SuseOPENSUSE-SU-2020:1705-1Security update for chromium (critical)
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
An update that fixes 27 vulnerabilities is now available.
Description:
This update for chromium fixes the following issues:
-chromium was updated to 86.0.4240.75 (boo#1177408):
- CVE-2020-15967: Fixed Use after free in payments.
- CVE-2020-15968: Fixed Use after free in Blink.
- CVE-2020-15969: Fixed Use after free in WebRTC.
- CVE-2020-15970: Fixed Use after free in NFC.
- CVE-2020-15971: Fixed Use after free in printing.
- CVE-2020-15972: Fixed Use after free in audio.
- CVE-2020-15990: Fixed Use after free in autofill.
- CVE-2020-15991: Fixed Use after free in password manager.
- CVE-2020-15973: Fixed Insufficient policy enforcement in extensions.
- CVE-2020-15974: Fixed Integer overflow in Blink.
- CVE-2020-15975: Fixed Integer overflow in SwiftShader.
- CVE-2020-15976: Fixed Use after free in WebXR.
- CVE-2020-6557: Fixed Inappropriate implementation in networking.
- CVE-2020-15977: Fixed Insufficient data validation in dialogs.
- CVE-2020-15978: Fixed Insufficient data validation in navigation.
- CVE-2020-15979: Fixed Inappropriate implementation in V8.
- CVE-2020-15980: Fixed Insufficient policy enforcement in Intents.
- CVE-2020-15981: Fixed Out of bounds read in audio.
- CVE-2020-15982: Fixed Side-channel information leakage in cache.
- CVE-2020-15983: Fixed Insufficient data validation in webUI.
- CVE-2020-15984: Fixed Insufficient policy enforcement in Omnibox.
- CVE-2020-15985: Fixed Inappropriate implementation in Blink.
- CVE-2020-15986: Fixed Integer overflow in media.
- CVE-2020-15987: Fixed Use after free in WebRTC.
- CVE-2020-15992: Fixed Insufficient policy enforcement in networking.
- CVE-2020-15988: Fixed Insufficient policy enforcement in downloads.
- CVE-2020-15989: Fixed Uninitialized Use in PDFium.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or βzypper patchβ.
Alternatively you can run the command listed for your product:
-
openSUSE Leap 15.2:
zypper in -t patch openSUSE-2020-1705=1
-
openSUSE Leap 15.1:
zypper in -t patch openSUSE-2020-1705=1
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| openSUSE Leap | 15.2 | x86_64 | <Β - openSUSE Leap 15.2 (x86_64): | - openSUSE Leap 15.2 (x86_64):.x86_64.rpm | |
| openSUSE Leap | 15.1 | x86_64 | <Β - openSUSE Leap 15.1 (x86_64): | - openSUSE Leap 15.1 (x86_64):.x86_64.rpm |
Related
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P