Sigurnosni nedostaci programskih paketa chromium i gn

Preporuke

by - 5. studenoga 2020.0

Detalji os-a: WN7
Važnost: IMP
Operativni sustavi: L
Kategorije: LSU

openSUSE Security Update: Security update for chromium, gn
______________________________________________________________________________

Announcement ID: openSUSE-SU-2020:1829-1
Rating: important
References: #1177408 #1177936 #1178375
Cross-References: CVE-2020-15967 CVE-2020-15968 CVE-2020-15969
CVE-2020-15970 CVE-2020-15971 CVE-2020-15972
CVE-2020-15973 CVE-2020-15974 CVE-2020-15975
CVE-2020-15976 CVE-2020-15977 CVE-2020-15978
CVE-2020-15979 CVE-2020-15980 CVE-2020-15981
CVE-2020-15982 CVE-2020-15983 CVE-2020-15984
CVE-2020-15985 CVE-2020-15986 CVE-2020-15987
CVE-2020-15988 CVE-2020-15989 CVE-2020-15990
CVE-2020-15991 CVE-2020-15992 CVE-2020-15999
CVE-2020-16000 CVE-2020-16001 CVE-2020-16002
CVE-2020-16003 CVE-2020-16004 CVE-2020-16005
CVE-2020-16006 CVE-2020-16007 CVE-2020-16008
CVE-2020-16009 CVE-2020-16011 CVE-2020-6557

Affected Products:
openSUSE Backports SLE-15-SP2
______________________________________________________________________________

An update that fixes 39 vulnerabilities is now available.

Description:

This update for chromium, gn fixes the following issues:

chromium was updated to 86.0.4240.183 boo#1178375

– CVE-2020-16004: Use after free in user interface.
– CVE-2020-16005: Insufficient policy enforcement in ANGLE.
– CVE-2020-16006: Inappropriate implementation in V8
– CVE-2020-16007: Insufficient data validation in installer.
– CVE-2020-16008: Stack buffer overflow in WebRTC.
– CVE-2020-16009: Inappropriate implementation in V8.
– CVE-2020-16011: Heap buffer overflow in UI on Windows.

Update to 86.0.4240.111 boo#1177936

– CVE-2020-16000: Inappropriate implementation in Blink.
– CVE-2020-16001: Use after free in media.
– CVE-2020-16002: Use after free in PDFium.
– CVE-2020-15999: Heap buffer overflow in Freetype.
– CVE-2020-16003: Use after free in printing.

– chromium-86-f_seal.patch: F_SEAL* definitions added for leap 15.1 and
15.2

– Remove vdpau->vaapi bridge as it breaks a lot: (fixes welcome by someone
else than me)

– Fix cookiemonster:

Update to 86.0.4240.75 boo#1177408:

* CVE-2020-15967: Use after free in payments.
* CVE-2020-15968: Use after free in Blink.
* CVE-2020-15969: Use after free in WebRTC.
* CVE-2020-15970: Use after free in NFC.
* CVE-2020-15971: Use after free in printing.
* CVE-2020-15972: Use after free in audio.
* CVE-2020-15990: Use after free in autofill.
* CVE-2020-15991: Use after free in password manager.
* CVE-2020-15973: Insufficient policy enforcement in extensions.
* CVE-2020-15974: Integer overflow in Blink.
* CVE-2020-15975: Integer overflow in SwiftShader.
* CVE-2020-15976: Use after free in WebXR.
* CVE-2020-6557: Inappropriate implementation in networking.
* CVE-2020-15977: Insufficient data validation in dialogs.
* CVE-2020-15978: Insufficient data validation in navigation.
* CVE-2020-15979: Inappropriate implementation in V8.
* CVE-2020-15980: Insufficient policy enforcement in Intents.
* CVE-2020-15981: Out of bounds read in audio.
* CVE-2020-15982: Side-channel information leakage in cache.
* CVE-2020-15983: Insufficient data validation in webUI.
* CVE-2020-15984: Insufficient policy enforcement in Omnibox.
* CVE-2020-15985: Inappropriate implementation in Blink.
* CVE-2020-15986: Integer overflow in media.
* CVE-2020-15987: Use after free in WebRTC.
* CVE-2020-15992: Insufficient policy enforcement in networking.
* CVE-2020-15988: Insufficient policy enforcement in downloads.
* CVE-2020-15989: Uninitialized Use in PDFium.

– Update to 0.1807:

* no upstream changelog

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

– openSUSE Backports SLE-15-SP2:

zypper in -t patch openSUSE-2020-1829=1

Package List:

– openSUSE Backports SLE-15-SP2 (aarch64 ppc64le s390x x86_64):

gn-0.1807-bp152.2.3.4
gn-debuginfo-0.1807-bp152.2.3.4
gn-debugsource-0.1807-bp152.2.3.4

– openSUSE Backports SLE-15-SP2 (aarch64 x86_64):

chromedriver-86.0.4240.183-bp152.2.26.1
chromium-86.0.4240.183-bp152.2.26.1

References:

https://www.suse.com/security/cve/CVE-2020-15967.html
https://www.suse.com/security/cve/CVE-2020-15968.html
https://www.suse.com/security/cve/CVE-2020-15969.html
https://www.suse.com/security/cve/CVE-2020-15970.html
https://www.suse.com/security/cve/CVE-2020-15971.html
https://www.suse.com/security/cve/CVE-2020-15972.html
https://www.suse.com/security/cve/CVE-2020-15973.html
https://www.suse.com/security/cve/CVE-2020-15974.html
https://www.suse.com/security/cve/CVE-2020-15975.html
https://www.suse.com/security/cve/CVE-2020-15976.html
https://www.suse.com/security/cve/CVE-2020-15977.html
https://www.suse.com/security/cve/CVE-2020-15978.html
https://www.suse.com/security/cve/CVE-2020-15979.html
https://www.suse.com/security/cve/CVE-2020-15980.html
https://www.suse.com/security/cve/CVE-2020-15981.html
https://www.suse.com/security/cve/CVE-2020-15982.html
https://www.suse.com/security/cve/CVE-2020-15983.html
https://www.suse.com/security/cve/CVE-2020-15984.html
https://www.suse.com/security/cve/CVE-2020-15985.html
https://www.suse.com/security/cve/CVE-2020-15986.html
https://www.suse.com/security/cve/CVE-2020-15987.html
https://www.suse.com/security/cve/CVE-2020-15988.html
https://www.suse.com/security/cve/CVE-2020-15989.html
https://www.suse.com/security/cve/CVE-2020-15990.html
https://www.suse.com/security/cve/CVE-2020-15991.html
https://www.suse.com/security/cve/CVE-2020-15992.html
https://www.suse.com/security/cve/CVE-2020-15999.html
https://www.suse.com/security/cve/CVE-2020-16000.html
https://www.suse.com/security/cve/CVE-2020-16001.html
https://www.suse.com/security/cve/CVE-2020-16002.html
https://www.suse.com/security/cve/CVE-2020-16003.html
https://www.suse.com/security/cve/CVE-2020-16004.html
https://www.suse.com/security/cve/CVE-2020-16005.html
https://www.suse.com/security/cve/CVE-2020-16006.html
https://www.suse.com/security/cve/CVE-2020-16007.html
https://www.suse.com/security/cve/CVE-2020-16008.html
https://www.suse.com/security/cve/CVE-2020-16009.html
https://www.suse.com/security/cve/CVE-2020-16011.html
https://www.suse.com/security/cve/CVE-2020-6557.html
https://bugzilla.suse.com/1177408
https://protect2.fireeye.com/v1/url?k=04806731-5b1c7d2f-0487fafd-000babd90757-f6adba7178a41a98&q=1&e=fdd3f164-dc67-470a-8ec3-f9aa08a494e2&u=https%3A%2F%2Fbugzilla.suse.com%2F1177936
https://protect2.fireeye.com/v1/url?k=e1ac28ec-be3032f2-e1abb520-000babd90757-cc379f8144df299e&q=1&e=fdd3f164-dc67-470a-8ec3-f9aa08a494e2&u=https%3A%2F%2Fbugzilla.suse.com%2F1178375

—
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

Autor	Dona Seruga
Cert id	NCERT-REF-2020-11-0001-ADV
Cve	CERT-CVE-DUMMY
ID izvornika	CERT-ORIGID-DUMMY
Proizvod	CERT-DUMMY-PRODUCT
Izvor	Adobe

Sigurnosni nedostaci programskih paketa chromium i gn

Archives

More in Preporuke

Sigurnosni nedostatak programske biblioteke libX11