openSUSE-SU-2020:1705-1

See a problem?
Import Source
https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2020:1705-1.json
JSON Data
https://api.osv.dev/v1/vulns/openSUSE-SU-2020:1705-1
Related
Published
2020-10-22T05:51:33Z
Modified
2020-10-22T05:51:33Z
Summary
Security update for chromium
Details

This update for chromium fixes the following issues:

-chromium was updated to 86.0.4240.75 (boo#1177408): - CVE-2020-15967: Fixed Use after free in payments. - CVE-2020-15968: Fixed Use after free in Blink. - CVE-2020-15969: Fixed Use after free in WebRTC. - CVE-2020-15970: Fixed Use after free in NFC. - CVE-2020-15971: Fixed Use after free in printing. - CVE-2020-15972: Fixed Use after free in audio. - CVE-2020-15990: Fixed Use after free in autofill. - CVE-2020-15991: Fixed Use after free in password manager. - CVE-2020-15973: Fixed Insufficient policy enforcement in extensions. - CVE-2020-15974: Fixed Integer overflow in Blink. - CVE-2020-15975: Fixed Integer overflow in SwiftShader. - CVE-2020-15976: Fixed Use after free in WebXR. - CVE-2020-6557: Fixed Inappropriate implementation in networking. - CVE-2020-15977: Fixed Insufficient data validation in dialogs. - CVE-2020-15978: Fixed Insufficient data validation in navigation. - CVE-2020-15979: Fixed Inappropriate implementation in V8. - CVE-2020-15980: Fixed Insufficient policy enforcement in Intents. - CVE-2020-15981: Fixed Out of bounds read in audio. - CVE-2020-15982: Fixed Side-channel information leakage in cache. - CVE-2020-15983: Fixed Insufficient data validation in webUI. - CVE-2020-15984: Fixed Insufficient policy enforcement in Omnibox. - CVE-2020-15985: Fixed Inappropriate implementation in Blink. - CVE-2020-15986: Fixed Integer overflow in media. - CVE-2020-15987: Fixed Use after free in WebRTC. - CVE-2020-15992: Fixed Insufficient policy enforcement in networking. - CVE-2020-15988: Fixed Insufficient policy enforcement in downloads. - CVE-2020-15989: Fixed Uninitialized Use in PDFium.

References

Affected packages

openSUSE:Leap 15.1 / chromium

Package

Name
chromium
Purl
purl:rpm/suse/chromium&distro=openSUSE%20Leap%2015.1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
86.0.4240.75-lp152.2.39.1

Ecosystem specific

{
    "binaries": [
        {
            "gn": "0.1807-lp152.2.3.1",
            "chromedriver": "86.0.4240.75-lp152.2.39.1",
            "chromium": "86.0.4240.75-lp152.2.39.1"
        }
    ]
}

openSUSE:Leap 15.1 / gn

Package

Name
gn
Purl
purl:rpm/suse/gn&distro=openSUSE%20Leap%2015.1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.1807-lp152.2.3.1

Ecosystem specific

{
    "binaries": [
        {
            "gn": "0.1807-lp152.2.3.1",
            "chromedriver": "86.0.4240.75-lp152.2.39.1",
            "chromium": "86.0.4240.75-lp152.2.39.1"
        }
    ]
}

openSUSE:Leap 15.2 / chromium

Package

Name
chromium
Purl
purl:rpm/suse/chromium&distro=openSUSE%20Leap%2015.2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
86.0.4240.75-lp152.2.39.1

Ecosystem specific

{
    "binaries": [
        {
            "gn": "0.1807-lp152.2.3.1",
            "chromedriver": "86.0.4240.75-lp152.2.39.1",
            "chromium": "86.0.4240.75-lp152.2.39.1"
        }
    ]
}

openSUSE:Leap 15.2 / gn

Package

Name
gn
Purl
purl:rpm/suse/gn&distro=openSUSE%20Leap%2015.2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.1807-lp152.2.3.1

Ecosystem specific

{
    "binaries": [
        {
            "gn": "0.1807-lp152.2.3.1",
            "chromedriver": "86.0.4240.75-lp152.2.39.1",
            "chromium": "86.0.4240.75-lp152.2.39.1"
        }
    ]
}