openSUSE-SU-2019:1815-1

Опубликовано: 30 июл. 2019

Источник: suse-cvrf

Описание

Security update for chromium

This update for chromium to version 75.0.3770.142 fixes the following issues:

Security issue fixed:

CVE-2019-5847: V8 sealed/frozen elements cause crash (boo#1141649).
CVE-2019-5848: Font sizes may expose sensitive information (boo#1141649).
CVE-2018-20073: Fixed information leaks of URL metadata nad passwords via extended filesystem attributes (boo#1120892).

Non-security fix:

Fixed a segfault on startup (boo#1141102).

Список пакетов

SUSE Package Hub 12 SP3

chromedriver-75.0.3770.142-bp150.217.1

chromium-75.0.3770.142-bp150.217.1

SUSE Package Hub 15

chromedriver-75.0.3770.142-bp150.217.1

chromium-75.0.3770.142-bp150.217.1

openSUSE Leap 15.0

chromedriver-75.0.3770.142-bp150.217.1

chromium-75.0.3770.142-bp150.217.1

openSUSE Leap 15.1

chromedriver-75.0.3770.142-bp150.217.1

chromium-75.0.3770.142-bp150.217.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QBUTQGT5EGYXQFXUPYOVOED4F3CGE2MV/#QBUTQGT5EGYXQFXUPYOVOED4F3CGE2MV
E-Mail link for openSUSE-SU-2019:1815-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1120892
SUSE Bug 1120892
https://bugzilla.suse.com/1141102
SUSE Bug 1141102
https://bugzilla.suse.com/1141649
SUSE Bug 1141649
https://www.suse.com/security/cve/CVE-2018-20073/
SUSE CVE CVE-2018-20073 page
https://www.suse.com/security/cve/CVE-2019-5847/
SUSE CVE CVE-2019-5847 page
https://www.suse.com/security/cve/CVE-2019-5848/
SUSE CVE CVE-2019-5848 page

Описание

Use of extended attributes in downloads in Google Chrome prior to 72.0.3626.81 allowed a local attacker to read download URLs via the filesystem.

Затронутые продукты

SUSE Package Hub 12 SP3:chromedriver-75.0.3770.142-bp150.217.1

SUSE Package Hub 12 SP3:chromium-75.0.3770.142-bp150.217.1

SUSE Package Hub 15:chromedriver-75.0.3770.142-bp150.217.1

SUSE Package Hub 15:chromium-75.0.3770.142-bp150.217.1

Ссылки

https://www.suse.com/security/cve/CVE-2018-20073.html
CVE-2018-20073
https://bugzilla.suse.com/1120892
SUSE Bug 1120892

Описание

Inappropriate implementation in JavaScript in Google Chrome prior to 75.0.3770.142 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Затронутые продукты

SUSE Package Hub 12 SP3:chromedriver-75.0.3770.142-bp150.217.1

SUSE Package Hub 12 SP3:chromium-75.0.3770.142-bp150.217.1

SUSE Package Hub 15:chromedriver-75.0.3770.142-bp150.217.1

SUSE Package Hub 15:chromium-75.0.3770.142-bp150.217.1

Ссылки

https://www.suse.com/security/cve/CVE-2019-5847.html
CVE-2019-5847
https://bugzilla.suse.com/1141649
SUSE Bug 1141649

Описание

Incorrect font handling in autofill in Google Chrome prior to 75.0.3770.142 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

Затронутые продукты

SUSE Package Hub 12 SP3:chromedriver-75.0.3770.142-bp150.217.1

SUSE Package Hub 12 SP3:chromium-75.0.3770.142-bp150.217.1

SUSE Package Hub 15:chromedriver-75.0.3770.142-bp150.217.1

SUSE Package Hub 15:chromium-75.0.3770.142-bp150.217.1

Ссылки

https://www.suse.com/security/cve/CVE-2019-5848.html
CVE-2019-5848
https://bugzilla.suse.com/1141649
SUSE Bug 1141649

openSUSE-SU-2019:1815-1

Описание

Список пакетов

SUSE Package Hub 12 SP3

SUSE Package Hub 15

openSUSE Leap 15.0

openSUSE Leap 15.1

Ссылки

Уязвимость: CVE-2018-20073

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2019-5847

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2019-5848

Описание

Затронутые продукты

Ссылки