openSUSE-SU-2019:2420-1

See a problem?
Import Source
https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2019:2420-1.json
JSON Data
https://api.osv.dev/v1/vulns/openSUSE-SU-2019:2420-1
Related
Published
2019-11-01T20:24:26Z
Modified
2019-11-01T20:24:26Z
Summary
Security update for chromium, re2
Details

This update for chromium, re2 fixes the following issues:

Chromium was updated to 78.0.3904.70 boo#1154806:

  • CVE-2019-13699: Use-after-free in media
  • CVE-2019-13700: Buffer overrun in Blink
  • CVE-2019-13701: URL spoof in navigation
  • CVE-2019-13702: Privilege elevation in Installer
  • CVE-2019-13703: URL bar spoofing
  • CVE-2019-13704: CSP bypass
  • CVE-2019-13705: Extension permission bypass
  • CVE-2019-13706: Out-of-bounds read in PDFium
  • CVE-2019-13707: File storage disclosure
  • CVE-2019-13708: HTTP authentication spoof
  • CVE-2019-13709: File download protection bypass
  • CVE-2019-13710: File download protection bypass
  • CVE-2019-13711: Cross-context information leak
  • CVE-2019-15903: Buffer overflow in expat
  • CVE-2019-13713: Cross-origin data leak
  • CVE-2019-13714: CSS injection
  • CVE-2019-13715: Address bar spoofing
  • CVE-2019-13716: Service worker state error
  • CVE-2019-13717: Notification obscured
  • CVE-2019-13718: IDN spoof
  • CVE-2019-13719: Notification obscured

  • Various fixes from internal audits, fuzzing and other initiatives

  • Use internal resources for icon and appdata

References

Affected packages

openSUSE:Leap 15.0 / chromium

Package

Name
chromium
Purl
purl:rpm/suse/chromium&distro=openSUSE%20Leap%2015.0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
78.0.3904.70-lp151.2.39.1

Ecosystem specific 

{
    "binaries": [
        {
            "re2-devel": "20190901-lp151.10.3.1",
            "libre2-0-32bit": "20190901-lp151.10.3.1",
            "chromedriver": "78.0.3904.70-lp151.2.39.1",
            "chromium": "78.0.3904.70-lp151.2.39.1",
            "libre2-0": "20190901-lp151.10.3.1"
        }
    ]
}

openSUSE:Leap 15.0 / re2

Package

Name
re2
Purl
purl:rpm/suse/re2&distro=openSUSE%20Leap%2015.0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
20190901-lp151.10.3.1

Ecosystem specific 

{
    "binaries": [
        {
            "re2-devel": "20190901-lp151.10.3.1",
            "libre2-0-32bit": "20190901-lp151.10.3.1",
            "chromedriver": "78.0.3904.70-lp151.2.39.1",
            "chromium": "78.0.3904.70-lp151.2.39.1",
            "libre2-0": "20190901-lp151.10.3.1"
        }
    ]
}

openSUSE:Leap 15.1 / chromium

Package

Name
chromium
Purl
purl:rpm/suse/chromium&distro=openSUSE%20Leap%2015.1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
78.0.3904.70-lp151.2.39.1

Ecosystem specific 

{
    "binaries": [
        {
            "re2-devel": "20190901-lp151.10.3.1",
            "libre2-0-32bit": "20190901-lp151.10.3.1",
            "chromedriver": "78.0.3904.70-lp151.2.39.1",
            "chromium": "78.0.3904.70-lp151.2.39.1",
            "libre2-0": "20190901-lp151.10.3.1"
        }
    ]
}

openSUSE:Leap 15.1 / re2

Package

Name
re2
Purl
purl:rpm/suse/re2&distro=openSUSE%20Leap%2015.1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
20190901-lp151.10.3.1

Ecosystem specific 

{
    "binaries": [
        {
            "re2-devel": "20190901-lp151.10.3.1",
            "libre2-0-32bit": "20190901-lp151.10.3.1",
            "chromedriver": "78.0.3904.70-lp151.2.39.1",
            "chromium": "78.0.3904.70-lp151.2.39.1",
            "libre2-0": "20190901-lp151.10.3.1"
        }
    ]
}