d1b8c-92da-49d5-b86a-1a153c12137a&u=https%3A%2F%2Fwww.suse.com%2Fsecurity%2Fcve%2FCVE-2020-15972.html
https://protect2.fireeye.com/v1/url?k=0661e8d7-5a735cd3-0666751b-000babd90757-c70d9b34e8c92453&q=1&e=1a8d1b8c-92da-49d5-b86a-1a153c12137a&u=https%3A%2F%2Fwww.suse.com%2Fsecurity%2Fcve%2FCVE-2020-15973.html
https://protect2.fireeye.com/v1/url?k=a77febd9-fb6d5fdd-a7787615-000babd90757-2e6af370173c5378&q=1&e=1a8d1b8c-92da-49d5-b86a-1a153c12137a&u=https%3A%2F%2Fwww.suse.com%2Fsecurity%2Fcve%2FCVE-2020-15974.html
https://protect2.fireeye.com/v1/url?k=ad3a3b75-f1288f71-ad3da6b9-000babd90757-60beb3d7eb30c1bf&q=1&e=1a8d1b8c-92da-49d5-b86a-1a153c12137a&u=https%3A%2F%2Fwww.suse.com%2Fsecurity%2Fcve%2FCVE-2020-15975.html
https://protect2.fireeye.com/v1/url?k=e521c863-b9337c67-e52655af-000babd90757-3a55dc5c1e16cbb7&q=1&e=1a8d1b8c-92da-49d5-b86a-1a153c12137a&u=https%3A%2F%2Fwww.suse.com%2Fsecurity%2Fcve%2FCVE-2020-15976.html
https://protect2.fireeye.com/v1/url?k=c6f241e9-9ae0f5ed-c6f5dc25-000babd90757-ea5c676cb1fda869&q=1&e=1a8d1b8c-92da-49d5-b86a-1a153c12137a&u=https%3A%2F%2Fwww.suse.com%2Fsecurity%2Fcve%2FCVE-2020-15977.html
https://protect2.fireeye.com/v1/url?k=07e63a0f-5bf48e0b-07e1a7c3-000babd90757-89b9acfdd5839843&q=1&e=1a8d1b8c-92da-49d5-b86a-1a153c12137a&u=https%3A%2F%2Fwww.suse.com%2Fsecurity%2Fcve%2FCVE-2020-15978.html
https://protect2.fireeye.com/v1/url?k=98fceda9-c4ee59ad-98fb7065-000babd90757-da14470c42c4a78a&q=1&e=1a8d1b8c-92da-49d5-b86a-1a153c12137a&u=https%3A%2F%2Fwww.suse.com%2Fsecurity%2Fcve%2FCVE-2020-15979.html
https://protect2.fireeye.com/v1/url?k=010dbcc6-5d1f08c2-010a210a-000babd90757-775a6779c7d464a8&q=1&e=1a8d1b8c-92da-49d5-b86a-1a153c12137a&u=https%3A%2F%2Fwww.suse.com%2Fsecurity%2Fcve%2FCVE-2020-15980.html
https://protect2.fireeye.com/v1/url?k=32e8fdaf-6efa49ab-32ef6063-000babd90757-9f5df15c1291e6c7&q=1&e=1a8d1b8c-92da-49d5-b86a-1a153c12137a&u=https%3A%2F%2Fwww.suse.com%2Fsecurity%2Fcve%2FCVE-2020-15981.html
https://protect2.fireeye.com/v1/url?k=708b73ba-2c99c7be-708cee76-000babd90757-8ad47215e8385f01&q=1&e=1a8d1b8c-92da-49d5-b86a-1a153c12137a&u=https%3A%2F%2Fwww.suse.com%2Fsecurity%2Fcve%2FCVE-2020-15982.html
https://protect2.fireeye.com/v1/url?k=9456fc3f-c844483b-945161f3-000babd90757-874d69d626fac916&q=1&e=1a8d1b8c-92da-49d5-b86a-1a153c12137a&u=https%3A%2F%2Fwww.suse.com%2Fsecurity%2Fcve%2FCVE-2020-15983.html
https://protect2.fireeye.com/v1/url?k=a7321a5f-fb20ae5b-a7358793-000babd90757-f8672f000e9dcb4c&q=1&e=1a8d1b8c-92da-49d5-b86a-1a153c12137a&u=https%3A%2F%2Fwww.suse.com%2Fsecurity%2Fcve%2FCVE-2020-15984.html
https://protect2.fireeye.com/v1/url?k=420e9fc5-1e1c2bc1-42090209-000babd90757-51042144e9cc72bb&q=1&e=1a8d1b8c-92da-49d5-b86a-1a153c12137a&u=https%3A%2F%2Fwww.suse.com%2Fsecurity%2Fcve%2FCVE-2020-15985.html
https://protect2.fireeye.com/v1/url?k=74d1b505-28c30101-74d628c9-000babd90757-a9a706b4c44c599e&q=1&e=1a8d1b8c-92da-49d5-b86a-1a153c12137a&u=https%3A%2F%2Fwww.suse.com%2Fsecurity%2Fcve%2FCVE-2020-15986.html
https://protect2.fireeye.com/v1/url?k=6750fe5b-3b424a5f-67576397-000babd90757-ce76a73701748bf7&q=1&e=1a8d1b8c-92da-49d5-b86a-1a153c12137a&u=https%3A%2F%2Fwww.suse.com%2Fsecurity%2Fcve%2FCVE-2020-15987.html
https://protect2.fireeye.com/v1/url?k=2509ea96-791b5e92-250e775a-000babd90757-d1b8168e426fe6df&q=1&e=1a8d1b8c-92da-49d5-b86a-1a153c12137a&u=https%3A%2F%2Fwww.suse.com%2Fsecurity%2Fcve%2FCVE-2020-15988.html
https://protect2.fireeye.com/v1/url?k=05c701f0-59d5b5f4-05c09c3c-000babd90757-eb182b9f5f014725&q=1&e=1a8d1b8c-92da-49d5-b86a-1a153c12137a&u=https%3A%2F%2Fwww.suse.com%2Fsecurity%2Fcve%2FCVE-2020-15989.html
https://protect2.fireeye.com/v1/url?k=9ac7def2-c6d56af6-9ac0433e-000babd90757-1a36282898e07024&q=1&e=1a8d1b8c-92da-49d5-b86a-1a153c12137a&u=https%3A%2F%2Fwww.suse.com%2Fsecurity%2Fcve%2FCVE-2020-15990.html
https://protect2.fireeye.com/v1/url?k=f1a3dbfb-adb16fff-f1a44637-000babd90757-c9d5f2f83e6bd2c4&q=1&e=1a8d1b8c-92da-49d5-b86a-1a153c12137a&u=https%3A%2F%2Fwww.suse.com%2Fsecurity%2Fcve%2FCVE-2020-15991.html
https://protect2.fireeye.com/v1/url?k=b3d087af-efc233ab-b3d71a63-000babd90757-2cf8233ac1b3b4b3&q=1&e=1a8d1b8c-92da-49d5-b86a-1a153c12137a&u=https%3A%2F%2Fwww.suse.com%2Fsecurity%2Fcve%2FCVE-2020-15992.html
https://protect2.fireeye.com/v1/url?k=e7292432-bb3b9036-e72eb9fe-000babd90757-8327822607daae8b&q=1&e=1a8d1b8c-92da-49d5-b86a-1a153c12137a&u=https%3A%2F%2Fwww.suse.com%2Fsecurity%2Fcve%2FCVE-2020-6557.html
https://protect2.fireeye.com/v1/url?k=456b7c63-1979c867-456ce1af-000babd90757-e7fb3ae55bdfd6da&q=1&e=1a8d1b8c-92da-49d5-b86a-1a153c12137a&u=https%3A%2F%2Fbugzilla.suse.com%2F1177408


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

openSUSE Security Update: Security update for chromium
______________________________________________________________________________

Announcement ID: openSUSE-SU-2020:1718-1
Rating: important
References: #1177936
Cross-References: CVE-2020-15999 CVE-2020-16000 CVE-2020-16001
CVE-2020-16002 CVE-2020-16003
Affected Products:
openSUSE Leap 15.1
______________________________________________________________________________

An update that fixes 5 vulnerabilities is now available.

Description:

This update for chromium fixes the following issues:

– Update to 86.0.4240.111 boo#1177936
– CVE-2020-16000: Inappropriate implementation in Blink.
– CVE-2020-16001: Use after free in media.
– CVE-2020-16002: Use after free in PDFium.
– CVE-2020-15999: Heap buffer overflow in Freetype.
– CVE-2020-16003: Use after free in printing.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

– openSUSE Leap 15.1:

zypper in -t patch openSUSE-2020-1718=1

Package List:

– openSUSE Leap 15.1 (x86_64):

chromedriver-86.0.4240.111-lp151.2.147.1
chromedriver-debuginfo-86.0.4240.111-lp151.2.147.1
chromium-86.0.4240.111-lp151.2.147.1
chromium-debuginfo-86.0.4240.111-lp151.2.147.1

References:

https://protect2.fireeye.com/v1/url?k=fa960587-a684b183-fa91984b-000babd90757-d517af734d873359&q=1&e=896e2701-02a0-4acd-8896-3f6278833568&u=https%3A%2F%2Fwww.suse.com%2Fsecurity%2Fcve%2FCVE-2020-15999.html
https://protect2.fireeye.com/v1/url?k=aa739b42-f6612f46-aa74068e-000babd90757-23d162933e7e5a6f&q=1&e=896e2701-02a0-4acd-8896-3f6278833568&u=https%3A%2F%2Fwww.suse.com%2Fsecurity%2Fcve%2FCVE-2020-16000.html
https://protect2.fireeye.com/v1/url?k=8a393adf-d62b8edb-8a3ea713-000babd90757-495c2bc454d18cb7&q=1&e=896e2701-02a0-4acd-8896-3f6278833568&u=https%3A%2F%2Fwww.suse.com%2Fsecurity%2Fcve%2FCVE-2020-16001.html
https://protect2.fireeye.com/v1/url?k=31a5587b-6db7ec7f-31a2c5b7-000babd90757-898bc05ae3611e97&q=1&e=896e2701-02a0-4acd-8896-3f6278833568&u=https%3A%2F%2Fwww.suse.com%2Fsecurity%2Fcve%2FCVE-2020-16002.html
https://protect2.fireeye.com/v1/url?k=103c6c46-4c2ed842-103bf18a-000babd90757-4cf22baa75235e4b&q=1&e=896e2701-02a0-4acd-8896-3f6278833568&u=https%3A%2F%2Fwww.suse.com%2Fsecurity%2Fcve%2FCVE-2020-16003.html
https://protect2.fireeye.com/v1/url?k=f3585508-af4ae10c-f35fc8c4-000babd90757-4bcf4d8e7433c490&q=1&e=896e2701-02a0-4acd-8896-3f6278833568&u=https%3A%2F%2Fbugzilla.suse.com%2F1177936


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

openSUSE Security Update: Security update for chromium
______________________________________________________________________________

Announcement ID: openSUSE-SU-2020:1731-1
Rating: important
References: #1177936
Cross-References: CVE-2020-15999 CVE-2020-16000 CVE-2020-16001
CVE-2020-16002 CVE-2020-16003
Affected Products:
openSUSE Backports SLE-15-SP1
______________________________________________________________________________

An update that fixes 5 vulnerabilities is now available.

Description:

This update for chromium fixes the following issues:

– Update to 86.0.4240.111 boo#1177936
– CVE-2020-16000: Inappropriate implementation in Blink.
– CVE-2020-16001: Use after free in media.
– CVE-2020-16002: Use after free in PDFium.
– CVE-2020-15999: Heap buffer overflow in Freetype.
– CVE-2020-16003: Use after free in printing.

This update was imported from the openSUSE:Leap:15.1:Update update project.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

– openSUSE Backports SLE-15-SP1:

zypper in -t patch openSUSE-2020-1731=1

Package List:

– openSUSE Backports SLE-15-SP1 (aarch64 x86_64):

chromedriver-86.0.4240.111-bp151.3.116.1
chromium-86.0.4240.111-bp151.3.116.1

References:

https://www.suse.com/security/cve/CVE-2020-15999.html
https://www.suse.com/security/cve/CVE-2020-16000.html
https://www.suse.com/security/cve/CVE-2020-16001.html
https://www.suse.com/security/cve/CVE-2020-16002.html
https://www.suse.com/security/cve/CVE-2020-16003.html
https://bugzilla.suse.com/1177936


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

openSUSE Security Update: Security update for chromium
______________________________________________________________________________

Announcement ID: openSUSE-SU-2020:1737-1
Rating: important
References: #1177936
Cross-References: CVE-2020-15999 CVE-2020-16000 CVE-2020-16001
CVE-2020-16002 CVE-2020-16003
Affected Products:
openSUSE Leap 15.2
______________________________________________________________________________

An update that fixes 5 vulnerabilities is now available.

Description:

This update for chromium fixes the following issues:

– Update to 86.0.4240.111 boo#1177936
– CVE-2020-16000: Inappropriate implementation in Blink.
– CVE-2020-16001: Use after free in media.
– CVE-2020-16002: Use after free in PDFium.
– CVE-2020-15999: Heap buffer overflow in Freetype.
– CVE-2020-16003: Use after free in printing.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

– openSUSE Leap 15.2:

zypper in -t patch openSUSE-2020-1737=1

Package List:

– openSUSE Leap 15.2 (x86_64):

chromedriver-86.0.4240.111-lp152.2.42.1
chromedriver-debuginfo-86.0.4240.111-lp152.2.42.1
chromium-86.0.4240.111-lp152.2.42.1
chromium-debuginfo-86.0.4240.111-lp152.2.42.1

References:

https://www.suse.com/security/cve/CVE-2020-15999.html
https://www.suse.com/security/cve/CVE-2020-16000.html
https://www.suse.com/security/cve/CVE-2020-16001.html
https://www.suse.com/security/cve/CVE-2020-16002.html
https://www.suse.com/security/cve/CVE-2020-16003.html
https://bugzilla.suse.com/1177936


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

AutorBruno Varga
Cert idNCERT-REF-2020-10-0001-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
IzvorAdobe
Top
More in Preporuke
Sigurnosni nedostaci programskog paketa firefox

Otkriveni su sigurnosni nedostaci u programskom paketu firefox za operacijski sustav Ubuntu. Otkriveni nedostaci potencijalnim napadačima omogućuju izazivanje DoS stanja,...

Close