openSUSE Security Update: Security update for chromium
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2020:0823-1
Rating:             important
References:         #1170107 #1171910 #1171975 #1172496 
Cross-References:   CVE-2020-6463 CVE-2020-6465 CVE-2020-6466
                    CVE-2020-6467 CVE-2020-6468 CVE-2020-6469
                    CVE-2020-6470 CVE-2020-6471 CVE-2020-6472
                    CVE-2020-6473 CVE-2020-6474 CVE-2020-6475
                    CVE-2020-6476 CVE-2020-6477 CVE-2020-6478
                    CVE-2020-6479 CVE-2020-6480 CVE-2020-6481
                    CVE-2020-6482 CVE-2020-6483 CVE-2020-6484
                    CVE-2020-6485 CVE-2020-6486 CVE-2020-6487
                    CVE-2020-6488 CVE-2020-6489 CVE-2020-6490
                    CVE-2020-6491 CVE-2020-6493 CVE-2020-6494
                    CVE-2020-6495 CVE-2020-6496
Affected Products:
                    openSUSE Leap 15.1
______________________________________________________________________________

   An update that fixes 32 vulnerabilities is now available.

Description:

   This update for chromium fixes the following issues:

   Chromium was updated to 83.0.4103.97 (boo#1171910,bsc#1172496):

   * CVE-2020-6463: Use after free in ANGLE (boo#1170107 boo#1171975).
   * CVE-2020-6465: Use after free in reader mode. Reported by Woojin
     Oh(@pwn_expoit) of STEALIEN on 2020-04-21
   * CVE-2020-6466: Use after free in media. Reported by Zhe Jin from cdsrc
     of Qihoo 360 on 2020-04-26
   * CVE-2020-6467: Use after free in WebRTC. Reported by ZhanJia Song on
     2020-04-06
   * CVE-2020-6468: Type Confusion in V8. Reported by Chris Salls and Jake
     Corina of Seaside Security, Chani Jindal of Shellphish on 2020-04-30
   * CVE-2020-6469: Insufficient policy enforcement in developer tools.
     Reported by David Erceg on 2020-04-02
   * CVE-2020-6470: Insufficient validation of untrusted input in clipboard.
     Reported by Michał Bentkowski of Securitum on 2020-03-30
   * CVE-2020-6471: Insufficient policy enforcement in developer tools.
     Reported by David Erceg on 2020-03-08
   * CVE-2020-6472: Insufficient policy enforcement in developer tools.
     Reported by David Erceg on 2020-03-25
   * CVE-2020-6473: Insufficient policy enforcement in Blink. Reported by
     Soroush Karami and Panagiotis Ilia on 2020-02-06
   * CVE-2020-6474: Use after free in Blink. Reported by Zhe Jin from cdsrc
     of Qihoo 360 on 2020-03-07
   * CVE-2020-6475: Incorrect security UI in full screen. Reported by Khalil
     Zhani on 2019-10-31
   * CVE-2020-6476: Insufficient policy enforcement in tab strip. Reported by
     Alexandre Le Borgne on 2019-12-18
   * CVE-2020-6477: Inappropriate implementation in installer. Reported by
     RACK911 Labs on 2019-03-26
   * CVE-2020-6478: Inappropriate implementation in full screen. Reported by
     Khalil Zhani on 2019-12-24
   * CVE-2020-6479: Inappropriate implementation in sharing. Reported by
     Zhong Zhaochen of andsecurity.cn on 2020-01-14
   * CVE-2020-6480: Insufficient policy enforcement in enterprise. Reported
     by Marvin Witt on 2020-02-21
   * CVE-2020-6481: Insufficient policy enforcement in URL formatting.
     Reported by Rayyan Bijoora on 2020-04-07
   * CVE-2020-6482: Insufficient policy enforcement in developer tools.
     Reported by Abdulrahman Alqabandi (@qab) on 2017-12-17
   * CVE-2020-6483: Insufficient policy enforcement in payments. Reported by
     Jun Kokatsu, Microsoft Browser Vulnerability Research on 2019-05-23
   * CVE-2020-6484: Insufficient data validation in ChromeDriver. Reported by
     Artem Zinenko on 2020-01-26
   * CVE-2020-6485: Insufficient data validation in media router. Reported by
     Sergei Glazunov of Google Project Zero on 2020-01-30
   * CVE-2020-6486: Insufficient policy enforcement in navigations. Reported
     by David Erceg on 2020-02-24
   * CVE-2020-6487: Insufficient policy enforcement in downloads. Reported by
     Jun Kokatsu (@shhnjk) on 2015-10-06
   * CVE-2020-6488: Insufficient policy enforcement in downloads. Reported by
     David Erceg on 2020-01-21
   * CVE-2020-6489: Inappropriate implementation in developer tools. Reported
     by @lovasoa (Ophir LOJKINE) on 2020-02-10
   * CVE-2020-6490: Insufficient data validation in loader. Reported by
     Twitter on 2019-12-19
   * CVE-2020-6491: Incorrect security UI in site information. Reported by
     Sultan Haikal M.A on 2020-02-07
   * CVE-2020-6493: Use after free in WebAuthentication.
   * CVE-2020-6494: Incorrect security UI in payments.
   * CVE-2020-6495: Insufficient policy enforcement in developer tools.
   * CVE-2020-6496: Use after free in payments.


Patch Instructions:

   To install this openSUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - openSUSE Leap 15.1:

      zypper in -t patch openSUSE-2020-823=1



Package List:

   - openSUSE Leap 15.1 (x86_64):

      chromedriver-83.0.4103.97-lp151.2.96.1
      chromedriver-debuginfo-83.0.4103.97-lp151.2.96.1
      chromium-83.0.4103.97-lp151.2.96.1
      chromium-debuginfo-83.0.4103.97-lp151.2.96.1
      chromium-debugsource-83.0.4103.97-lp151.2.96.1


References:

   https://www.suse.com/security/cve/CVE-2020-6463.html
   https://www.suse.com/security/cve/CVE-2020-6465.html
   https://www.suse.com/security/cve/CVE-2020-6466.html
   https://www.suse.com/security/cve/CVE-2020-6467.html
   https://www.suse.com/security/cve/CVE-2020-6468.html
   https://www.suse.com/security/cve/CVE-2020-6469.html
   https://www.suse.com/security/cve/CVE-2020-6470.html
   https://www.suse.com/security/cve/CVE-2020-6471.html
   https://www.suse.com/security/cve/CVE-2020-6472.html
   https://www.suse.com/security/cve/CVE-2020-6473.html
   https://www.suse.com/security/cve/CVE-2020-6474.html
   https://www.suse.com/security/cve/CVE-2020-6475.html
   https://www.suse.com/security/cve/CVE-2020-6476.html
   https://www.suse.com/security/cve/CVE-2020-6477.html
   https://www.suse.com/security/cve/CVE-2020-6478.html
   https://www.suse.com/security/cve/CVE-2020-6479.html
   https://www.suse.com/security/cve/CVE-2020-6480.html
   https://www.suse.com/security/cve/CVE-2020-6481.html
   https://www.suse.com/security/cve/CVE-2020-6482.html
   https://www.suse.com/security/cve/CVE-2020-6483.html
   https://www.suse.com/security/cve/CVE-2020-6484.html
   https://www.suse.com/security/cve/CVE-2020-6485.html
   https://www.suse.com/security/cve/CVE-2020-6486.html
   https://www.suse.com/security/cve/CVE-2020-6487.html
   https://www.suse.com/security/cve/CVE-2020-6488.html
   https://www.suse.com/security/cve/CVE-2020-6489.html
   https://www.suse.com/security/cve/CVE-2020-6490.html
   https://www.suse.com/security/cve/CVE-2020-6491.html
   https://www.suse.com/security/cve/CVE-2020-6493.html
   https://www.suse.com/security/cve/CVE-2020-6494.html
   https://www.suse.com/security/cve/CVE-2020-6495.html
   https://www.suse.com/security/cve/CVE-2020-6496.html
   https://bugzilla.suse.com/1170107
   https://bugzilla.suse.com/1171910
   https://bugzilla.suse.com/1171975
   https://bugzilla.suse.com/1172496

--

openSUSE: 2020:0823-1: important: chromium

June 17, 2020
An update that fixes 32 vulnerabilities is now available.

Description

This update for chromium fixes the following issues: Chromium was updated to 83.0.4103.97 (boo#1171910,bsc#1172496): * CVE-2020-6463: Use after free in ANGLE (boo#1170107 boo#1171975). * CVE-2020-6465: Use after free in reader mode. Reported by Woojin Oh(@pwn_expoit) of STEALIEN on 2020-04-21 * CVE-2020-6466: Use after free in media. Reported by Zhe Jin from cdsrc of Qihoo 360 on 2020-04-26 * CVE-2020-6467: Use after free in WebRTC. Reported by ZhanJia Song on 2020-04-06 * CVE-2020-6468: Type Confusion in V8. Reported by Chris Salls and Jake Corina of Seaside Security, Chani Jindal of Shellphish on 2020-04-30 * CVE-2020-6469: Insufficient policy enforcement in developer tools. Reported by David Erceg on 2020-04-02 * CVE-2020-6470: Insufficient validation of untrusted input in clipboard. Reported by Michał Bentkowski of Securitum on 2020-03-30 * CVE-2020-6471: Insufficient policy enforcement in developer tools. Reporte...

Read the Full Advisory

 

Patch

Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.1: zypper in -t patch openSUSE-2020-823=1


Package List

- openSUSE Leap 15.1 (x86_64): chromedriver-83.0.4103.97-lp151.2.96.1 chromedriver-debuginfo-83.0.4103.97-lp151.2.96.1 chromium-83.0.4103.97-lp151.2.96.1 chromium-debuginfo-83.0.4103.97-lp151.2.96.1 chromium-debugsource-83.0.4103.97-lp151.2.96.1


References

https://www.suse.com/security/cve/CVE-2020-6463.html https://www.suse.com/security/cve/CVE-2020-6465.html https://www.suse.com/security/cve/CVE-2020-6466.html https://www.suse.com/security/cve/CVE-2020-6467.html https://www.suse.com/security/cve/CVE-2020-6468.html https://www.suse.com/security/cve/CVE-2020-6469.html https://www.suse.com/security/cve/CVE-2020-6470.html https://www.suse.com/security/cve/CVE-2020-6471.html https://www.suse.com/security/cve/CVE-2020-6472.html https://www.suse.com/security/cve/CVE-2020-6473.html https://www.suse.com/security/cve/CVE-2020-6474.html https://www.suse.com/security/cve/CVE-2020-6475.html https://www.suse.com/security/cve/CVE-2020-6476.html https://www.suse.com/security/cve/CVE-2020-6477.html https://www.suse.com/security/cve/CVE-2020-6478.html https://www.suse.com/security/cve/CVE-2020-6479.html https://www.suse.com/security/cve/CVE-2020-6480.html https://www.suse.com/security/cve/CVE-2020-6481.html https://www.suse.com/security/cve/CVE-2020-6482.html https://www.suse.com/security/cve/CVE-2020-6483.html https://www.suse.com/security/cve/CVE-2020-6484.html https://www.suse.com/security/cve/CVE-2020-6485.html https://www.suse.com/security/cve/CVE-2020-6486.html https://www.suse.com/security/cve/CVE-2020-6487.html https://www.suse.com/security/cve/CVE-2020-6488.html https://www.suse.com/security/cve/CVE-2020-6489.html https://www.suse.com/security/cve/CVE-2020-6490.html https://www.suse.com/security/cve/CVE-2020-6491.html https://www.suse.com/security/cve/CVE-2020-6493.html https://www.suse.com/security/cve/CVE-2020-6494.html https://www.suse.com/security/cve/CVE-2020-6495.html https://www.suse.com/security/cve/CVE-2020-6496.html https://bugzilla.suse.com/1170107 https://bugzilla.suse.com/1171910 https://bugzilla.suse.com/1171975 https://bugzilla.suse.com/1172496--


Severity
Announcement ID: openSUSE-SU-2020:0823-1
Rating: important
Affected Products: openSUSE Leap 15.1

Related News

The End of the Road for Linux 6.11: A Call to Upgrade to Kernel 6.12
3 - 5 min read
The Linux kernel community recently issued an EOL announcement regarding the 6.11 kernel series, urging sysadmins to upgrade quickly to 6.12 . This
A Linux Admin
3 - 6 min read
As 2025 approaches, we Linux admins are facing new and often unseen cloud-native security obstacles. While skilled at mitigating known risks,
Leveraging Insights from the Linux Foundation
3 - 5 min read
The Linux Foundation's recent Census III report provides critical insights for Linux administrators, information security professionals, and anyone
Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns
3 - 6 min read
Google recently unveiled a critical security update to their popular web browser, Google Chrome, addressing over a dozen significant security
From Wayland Fixes to Security Boosts: Examining Qt 6.8.1
3 - 6 min read
The recent Qt 6.8.1 release brings significant updates and improvements, strengthening its reputation as a secure and reliable application
Exploring Arch Linux 2024.12.01: Security Implications & Notable Enhancements for Linux Admins
3 - 6 min read
The Arch Linux 2024.12.01 ISO release marks an impressive milestone, offering cutting-edge updates that enhance functionality, streamline
Deck the Halls with Enhanced Security: Linux Kernel 6.13
3 - 5 min read
As Linux admins and infosec professionals prepare for the holiday season, there's much cause for celebration this year! Linus Torvalds recently made
Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions
3 - 5 min read
New Linux security threats mark critical junctures that challenge existing policies and test security protocols to their limit. One such milestone

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved