openSUSE Security Update: Security update for chromium ______________________________________________________________________________ Announcement ID: openSUSE-SU-2020:2012-1 Rating: important References: #1178923 Cross-References: CVE-2019-8075 CVE-2020-16012 CVE-2020-16014 CVE-2020-16015 CVE-2020-16018 CVE-2020-16019 CVE-2020-16020 CVE-2020-16021 CVE-2020-16022 CVE-2020-16023 CVE-2020-16024 CVE-2020-16025 CVE-2020-16026 CVE-2020-16027 CVE-2020-16028 CVE-2020-16029 CVE-2020-16030 CVE-2020-16031 CVE-2020-16032 CVE-2020-16033 CVE-2020-16034 CVE-2020-16035 CVE-2020-16036 Affected Products: openSUSE Backports SLE-15-SP2 ______________________________________________________________________________ An update that fixes 23 vulnerabilities is now available. Description: This update for chromium fixes the following issues: - Update to 87.0.4280.66 (boo#1178923) - Wayland support by default - CVE-2020-16018: Use after free in payments. - CVE-2020-16019: Inappropriate implementation in filesystem. - CVE-2020-16020: Inappropriate implementation in cryptohome. - CVE-2020-16021: Race in ImageBurner. - CVE-2020-16022: Insufficient policy enforcement in networking. - CVE-2020-16015: Insufficient data validation in WASM. R - CVE-2020-16014: Use after free in PPAPI. - CVE-2020-16023: Use after free in WebCodecs. - CVE-2020-16024: Heap buffer overflow in UI. - CVE-2020-16025: Heap buffer overflow in clipboard. - CVE-2020-16026: Use after free in WebRTC. - CVE-2020-16027: Insufficient policy enforcement in developer tools. R - CVE-2020-16028: Heap buffer overflow in WebRTC. - CVE-2020-16029: Inappropriate implementation in PDFium. - CVE-2020-16030: Insufficient data validation in Blink. - CVE-2019-8075: Insufficient data validation in Flash. - CVE-2020-16031: Incorrect security UI in tab preview. - CVE-2020-16032: Incorrect security UI in sharing. - CVE-2020-16033: Incorrect security UI in WebUSB. - CVE-2020-16034: Inappropriate implementation in WebRTC. - CVE-2020-16035: Insufficient data validation in cros-disks. - CVE-2020-16012: Side-channel information leakage in graphics. - CVE-2020-16036: Inappropriate implementation in cookies. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP2: zypper in -t patch openSUSE-2020-2012=1 Package List: - openSUSE Backports SLE-15-SP2 (aarch64 x86_64): chromedriver-87.0.4280.66-bp152.2.32.1 chromium-87.0.4280.66-bp152.2.32.1 References: https://www.suse.com/security/cve/CVE-2019-8075.html https://www.suse.com/security/cve/CVE-2020-16012.html https://www.suse.com/security/cve/CVE-2020-16014.html https://www.suse.com/security/cve/CVE-2020-16015.html https://www.suse.com/security/cve/CVE-2020-16018.html https://www.suse.com/security/cve/CVE-2020-16019.html https://www.suse.com/security/cve/CVE-2020-16020.html https://www.suse.com/security/cve/CVE-2020-16021.html https://www.suse.com/security/cve/CVE-2020-16022.html https://www.suse.com/security/cve/CVE-2020-16023.html https://www.suse.com/security/cve/CVE-2020-16024.html https://www.suse.com/security/cve/CVE-2020-16025.html https://www.suse.com/security/cve/CVE-2020-16026.html https://www.suse.com/security/cve/CVE-2020-16027.html https://www.suse.com/security/cve/CVE-2020-16028.html https://www.suse.com/security/cve/CVE-2020-16029.html https://www.suse.com/security/cve/CVE-2020-16030.html https://www.suse.com/security/cve/CVE-2020-16031.html https://www.suse.com/security/cve/CVE-2020-16032.html https://www.suse.com/security/cve/CVE-2020-16033.html https://www.suse.com/security/cve/CVE-2020-16034.html https://www.suse.com/security/cve/CVE-2020-16035.html https://www.suse.com/security/cve/CVE-2020-16036.html https://bugzilla.suse.com/1178923