Lucene search

K
suseSuseOPENSUSE-SU-2020:0233-1
HistoryFeb 19, 2020 - 12:00 a.m.

Security update for chromium, re2 (important)

2020-02-1900:00:00
lists.opensuse.org
69
chromium
re2
38 vulnerabilities
javascript
type confusion
xml
sqlite
webrtc
webaudio
storage
blink
extensions
skia
pdfium
appcache
cors
omnibox
pdfium
appcache
cors
navigation
safe browsing
unicode
benchmark api
build system
unicode data
suse
yast online_update
zypper patch

EPSS

0.192

Percentile

96.4%

An update that fixes 38 vulnerabilities is now available.

Description:

This update for chromium, re2 fixes the following issues:

  • Update to 80.0.3987.87 boo#1162833:
    • CVE-2020-6381: Integer overflow in JavaScript
    • CVE-2020-6382: Type Confusion in JavaScript
    • CVE-2019-18197: Multiple vulnerabilities in XML
    • CVE-2019-19926: Inappropriate implementation in SQLite
    • CVE-2020-6385: Insufficient policy enforcement in storage
    • CVE-2019-19880, CVE-2019-19925: Multiple vulnerabilities in SQLite
    • CVE-2020-6387: Out of bounds write in WebRTC
    • CVE-2020-6388: Out of bounds memory access in WebAudio
    • CVE-2020-6389: Out of bounds write in WebRTC
    • CVE-2020-6390: Out of bounds memory access in streams
    • CVE-2020-6391: Insufficient validation of untrusted input in Blink
    • CVE-2020-6392: Insufficient policy enforcement in extensions
    • CVE-2020-6393: Insufficient policy enforcement in Blink
    • CVE-2020-6394: Insufficient policy enforcement in Blink
    • CVE-2020-6395: Out of bounds read in JavaScript
    • CVE-2020-6396: Inappropriate implementation in Skia
    • CVE-2020-6397: Incorrect security UI in sharing
    • CVE-2020-6398: Uninitialized use in PDFium
    • CVE-2020-6399: Insufficient policy enforcement in AppCache
    • CVE-2020-6400: Inappropriate implementation in CORS
    • CVE-2020-6401: Insufficient validation of untrusted input in Omnibox
    • CVE-2020-6402: Insufficient policy enforcement in downloads
    • CVE-2020-6403: Incorrect security UI in Omnibox
    • CVE-2020-6404: Inappropriate implementation in Blink
    • CVE-2020-6405: Out of bounds read in SQLite
    • CVE-2020-6406: Use after free in audio
    • CVE-2019-19923: Out of bounds memory access in SQLite
    • CVE-2020-6408: Insufficient policy enforcement in CORS
    • CVE-2020-6409: Inappropriate implementation in Omnibox
    • CVE-2020-6410: Insufficient policy enforcement in navigation
    • CVE-2020-6411: Insufficient validation of untrusted input in Omnibox
    • CVE-2020-6412: Insufficient validation of untrusted input in Omnibox
    • CVE-2020-6413: Inappropriate implementation in Blink
    • CVE-2020-6414: Insufficient policy enforcement in Safe Browsing
    • CVE-2020-6415: Inappropriate implementation in JavaScript
    • CVE-2020-6416: Insufficient data validation in streams
    • CVE-2020-6417: Inappropriate implementation in installer

re2 was updated to fix:

Update to 2020-01-01:

  • various developer visible changes

Update to 2019-12-01:

  • fix latent bugs and undefined behavior

Update to 2019-11-01:

  • new benchmark API

Update to 2019-09-01:

  • build system fixes

Update to 2019-08-01:

  • Update Unicode data to 12.1.0
  • Various developer visible changes

Update to 2019-07-01:

  • developer visible changes

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

  • SUSE Package Hub for SUSE Linux Enterprise 12:

    zypper in -t patch openSUSE-2020-233=1