openSUSE Security Update: Security update for chromium, gn ______________________________________________________________________________ Announcement ID: openSUSE-SU-2020:1829-1 Rating: important References: #1177408 #1177936 #1178375 Cross-References: CVE-2020-15967 CVE-2020-15968 CVE-2020-15969 CVE-2020-15970 CVE-2020-15971 CVE-2020-15972 CVE-2020-15973 CVE-2020-15974 CVE-2020-15975 CVE-2020-15976 CVE-2020-15977 CVE-2020-15978 CVE-2020-15979 CVE-2020-15980 CVE-2020-15981 CVE-2020-15982 CVE-2020-15983 CVE-2020-15984 CVE-2020-15985 CVE-2020-15986 CVE-2020-15987 CVE-2020-15988 CVE-2020-15989 CVE-2020-15990 CVE-2020-15991 CVE-2020-15992 CVE-2020-15999 CVE-2020-16000 CVE-2020-16001 CVE-2020-16002 CVE-2020-16003 CVE-2020-16004 CVE-2020-16005 CVE-2020-16006 CVE-2020-16007 CVE-2020-16008 CVE-2020-16009 CVE-2020-16011 CVE-2020-6557 Affected Products: openSUSE Backports SLE-15-SP2 ______________________________________________________________________________ An update that fixes 39 vulnerabilities is now available. Description: This update for chromium, gn fixes the following issues: chromium was updated to 86.0.4240.183 boo#1178375 - CVE-2020-16004: Use after free in user interface. - CVE-2020-16005: Insufficient policy enforcement in ANGLE. - CVE-2020-16006: Inappropriate implementation in V8 - CVE-2020-16007: Insufficient data validation in installer. - CVE-2020-16008: Stack buffer overflow in WebRTC. - CVE-2020-16009: Inappropriate implementation in V8. - CVE-2020-16011: Heap buffer overflow in UI on Windows. Update to 86.0.4240.111 boo#1177936 - CVE-2020-16000: Inappropriate implementation in Blink. - CVE-2020-16001: Use after free in media. - CVE-2020-16002: Use after free in PDFium. - CVE-2020-15999: Heap buffer overflow in Freetype. - CVE-2020-16003: Use after free in printing. - chromium-86-f_seal.patch: F_SEAL* definitions added for leap 15.1 and 15.2 - Remove vdpau->vaapi bridge as it breaks a lot: (fixes welcome by someone else than me) - Fix cookiemonster: Update to 86.0.4240.75 boo#1177408: * CVE-2020-15967: Use after free in payments. * CVE-2020-15968: Use after free in Blink. * CVE-2020-15969: Use after free in WebRTC. * CVE-2020-15970: Use after free in NFC. * CVE-2020-15971: Use after free in printing. * CVE-2020-15972: Use after free in audio. * CVE-2020-15990: Use after free in autofill. * CVE-2020-15991: Use after free in password manager. * CVE-2020-15973: Insufficient policy enforcement in extensions. * CVE-2020-15974: Integer overflow in Blink. * CVE-2020-15975: Integer overflow in SwiftShader. * CVE-2020-15976: Use after free in WebXR. * CVE-2020-6557: Inappropriate implementation in networking. * CVE-2020-15977: Insufficient data validation in dialogs. * CVE-2020-15978: Insufficient data validation in navigation. * CVE-2020-15979: Inappropriate implementation in V8. * CVE-2020-15980: Insufficient policy enforcement in Intents. * CVE-2020-15981: Out of bounds read in audio. * CVE-2020-15982: Side-channel information leakage in cache. * CVE-2020-15983: Insufficient data validation in webUI. * CVE-2020-15984: Insufficient policy enforcement in Omnibox. * CVE-2020-15985: Inappropriate implementation in Blink. * CVE-2020-15986: Integer overflow in media. * CVE-2020-15987: Use after free in WebRTC. * CVE-2020-15992: Insufficient policy enforcement in networking. * CVE-2020-15988: Insufficient policy enforcement in downloads. * CVE-2020-15989: Uninitialized Use in PDFium. - Update to 0.1807: * no upstream changelog Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP2: zypper in -t patch openSUSE-2020-1829=1 Package List: - openSUSE Backports SLE-15-SP2 (aarch64 ppc64le s390x x86_64): gn-0.1807-bp152.2.3.4 gn-debuginfo-0.1807-bp152.2.3.4 gn-debugsource-0.1807-bp152.2.3.4 - openSUSE Backports SLE-15-SP2 (aarch64 x86_64): chromedriver-86.0.4240.183-bp152.2.26.1 chromium-86.0.4240.183-bp152.2.26.1 References: https://www.suse.com/security/cve/CVE-2020-15967.html https://www.suse.com/security/cve/CVE-2020-15968.html https://www.suse.com/security/cve/CVE-2020-15969.html https://www.suse.com/security/cve/CVE-2020-15970.html https://www.suse.com/security/cve/CVE-2020-15971.html https://www.suse.com/security/cve/CVE-2020-15972.html https://www.suse.com/security/cve/CVE-2020-15973.html https://www.suse.com/security/cve/CVE-2020-15974.html https://www.suse.com/security/cve/CVE-2020-15975.html https://www.suse.com/security/cve/CVE-2020-15976.html https://www.suse.com/security/cve/CVE-2020-15977.html https://www.suse.com/security/cve/CVE-2020-15978.html https://www.suse.com/security/cve/CVE-2020-15979.html https://www.suse.com/security/cve/CVE-2020-15980.html https://www.suse.com/security/cve/CVE-2020-15981.html https://www.suse.com/security/cve/CVE-2020-15982.html https://www.suse.com/security/cve/CVE-2020-15983.html https://www.suse.com/security/cve/CVE-2020-15984.html https://www.suse.com/security/cve/CVE-2020-15985.html https://www.suse.com/security/cve/CVE-2020-15986.html https://www.suse.com/security/cve/CVE-2020-15987.html https://www.suse.com/security/cve/CVE-2020-15988.html https://www.suse.com/security/cve/CVE-2020-15989.html https://www.suse.com/security/cve/CVE-2020-15990.html https://www.suse.com/security/cve/CVE-2020-15991.html https://www.suse.com/security/cve/CVE-2020-15992.html https://www.suse.com/security/cve/CVE-2020-15999.html https://www.suse.com/security/cve/CVE-2020-16000.html https://www.suse.com/security/cve/CVE-2020-16001.html https://www.suse.com/security/cve/CVE-2020-16002.html https://www.suse.com/security/cve/CVE-2020-16003.html https://www.suse.com/security/cve/CVE-2020-16004.html https://www.suse.com/security/cve/CVE-2020-16005.html https://www.suse.com/security/cve/CVE-2020-16006.html https://www.suse.com/security/cve/CVE-2020-16007.html https://www.suse.com/security/cve/CVE-2020-16008.html https://www.suse.com/security/cve/CVE-2020-16009.html https://www.suse.com/security/cve/CVE-2020-16011.html https://www.suse.com/security/cve/CVE-2020-6557.html https://bugzilla.suse.com/1177408 https://bugzilla.suse.com/1177936 https://bugzilla.suse.com/1178375 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security-announce+help@opensuse.org