SUSE Package Hub - openSUSE-2020-233

Update Info

openSUSE-2020-233

Security update for chromium, re2

Type: security

Severity: important

Issued: 2020-02-19

Description:

This update for chromium, re2 fixes the following issues:

- Update to 80.0.3987.87 boo#1162833:
  * CVE-2020-6381: Integer overflow in JavaScript
  * CVE-2020-6382: Type Confusion in JavaScript
  * CVE-2019-18197: Multiple vulnerabilities in XML
  * CVE-2019-19926: Inappropriate implementation in SQLite
  * CVE-2020-6385: Insufficient policy enforcement in storage
  * CVE-2019-19880, CVE-2019-19925: Multiple vulnerabilities in SQLite
  * CVE-2020-6387: Out of bounds write in WebRTC
  * CVE-2020-6388: Out of bounds memory access in WebAudio
  * CVE-2020-6389: Out of bounds write in WebRTC
  * CVE-2020-6390: Out of bounds memory access in streams
  * CVE-2020-6391: Insufficient validation of untrusted input in Blink
  * CVE-2020-6392: Insufficient policy enforcement in extensions
  * CVE-2020-6393: Insufficient policy enforcement in Blink
  * CVE-2020-6394: Insufficient policy enforcement in Blink
  * CVE-2020-6395: Out of bounds read in JavaScript
  * CVE-2020-6396: Inappropriate implementation in Skia
  * CVE-2020-6397: Incorrect security UI in sharing
  * CVE-2020-6398: Uninitialized use in PDFium
  * CVE-2020-6399: Insufficient policy enforcement in AppCache
  * CVE-2020-6400: Inappropriate implementation in CORS
  * CVE-2020-6401: Insufficient validation of untrusted input in Omnibox
  * CVE-2020-6402: Insufficient policy enforcement in downloads
  * CVE-2020-6403: Incorrect security UI in Omnibox
  * CVE-2020-6404: Inappropriate implementation in Blink
  * CVE-2020-6405: Out of bounds read in SQLite
  * CVE-2020-6406: Use after free in audio
  * CVE-2019-19923: Out of bounds memory access in SQLite
  * CVE-2020-6408: Insufficient policy enforcement in CORS
  * CVE-2020-6409: Inappropriate implementation in Omnibox
  * CVE-2020-6410: Insufficient policy enforcement in navigation
  * CVE-2020-6411: Insufficient validation of untrusted input in Omnibox
  * CVE-2020-6412: Insufficient validation of untrusted input in Omnibox
  * CVE-2020-6413: Inappropriate implementation in Blink
  * CVE-2020-6414: Insufficient policy enforcement in Safe Browsing
  * CVE-2020-6415: Inappropriate implementation in JavaScript
  * CVE-2020-6416: Insufficient data validation in streams
  * CVE-2020-6417: Inappropriate implementation in installer

re2 was updated to fix:

Update to 2020-01-01:

* various developer visible changes

Update to 2019-12-01:

* fix latent bugs and undefined behavior

Update to 2019-11-01:

* new benchmark API

Update to 2019-09-01:

* build system fixes

Update to 2019-08-01:

* Update Unicode data to 12.1.0
* Various developer visible changes

Update to 2019-07-01:

* developer visible changes

References

CVE: CVE-2020-6417
CVE: CVE-2020-6416
CVE: CVE-2020-6415
CVE: CVE-2020-6414
CVE: CVE-2020-6413
CVE: CVE-2020-6412
CVE: CVE-2020-6411
CVE: CVE-2020-6410
CVE: CVE-2020-6409
CVE: CVE-2020-6408
CVE: CVE-2020-6406
CVE: CVE-2020-6405
CVE: CVE-2020-6404
CVE: CVE-2020-6403
CVE: CVE-2020-6402
CVE: CVE-2020-6401
CVE: CVE-2020-6400
CVE: CVE-2020-6399
CVE: CVE-2020-6398
CVE: CVE-2020-6397
CVE: CVE-2020-6396
CVE: CVE-2020-6395
CVE: CVE-2020-6394
CVE: CVE-2020-6393
CVE: CVE-2020-6392
CVE: CVE-2020-6391
CVE: CVE-2020-6390
CVE: CVE-2020-6389
CVE: CVE-2020-6388
CVE: CVE-2020-6387
CVE: CVE-2020-6385
CVE: CVE-2020-6382
CVE: CVE-2020-6381
CVE: CVE-2019-19926
CVE: CVE-2019-19925
CVE: CVE-2019-19923
CVE: CVE-2019-19880
CVE: CVE-2019-18197
Bugzilla: 1162833 VUL-0: chromium: update to 80.0.3987.87

Packages

chromium-80.0.3987.87-31.1