openSUSE-SU-2019:2424-1

See a problem?
Import Source
https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2019:2424-1.json
JSON Data
https://api.osv.dev/v1/vulns/openSUSE-SU-2019:2424-1
Related
Published
2019-11-02T20:24:39Z
Modified
2019-11-02T20:24:39Z
Summary
Security update for chromium, re2
Details

This update for chromium, re2 fixes the following issues:

Chromium was updated to 78.0.3904.70 boo#1154806:

  • CVE-2019-13699: Use-after-free in media
  • CVE-2019-13700: Buffer overrun in Blink
  • CVE-2019-13701: URL spoof in navigation
  • CVE-2019-13702: Privilege elevation in Installer
  • CVE-2019-13703: URL bar spoofing
  • CVE-2019-13704: CSP bypass
  • CVE-2019-13705: Extension permission bypass
  • CVE-2019-13706: Out-of-bounds read in PDFium
  • CVE-2019-13707: File storage disclosure
  • CVE-2019-13708: HTTP authentication spoof
  • CVE-2019-13709: File download protection bypass
  • CVE-2019-13710: File download protection bypass
  • CVE-2019-13711: Cross-context information leak
  • CVE-2019-15903: Buffer overflow in expat
  • CVE-2019-13713: Cross-origin data leak
  • CVE-2019-13714: CSS injection
  • CVE-2019-13715: Address bar spoofing
  • CVE-2019-13716: Service worker state error
  • CVE-2019-13717: Notification obscured
  • CVE-2019-13718: IDN spoof
  • CVE-2019-13719: Notification obscured

  • Various fixes from internal audits, fuzzing and other initiatives

  • Use internal resources for icon and appdata

This update was imported from the openSUSE:Leap:15.0:Update update project.

References

Affected packages

SUSE:Package Hub 15 / chromium

Package

Name
chromium
Purl
purl:rpm/suse/chromium&distro=SUSE%20Package%20Hub%2015

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
78.0.3904.70-bp150.240.1

Ecosystem specific 

{
    "binaries": [
        {
            "re2-devel": "20190901-bp150.25.1",
            "chromedriver": "78.0.3904.70-bp150.240.1",
            "chromium": "78.0.3904.70-bp150.240.1",
            "libre2-0-64bit": "20190901-bp150.25.1",
            "libre2-0": "20190901-bp150.25.1"
        }
    ]
}

SUSE:Package Hub 15 / re2

Package

Name
re2
Purl
purl:rpm/suse/re2&distro=SUSE%20Package%20Hub%2015

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
20190901-bp150.25.1

Ecosystem specific 

{
    "binaries": [
        {
            "re2-devel": "20190901-bp150.25.1",
            "chromedriver": "78.0.3904.70-bp150.240.1",
            "chromium": "78.0.3904.70-bp150.240.1",
            "libre2-0-64bit": "20190901-bp150.25.1",
            "libre2-0": "20190901-bp150.25.1"
        }
    ]
}