You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa chromium

Sigurnosni nedostaci programskog paketa chromium

openSUSE Security Update: Security update for chromium
______________________________________________________________________________

Announcement ID: openSUSE-SU-2020:1937-1
Rating: important
References: #1178375
Cross-References: CVE-2020-16004 CVE-2020-16005 CVE-2020-16006
CVE-2020-16007 CVE-2020-16008 CVE-2020-16009
CVE-2020-16011
Affected Products:
openSUSE Backports SLE-15-SP1
______________________________________________________________________________

An update that fixes 7 vulnerabilities is now available.

Description:

This update for chromium fixes the following issues:

– Update to 86.0.4240.183 boo#1178375
– CVE-2020-16004: Use after free in user interface.
– CVE-2020-16005: Insufficient policy enforcement in ANGLE.
– CVE-2020-16006: Inappropriate implementation in V8
– CVE-2020-16007: Insufficient data validation in installer.
– CVE-2020-16008: Stack buffer overflow in WebRTC.
– CVE-2020-16009: Inappropriate implementation in V8.
– CVE-2020-16011: Heap buffer overflow in UI on Windows.

This update was imported from the openSUSE:Leap:15.1:Update update project.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

– openSUSE Backports SLE-15-SP1:

zypper in -t patch openSUSE-2020-1937=1

Package List:

– openSUSE Backports SLE-15-SP1 (aarch64 x86_64):

chromedriver-86.0.4240.183-bp151.3.125.1
chromium-86.0.4240.183-bp151.3.125.1

References:

https://www.suse.com/security/cve/CVE-2020-16004.html
https://www.suse.com/security/cve/CVE-2020-16005.html
https://www.suse.com/security/cve/CVE-2020-16006.html
https://www.suse.com/security/cve/CVE-2020-16007.html
https://www.suse.com/security/cve/CVE-2020-16008.html
https://www.suse.com/security/cve/CVE-2020-16009.html
https://www.suse.com/security/cve/CVE-2020-16011.html
https://bugzilla.suse.com/1178375
_______________________________________________
openSUSE Security Announce mailing list — security-announce@lists.opensuse.org
To unsubscribe, email security-announce-leave@lists.opensuse.org
List Netiquette: https://en.opensuse.org/openSUSE:Mailing_list_netiquette
List Archives: https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org

openSUSE Security Update: Security update for chromium
______________________________________________________________________________

Announcement ID: openSUSE-SU-2020:1929-1
Rating: important
References: #1178630 #1178703
Cross-References: CVE-2020-16013 CVE-2020-16016 CVE-2020-16017

Affected Products:
openSUSE Leap 15.2
openSUSE Leap 15.1
openSUSE Backports SLE-15-SP2
openSUSE Backports SLE-15-SP1
______________________________________________________________________________

An update that fixes three vulnerabilities is now available.

Description:

This update for chromium fixes the following issues:

Update to 86.0.4240.198 (boo#1178703)

– CVE-2020-16013: Inappropriate implementation in V8
– CVE-2020-16017: Use after free in site isolation

Update to 86.0.4240.193 (boo#1178630)

– CVE-2020-16016: Inappropriate implementation in base.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

– openSUSE Leap 15.2:

zypper in -t patch openSUSE-2020-1929=1

– openSUSE Leap 15.1:

zypper in -t patch openSUSE-2020-1929=1

– openSUSE Backports SLE-15-SP2:

zypper in -t patch openSUSE-2020-1929=1

– openSUSE Backports SLE-15-SP1:

zypper in -t patch openSUSE-2020-1929=1

Package List:

– openSUSE Leap 15.2 (x86_64):

chromedriver-86.0.4240.198-lp152.2.48.1
chromedriver-debuginfo-86.0.4240.198-lp152.2.48.1
chromium-86.0.4240.198-lp152.2.48.1
chromium-debuginfo-86.0.4240.198-lp152.2.48.1

– openSUSE Leap 15.1 (x86_64):

chromedriver-86.0.4240.198-lp151.2.153.1
chromedriver-debuginfo-86.0.4240.198-lp151.2.153.1
chromium-86.0.4240.198-lp151.2.153.1
chromium-debuginfo-86.0.4240.198-lp151.2.153.1

– openSUSE Backports SLE-15-SP2 (aarch64 x86_64):

chromedriver-86.0.4240.198-bp152.2.29.1
chromedriver-debuginfo-86.0.4240.198-bp152.2.29.1
chromium-86.0.4240.198-bp152.2.29.1
chromium-debuginfo-86.0.4240.198-bp152.2.29.1

– openSUSE Backports SLE-15-SP1 (aarch64 x86_64):

chromedriver-86.0.4240.198-bp151.3.122.1
chromium-86.0.4240.198-bp151.3.122.1

References:

https://www.suse.com/security/cve/CVE-2020-16013.html
https://www.suse.com/security/cve/CVE-2020-16016.html
https://www.suse.com/security/cve/CVE-2020-16017.html
https://bugzilla.suse.com/1178630
https://bugzilla.suse.com/1178703
_______________________________________________
openSUSE Security Announce mailing list — security-announce@lists.opensuse.org
To unsubscribe, email security-announce-leave@lists.opensuse.org
List Netiquette: https://en.opensuse.org/openSUSE:Mailing_list_netiquette
List Archives: https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org

Top
More in Preporuke
Sigurnosni nedostaci jezgre operacijskog sustava

Otkriveni su sigurnosni nedostaci jezgre operacijskog sustava openSUSE. Otkriveni nedostaci potencijalnim udaljenim napadačima omogućuju izazivanje DoS stanja, izvršavanje proizvoljnog programskog...

Close