Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2019-5845 (GCVE-0-2019-5845)
Vulnerability from cvelistv5
Published
2020-01-03 22:35
Modified
2024-08-04 20:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Out of bounds memory access
Summary
Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T20:09:23.630Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://crbug.com/915197" }, { "name": "openSUSE-SU-2020:0004", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00002.html" }, { "name": "openSUSE-SU-2020:0006", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00004.html" }, { "name": "openSUSE-SU-2020:0009", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00007.html" }, { "name": "openSUSE-SU-2020:0053", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00023.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Chrome", "vendor": "Google", "versions": [ { "lessThan": "73.0.3683.75", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page." } ], "problemTypes": [ { "descriptions": [ { "description": "Out of bounds memory access", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-01-14T18:06:05", "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://crbug.com/915197" }, { "name": "openSUSE-SU-2020:0004", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00002.html" }, { "name": "openSUSE-SU-2020:0006", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00004.html" }, { "name": "openSUSE-SU-2020:0009", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00007.html" }, { "name": "openSUSE-SU-2020:0053", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00023.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@google.com", "ID": "CVE-2019-5845", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Chrome", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "73.0.3683.75" } ] } } ] }, "vendor_name": "Google" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Out of bounds memory access" } ] } ] }, "references": { "reference_data": [ { "name": "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html", "refsource": "MISC", "url": "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html" }, { "name": "https://crbug.com/915197", "refsource": "MISC", "url": "https://crbug.com/915197" }, { "name": "openSUSE-SU-2020:0004", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00002.html" }, { "name": "openSUSE-SU-2020:0006", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00004.html" }, { "name": "openSUSE-SU-2020:0009", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00007.html" }, { "name": "openSUSE-SU-2020:0053", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00023.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "assignerShortName": "Chrome", "cveId": "CVE-2019-5845", "datePublished": "2020-01-03T22:35:25", "dateReserved": "2019-01-09T00:00:00", "dateUpdated": "2024-08-04T20:09:23.630Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "vulnerability-lookup:meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2019-5845\",\"sourceIdentifier\":\"chrome-cve-admin@google.com\",\"published\":\"2020-01-03T23:15:12.523\",\"lastModified\":\"2024-11-21T04:45:37.823\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.\"},{\"lang\":\"es\",\"value\":\"Un acceso fuera de l\u00edmites en SwiftShader en Google Chrome versiones anteriores a la versi\u00f3n 73.0.3683.75, permiti\u00f3 a un atacante remoto explotar potencialmente una corrupci\u00f3n de la pila por medio de una p\u00e1gina HTML especialmente dise\u00f1ada.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:N/A:P\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"73.0.3683.75\",\"matchCriteriaId\":\"EA174888-9FEB-4029-8E0D-D6CFCF1A74F6\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"40513095-7E6E-46B3-B604-C926F1BA3568\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B620311B-34A3-48A6-82DF-6F078D7A4493\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00002.html\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00004.html\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00007.html\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00023.html\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://crbug.com/915197\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00002.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00004.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00007.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00023.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://crbug.com/915197\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}" } }
opensuse-su-2020:0004-1
Vulnerability from csaf_opensuse
Published
2020-01-10 05:15
Modified
2020-01-10 05:15
Summary
Security update for chromium
Notes
Title of the patch
Security update for chromium
Description of the patch
This update for chromium version 79.0.3945.117 fixes the following issues:
- CVE-2020-6377: Fixed a use-after-free in audio
- Various fixes from internal audits, fuzzing and other initiatives
Patchnames
openSUSE-2020-4
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ "document": { "aggregate_severity": { "namespace": "https://www.suse.com/support/security/rating/", "text": "important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright 2024 SUSE LLC. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Security update for chromium", "title": "Title of the patch" }, { "category": "description", "text": "This update for chromium version 79.0.3945.117 fixes the following issues:\n\n- CVE-2020-6377: Fixed a use-after-free in audio\n- Various fixes from internal audits, fuzzing and other initiatives\n", "title": "Description of the patch" }, { "category": "details", "text": "openSUSE-2020-4", "title": "Patchnames" }, { "category": "legal_disclaimer", "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", "title": "Terms of use" } ], "publisher": { "category": "vendor", "contact_details": "https://www.suse.com/support/security/contact/", "name": "SUSE Product Security Team", "namespace": "https://www.suse.com/" }, "references": [ { "category": "external", "summary": "SUSE ratings", "url": "https://www.suse.com/support/security/rating/" }, { "category": "self", "summary": "URL of this CSAF notice", "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2020_0004-1.json" }, { "category": "self", "summary": "URL for openSUSE-SU-2020:0004-1", "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/FGTAFK7Z5P43QK2XIDCPS3NFDROG5DQG/" }, { "category": "self", "summary": "E-Mail link for openSUSE-SU-2020:0004-1", "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/FGTAFK7Z5P43QK2XIDCPS3NFDROG5DQG/" }, { "category": "self", "summary": "SUSE Bug 1160337", "url": "https://bugzilla.suse.com/1160337" }, { "category": "self", "summary": "SUSE CVE CVE-2019-5844 page", "url": "https://www.suse.com/security/cve/CVE-2019-5844/" }, { "category": "self", "summary": "SUSE CVE CVE-2019-5845 page", "url": "https://www.suse.com/security/cve/CVE-2019-5845/" }, { "category": "self", "summary": "SUSE CVE CVE-2019-5846 page", "url": "https://www.suse.com/security/cve/CVE-2019-5846/" }, { "category": "self", "summary": "SUSE CVE CVE-2020-6377 page", "url": "https://www.suse.com/security/cve/CVE-2020-6377/" } ], "title": "Security update for chromium", "tracking": { "current_release_date": "2020-01-10T05:15:04Z", "generator": { "date": "2020-01-10T05:15:04Z", "engine": { "name": "cve-database.git:bin/generate-csaf.pl", "version": "1" } }, "id": "openSUSE-SU-2020:0004-1", "initial_release_date": "2020-01-10T05:15:04Z", "revision_history": [ { "date": "2020-01-10T05:15:04Z", "number": "1", "summary": "Current version" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version", "name": "chromedriver-79.0.3945.117-bp151.3.41.1.aarch64", "product": { "name": "chromedriver-79.0.3945.117-bp151.3.41.1.aarch64", "product_id": "chromedriver-79.0.3945.117-bp151.3.41.1.aarch64" } }, { "category": "product_version", "name": "chromium-79.0.3945.117-bp151.3.41.1.aarch64", "product": { "name": "chromium-79.0.3945.117-bp151.3.41.1.aarch64", "product_id": "chromium-79.0.3945.117-bp151.3.41.1.aarch64" } } ], "category": "architecture", "name": "aarch64" }, { "branches": [ { "category": "product_version", "name": "chromedriver-79.0.3945.117-bp151.3.41.1.x86_64", "product": { "name": "chromedriver-79.0.3945.117-bp151.3.41.1.x86_64", "product_id": "chromedriver-79.0.3945.117-bp151.3.41.1.x86_64" } }, { "category": "product_version", "name": "chromium-79.0.3945.117-bp151.3.41.1.x86_64", "product": { "name": "chromium-79.0.3945.117-bp151.3.41.1.x86_64", "product_id": "chromium-79.0.3945.117-bp151.3.41.1.x86_64" } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_name", "name": "SUSE Package Hub 12 SP3", "product": { "name": "SUSE Package Hub 12 SP3", "product_id": "SUSE Package Hub 12 SP3", "product_identification_helper": { "cpe": "cpe:/o:suse:packagehub:12:sp3" } } }, { "category": "product_name", "name": "SUSE Package Hub 15 SP1", "product": { "name": "SUSE Package Hub 15 SP1", "product_id": "SUSE Package Hub 15 SP1" } } ], "category": "product_family", "name": "SUSE Linux Enterprise" } ], "category": "vendor", "name": "SUSE" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "chromedriver-79.0.3945.117-bp151.3.41.1.aarch64 as component of SUSE Package Hub 12 SP3", "product_id": "SUSE Package Hub 12 SP3:chromedriver-79.0.3945.117-bp151.3.41.1.aarch64" }, "product_reference": "chromedriver-79.0.3945.117-bp151.3.41.1.aarch64", "relates_to_product_reference": "SUSE Package Hub 12 SP3" }, { "category": "default_component_of", "full_product_name": { "name": "chromedriver-79.0.3945.117-bp151.3.41.1.x86_64 as component of SUSE Package Hub 12 SP3", "product_id": "SUSE Package Hub 12 SP3:chromedriver-79.0.3945.117-bp151.3.41.1.x86_64" }, "product_reference": "chromedriver-79.0.3945.117-bp151.3.41.1.x86_64", "relates_to_product_reference": "SUSE Package Hub 12 SP3" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-79.0.3945.117-bp151.3.41.1.aarch64 as component of SUSE Package Hub 12 SP3", "product_id": "SUSE Package Hub 12 SP3:chromium-79.0.3945.117-bp151.3.41.1.aarch64" }, "product_reference": "chromium-79.0.3945.117-bp151.3.41.1.aarch64", "relates_to_product_reference": "SUSE Package Hub 12 SP3" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-79.0.3945.117-bp151.3.41.1.x86_64 as component of SUSE Package Hub 12 SP3", "product_id": "SUSE Package Hub 12 SP3:chromium-79.0.3945.117-bp151.3.41.1.x86_64" }, "product_reference": "chromium-79.0.3945.117-bp151.3.41.1.x86_64", "relates_to_product_reference": "SUSE Package Hub 12 SP3" }, { "category": "default_component_of", "full_product_name": { "name": "chromedriver-79.0.3945.117-bp151.3.41.1.aarch64 as component of SUSE Package Hub 15 SP1", "product_id": "SUSE Package Hub 15 SP1:chromedriver-79.0.3945.117-bp151.3.41.1.aarch64" }, "product_reference": "chromedriver-79.0.3945.117-bp151.3.41.1.aarch64", "relates_to_product_reference": "SUSE Package Hub 15 SP1" }, { "category": "default_component_of", "full_product_name": { "name": "chromedriver-79.0.3945.117-bp151.3.41.1.x86_64 as component of SUSE Package Hub 15 SP1", "product_id": "SUSE Package Hub 15 SP1:chromedriver-79.0.3945.117-bp151.3.41.1.x86_64" }, "product_reference": "chromedriver-79.0.3945.117-bp151.3.41.1.x86_64", "relates_to_product_reference": "SUSE Package Hub 15 SP1" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-79.0.3945.117-bp151.3.41.1.aarch64 as component of SUSE Package Hub 15 SP1", "product_id": "SUSE Package Hub 15 SP1:chromium-79.0.3945.117-bp151.3.41.1.aarch64" }, "product_reference": "chromium-79.0.3945.117-bp151.3.41.1.aarch64", "relates_to_product_reference": "SUSE Package Hub 15 SP1" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-79.0.3945.117-bp151.3.41.1.x86_64 as component of SUSE Package Hub 15 SP1", "product_id": "SUSE Package Hub 15 SP1:chromium-79.0.3945.117-bp151.3.41.1.x86_64" }, "product_reference": "chromium-79.0.3945.117-bp151.3.41.1.x86_64", "relates_to_product_reference": "SUSE Package Hub 15 SP1" } ] }, "vulnerabilities": [ { "cve": "CVE-2019-5844", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2019-5844" } ], "notes": [ { "category": "general", "text": "Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Package Hub 12 SP3:chromedriver-79.0.3945.117-bp151.3.41.1.aarch64", "SUSE Package Hub 12 SP3:chromedriver-79.0.3945.117-bp151.3.41.1.x86_64", "SUSE Package Hub 12 SP3:chromium-79.0.3945.117-bp151.3.41.1.aarch64", "SUSE Package Hub 12 SP3:chromium-79.0.3945.117-bp151.3.41.1.x86_64", "SUSE Package Hub 15 SP1:chromedriver-79.0.3945.117-bp151.3.41.1.aarch64", "SUSE Package Hub 15 SP1:chromedriver-79.0.3945.117-bp151.3.41.1.x86_64", "SUSE Package Hub 15 SP1:chromium-79.0.3945.117-bp151.3.41.1.aarch64", "SUSE Package Hub 15 SP1:chromium-79.0.3945.117-bp151.3.41.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2019-5844", "url": "https://www.suse.com/security/cve/CVE-2019-5844" }, { "category": "external", "summary": "SUSE Bug 1129059 for CVE-2019-5844", "url": "https://bugzilla.suse.com/1129059" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Package Hub 12 SP3:chromedriver-79.0.3945.117-bp151.3.41.1.aarch64", "SUSE Package Hub 12 SP3:chromedriver-79.0.3945.117-bp151.3.41.1.x86_64", "SUSE Package Hub 12 SP3:chromium-79.0.3945.117-bp151.3.41.1.aarch64", "SUSE Package Hub 12 SP3:chromium-79.0.3945.117-bp151.3.41.1.x86_64", "SUSE Package Hub 15 SP1:chromedriver-79.0.3945.117-bp151.3.41.1.aarch64", "SUSE Package Hub 15 SP1:chromedriver-79.0.3945.117-bp151.3.41.1.x86_64", "SUSE Package Hub 15 SP1:chromium-79.0.3945.117-bp151.3.41.1.aarch64", "SUSE Package Hub 15 SP1:chromium-79.0.3945.117-bp151.3.41.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "SUSE Package Hub 12 SP3:chromedriver-79.0.3945.117-bp151.3.41.1.aarch64", "SUSE Package Hub 12 SP3:chromedriver-79.0.3945.117-bp151.3.41.1.x86_64", "SUSE Package Hub 12 SP3:chromium-79.0.3945.117-bp151.3.41.1.aarch64", "SUSE Package Hub 12 SP3:chromium-79.0.3945.117-bp151.3.41.1.x86_64", "SUSE Package Hub 15 SP1:chromedriver-79.0.3945.117-bp151.3.41.1.aarch64", "SUSE Package Hub 15 SP1:chromedriver-79.0.3945.117-bp151.3.41.1.x86_64", "SUSE Package Hub 15 SP1:chromium-79.0.3945.117-bp151.3.41.1.aarch64", "SUSE Package Hub 15 SP1:chromium-79.0.3945.117-bp151.3.41.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2020-01-10T05:15:04Z", "details": "moderate" } ], "title": "CVE-2019-5844" }, { "cve": "CVE-2019-5845", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2019-5845" } ], "notes": [ { "category": "general", "text": "Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Package Hub 12 SP3:chromedriver-79.0.3945.117-bp151.3.41.1.aarch64", "SUSE Package Hub 12 SP3:chromedriver-79.0.3945.117-bp151.3.41.1.x86_64", "SUSE Package Hub 12 SP3:chromium-79.0.3945.117-bp151.3.41.1.aarch64", "SUSE Package Hub 12 SP3:chromium-79.0.3945.117-bp151.3.41.1.x86_64", "SUSE Package Hub 15 SP1:chromedriver-79.0.3945.117-bp151.3.41.1.aarch64", "SUSE Package Hub 15 SP1:chromedriver-79.0.3945.117-bp151.3.41.1.x86_64", "SUSE Package Hub 15 SP1:chromium-79.0.3945.117-bp151.3.41.1.aarch64", "SUSE Package Hub 15 SP1:chromium-79.0.3945.117-bp151.3.41.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2019-5845", "url": "https://www.suse.com/security/cve/CVE-2019-5845" }, { "category": "external", "summary": "SUSE Bug 1129059 for CVE-2019-5845", "url": "https://bugzilla.suse.com/1129059" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Package Hub 12 SP3:chromedriver-79.0.3945.117-bp151.3.41.1.aarch64", "SUSE Package Hub 12 SP3:chromedriver-79.0.3945.117-bp151.3.41.1.x86_64", "SUSE Package Hub 12 SP3:chromium-79.0.3945.117-bp151.3.41.1.aarch64", "SUSE Package Hub 12 SP3:chromium-79.0.3945.117-bp151.3.41.1.x86_64", "SUSE Package Hub 15 SP1:chromedriver-79.0.3945.117-bp151.3.41.1.aarch64", "SUSE Package Hub 15 SP1:chromedriver-79.0.3945.117-bp151.3.41.1.x86_64", "SUSE Package Hub 15 SP1:chromium-79.0.3945.117-bp151.3.41.1.aarch64", "SUSE Package Hub 15 SP1:chromium-79.0.3945.117-bp151.3.41.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "SUSE Package Hub 12 SP3:chromedriver-79.0.3945.117-bp151.3.41.1.aarch64", "SUSE Package Hub 12 SP3:chromedriver-79.0.3945.117-bp151.3.41.1.x86_64", "SUSE Package Hub 12 SP3:chromium-79.0.3945.117-bp151.3.41.1.aarch64", "SUSE Package Hub 12 SP3:chromium-79.0.3945.117-bp151.3.41.1.x86_64", "SUSE Package Hub 15 SP1:chromedriver-79.0.3945.117-bp151.3.41.1.aarch64", "SUSE Package Hub 15 SP1:chromedriver-79.0.3945.117-bp151.3.41.1.x86_64", "SUSE Package Hub 15 SP1:chromium-79.0.3945.117-bp151.3.41.1.aarch64", "SUSE Package Hub 15 SP1:chromium-79.0.3945.117-bp151.3.41.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2020-01-10T05:15:04Z", "details": "moderate" } ], "title": "CVE-2019-5845" }, { "cve": "CVE-2019-5846", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2019-5846" } ], "notes": [ { "category": "general", "text": "Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Package Hub 12 SP3:chromedriver-79.0.3945.117-bp151.3.41.1.aarch64", "SUSE Package Hub 12 SP3:chromedriver-79.0.3945.117-bp151.3.41.1.x86_64", "SUSE Package Hub 12 SP3:chromium-79.0.3945.117-bp151.3.41.1.aarch64", "SUSE Package Hub 12 SP3:chromium-79.0.3945.117-bp151.3.41.1.x86_64", "SUSE Package Hub 15 SP1:chromedriver-79.0.3945.117-bp151.3.41.1.aarch64", "SUSE Package Hub 15 SP1:chromedriver-79.0.3945.117-bp151.3.41.1.x86_64", "SUSE Package Hub 15 SP1:chromium-79.0.3945.117-bp151.3.41.1.aarch64", "SUSE Package Hub 15 SP1:chromium-79.0.3945.117-bp151.3.41.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2019-5846", "url": "https://www.suse.com/security/cve/CVE-2019-5846" }, { "category": "external", "summary": "SUSE Bug 1129059 for CVE-2019-5846", "url": "https://bugzilla.suse.com/1129059" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Package Hub 12 SP3:chromedriver-79.0.3945.117-bp151.3.41.1.aarch64", "SUSE Package Hub 12 SP3:chromedriver-79.0.3945.117-bp151.3.41.1.x86_64", "SUSE Package Hub 12 SP3:chromium-79.0.3945.117-bp151.3.41.1.aarch64", "SUSE Package Hub 12 SP3:chromium-79.0.3945.117-bp151.3.41.1.x86_64", "SUSE Package Hub 15 SP1:chromedriver-79.0.3945.117-bp151.3.41.1.aarch64", "SUSE Package Hub 15 SP1:chromedriver-79.0.3945.117-bp151.3.41.1.x86_64", "SUSE Package Hub 15 SP1:chromium-79.0.3945.117-bp151.3.41.1.aarch64", "SUSE Package Hub 15 SP1:chromium-79.0.3945.117-bp151.3.41.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "SUSE Package Hub 12 SP3:chromedriver-79.0.3945.117-bp151.3.41.1.aarch64", "SUSE Package Hub 12 SP3:chromedriver-79.0.3945.117-bp151.3.41.1.x86_64", "SUSE Package Hub 12 SP3:chromium-79.0.3945.117-bp151.3.41.1.aarch64", "SUSE Package Hub 12 SP3:chromium-79.0.3945.117-bp151.3.41.1.x86_64", "SUSE Package Hub 15 SP1:chromedriver-79.0.3945.117-bp151.3.41.1.aarch64", "SUSE Package Hub 15 SP1:chromedriver-79.0.3945.117-bp151.3.41.1.x86_64", "SUSE Package Hub 15 SP1:chromium-79.0.3945.117-bp151.3.41.1.aarch64", "SUSE Package Hub 15 SP1:chromium-79.0.3945.117-bp151.3.41.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2020-01-10T05:15:04Z", "details": "moderate" } ], "title": "CVE-2019-5846" }, { "cve": "CVE-2020-6377", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2020-6377" } ], "notes": [ { "category": "general", "text": "Use after free in audio in Google Chrome prior to 79.0.3945.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Package Hub 12 SP3:chromedriver-79.0.3945.117-bp151.3.41.1.aarch64", "SUSE Package Hub 12 SP3:chromedriver-79.0.3945.117-bp151.3.41.1.x86_64", "SUSE Package Hub 12 SP3:chromium-79.0.3945.117-bp151.3.41.1.aarch64", "SUSE Package Hub 12 SP3:chromium-79.0.3945.117-bp151.3.41.1.x86_64", "SUSE Package Hub 15 SP1:chromedriver-79.0.3945.117-bp151.3.41.1.aarch64", "SUSE Package Hub 15 SP1:chromedriver-79.0.3945.117-bp151.3.41.1.x86_64", "SUSE Package Hub 15 SP1:chromium-79.0.3945.117-bp151.3.41.1.aarch64", "SUSE Package Hub 15 SP1:chromium-79.0.3945.117-bp151.3.41.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2020-6377", "url": "https://www.suse.com/security/cve/CVE-2020-6377" }, { "category": "external", "summary": "SUSE Bug 1160337 for CVE-2020-6377", "url": "https://bugzilla.suse.com/1160337" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Package Hub 12 SP3:chromedriver-79.0.3945.117-bp151.3.41.1.aarch64", "SUSE Package Hub 12 SP3:chromedriver-79.0.3945.117-bp151.3.41.1.x86_64", "SUSE Package Hub 12 SP3:chromium-79.0.3945.117-bp151.3.41.1.aarch64", "SUSE Package Hub 12 SP3:chromium-79.0.3945.117-bp151.3.41.1.x86_64", "SUSE Package Hub 15 SP1:chromedriver-79.0.3945.117-bp151.3.41.1.aarch64", "SUSE Package Hub 15 SP1:chromedriver-79.0.3945.117-bp151.3.41.1.x86_64", "SUSE Package Hub 15 SP1:chromium-79.0.3945.117-bp151.3.41.1.aarch64", "SUSE Package Hub 15 SP1:chromium-79.0.3945.117-bp151.3.41.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "SUSE Package Hub 12 SP3:chromedriver-79.0.3945.117-bp151.3.41.1.aarch64", "SUSE Package Hub 12 SP3:chromedriver-79.0.3945.117-bp151.3.41.1.x86_64", "SUSE Package Hub 12 SP3:chromium-79.0.3945.117-bp151.3.41.1.aarch64", "SUSE Package Hub 12 SP3:chromium-79.0.3945.117-bp151.3.41.1.x86_64", "SUSE Package Hub 15 SP1:chromedriver-79.0.3945.117-bp151.3.41.1.aarch64", "SUSE Package Hub 15 SP1:chromedriver-79.0.3945.117-bp151.3.41.1.x86_64", "SUSE Package Hub 15 SP1:chromium-79.0.3945.117-bp151.3.41.1.aarch64", "SUSE Package Hub 15 SP1:chromium-79.0.3945.117-bp151.3.41.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2020-01-10T05:15:04Z", "details": "important" } ], "title": "CVE-2020-6377" } ] }
opensuse-su-2020:0006-1
Vulnerability from csaf_opensuse
Published
2020-01-11 09:16
Modified
2020-01-11 09:16
Summary
Security update for chromium
Notes
Title of the patch
Security update for chromium
Description of the patch
This update for chromium version 79.0.3945.117 fixes the following issues:
- CVE-2020-6377: Fixed a use-after-free in audio
- Various fixes from internal audits, fuzzing and other initiatives
Patchnames
openSUSE-2020-6
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ "document": { "aggregate_severity": { "namespace": "https://www.suse.com/support/security/rating/", "text": "important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright 2024 SUSE LLC. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Security update for chromium", "title": "Title of the patch" }, { "category": "description", "text": "This update for chromium version 79.0.3945.117 fixes the following issues:\n\n- CVE-2020-6377: Fixed a use-after-free in audio\n- Various fixes from internal audits, fuzzing and other initiatives\n", "title": "Description of the patch" }, { "category": "details", "text": "openSUSE-2020-6", "title": "Patchnames" }, { "category": "legal_disclaimer", "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", "title": "Terms of use" } ], "publisher": { "category": "vendor", "contact_details": "https://www.suse.com/support/security/contact/", "name": "SUSE Product Security Team", "namespace": "https://www.suse.com/" }, "references": [ { "category": "external", "summary": "SUSE ratings", "url": "https://www.suse.com/support/security/rating/" }, { "category": "self", "summary": "URL of this CSAF notice", "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2020_0006-1.json" }, { "category": "self", "summary": "URL for openSUSE-SU-2020:0006-1", "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/O7QFD6GF3ONRLCIMCW2XENUMJSJLDEHH/" }, { "category": "self", "summary": "E-Mail link for openSUSE-SU-2020:0006-1", "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/O7QFD6GF3ONRLCIMCW2XENUMJSJLDEHH/" }, { "category": "self", "summary": "SUSE Bug 1160337", "url": "https://bugzilla.suse.com/1160337" }, { "category": "self", "summary": "SUSE CVE CVE-2019-5844 page", "url": "https://www.suse.com/security/cve/CVE-2019-5844/" }, { "category": "self", "summary": "SUSE CVE CVE-2019-5845 page", "url": "https://www.suse.com/security/cve/CVE-2019-5845/" }, { "category": "self", "summary": "SUSE CVE CVE-2019-5846 page", "url": "https://www.suse.com/security/cve/CVE-2019-5846/" }, { "category": "self", "summary": "SUSE CVE CVE-2020-6377 page", "url": "https://www.suse.com/security/cve/CVE-2020-6377/" } ], "title": "Security update for chromium", "tracking": { "current_release_date": "2020-01-11T09:16:12Z", "generator": { "date": "2020-01-11T09:16:12Z", "engine": { "name": "cve-database.git:bin/generate-csaf.pl", "version": "1" } }, "id": "openSUSE-SU-2020:0006-1", "initial_release_date": "2020-01-11T09:16:12Z", "revision_history": [ { "date": "2020-01-11T09:16:12Z", "number": "1", "summary": "Current version" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version", "name": "libre2-0-20200101-lp151.10.6.1.i586", "product": { "name": "libre2-0-20200101-lp151.10.6.1.i586", "product_id": "libre2-0-20200101-lp151.10.6.1.i586" } }, { "category": "product_version", "name": "re2-devel-20200101-lp151.10.6.1.i586", "product": { "name": "re2-devel-20200101-lp151.10.6.1.i586", "product_id": "re2-devel-20200101-lp151.10.6.1.i586" } } ], "category": "architecture", "name": "i586" }, { "branches": [ { "category": "product_version", "name": "chromedriver-79.0.3945.117-lp151.2.57.2.x86_64", "product": { "name": "chromedriver-79.0.3945.117-lp151.2.57.2.x86_64", "product_id": "chromedriver-79.0.3945.117-lp151.2.57.2.x86_64" } }, { "category": "product_version", "name": "chromium-79.0.3945.117-lp151.2.57.2.x86_64", "product": { "name": "chromium-79.0.3945.117-lp151.2.57.2.x86_64", "product_id": "chromium-79.0.3945.117-lp151.2.57.2.x86_64" } }, { "category": "product_version", "name": "libre2-0-20200101-lp151.10.6.1.x86_64", "product": { "name": "libre2-0-20200101-lp151.10.6.1.x86_64", "product_id": "libre2-0-20200101-lp151.10.6.1.x86_64" } }, { "category": "product_version", "name": "libre2-0-32bit-20200101-lp151.10.6.1.x86_64", "product": { "name": "libre2-0-32bit-20200101-lp151.10.6.1.x86_64", "product_id": "libre2-0-32bit-20200101-lp151.10.6.1.x86_64" } }, { "category": "product_version", "name": "re2-devel-20200101-lp151.10.6.1.x86_64", "product": { "name": "re2-devel-20200101-lp151.10.6.1.x86_64", "product_id": "re2-devel-20200101-lp151.10.6.1.x86_64" } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_name", "name": "openSUSE Leap 15.1", "product": { "name": "openSUSE Leap 15.1", "product_id": "openSUSE Leap 15.1", "product_identification_helper": { "cpe": "cpe:/o:opensuse:leap:15.1" } } } ], "category": "product_family", "name": "SUSE Linux Enterprise" } ], "category": "vendor", "name": "SUSE" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "chromedriver-79.0.3945.117-lp151.2.57.2.x86_64 as component of openSUSE Leap 15.1", "product_id": "openSUSE Leap 15.1:chromedriver-79.0.3945.117-lp151.2.57.2.x86_64" }, "product_reference": "chromedriver-79.0.3945.117-lp151.2.57.2.x86_64", "relates_to_product_reference": "openSUSE Leap 15.1" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-79.0.3945.117-lp151.2.57.2.x86_64 as component of openSUSE Leap 15.1", "product_id": "openSUSE Leap 15.1:chromium-79.0.3945.117-lp151.2.57.2.x86_64" }, "product_reference": "chromium-79.0.3945.117-lp151.2.57.2.x86_64", "relates_to_product_reference": "openSUSE Leap 15.1" }, { "category": "default_component_of", "full_product_name": { "name": "libre2-0-20200101-lp151.10.6.1.i586 as component of openSUSE Leap 15.1", "product_id": "openSUSE Leap 15.1:libre2-0-20200101-lp151.10.6.1.i586" }, "product_reference": "libre2-0-20200101-lp151.10.6.1.i586", "relates_to_product_reference": "openSUSE Leap 15.1" }, { "category": "default_component_of", "full_product_name": { "name": "libre2-0-20200101-lp151.10.6.1.x86_64 as component of openSUSE Leap 15.1", "product_id": "openSUSE Leap 15.1:libre2-0-20200101-lp151.10.6.1.x86_64" }, "product_reference": "libre2-0-20200101-lp151.10.6.1.x86_64", "relates_to_product_reference": "openSUSE Leap 15.1" }, { "category": "default_component_of", "full_product_name": { "name": "libre2-0-32bit-20200101-lp151.10.6.1.x86_64 as component of openSUSE Leap 15.1", "product_id": "openSUSE Leap 15.1:libre2-0-32bit-20200101-lp151.10.6.1.x86_64" }, "product_reference": "libre2-0-32bit-20200101-lp151.10.6.1.x86_64", "relates_to_product_reference": "openSUSE Leap 15.1" }, { "category": "default_component_of", "full_product_name": { "name": "re2-devel-20200101-lp151.10.6.1.i586 as component of openSUSE Leap 15.1", "product_id": "openSUSE Leap 15.1:re2-devel-20200101-lp151.10.6.1.i586" }, "product_reference": "re2-devel-20200101-lp151.10.6.1.i586", "relates_to_product_reference": "openSUSE Leap 15.1" }, { "category": "default_component_of", "full_product_name": { "name": "re2-devel-20200101-lp151.10.6.1.x86_64 as component of openSUSE Leap 15.1", "product_id": "openSUSE Leap 15.1:re2-devel-20200101-lp151.10.6.1.x86_64" }, "product_reference": "re2-devel-20200101-lp151.10.6.1.x86_64", "relates_to_product_reference": "openSUSE Leap 15.1" } ] }, "vulnerabilities": [ { "cve": "CVE-2019-5844", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2019-5844" } ], "notes": [ { "category": "general", "text": "Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Leap 15.1:chromedriver-79.0.3945.117-lp151.2.57.2.x86_64", "openSUSE Leap 15.1:chromium-79.0.3945.117-lp151.2.57.2.x86_64", "openSUSE Leap 15.1:libre2-0-20200101-lp151.10.6.1.i586", "openSUSE Leap 15.1:libre2-0-20200101-lp151.10.6.1.x86_64", "openSUSE Leap 15.1:libre2-0-32bit-20200101-lp151.10.6.1.x86_64", "openSUSE Leap 15.1:re2-devel-20200101-lp151.10.6.1.i586", "openSUSE Leap 15.1:re2-devel-20200101-lp151.10.6.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2019-5844", "url": "https://www.suse.com/security/cve/CVE-2019-5844" }, { "category": "external", "summary": "SUSE Bug 1129059 for CVE-2019-5844", "url": "https://bugzilla.suse.com/1129059" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Leap 15.1:chromedriver-79.0.3945.117-lp151.2.57.2.x86_64", "openSUSE Leap 15.1:chromium-79.0.3945.117-lp151.2.57.2.x86_64", "openSUSE Leap 15.1:libre2-0-20200101-lp151.10.6.1.i586", "openSUSE Leap 15.1:libre2-0-20200101-lp151.10.6.1.x86_64", "openSUSE Leap 15.1:libre2-0-32bit-20200101-lp151.10.6.1.x86_64", "openSUSE Leap 15.1:re2-devel-20200101-lp151.10.6.1.i586", "openSUSE Leap 15.1:re2-devel-20200101-lp151.10.6.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "openSUSE Leap 15.1:chromedriver-79.0.3945.117-lp151.2.57.2.x86_64", "openSUSE Leap 15.1:chromium-79.0.3945.117-lp151.2.57.2.x86_64", "openSUSE Leap 15.1:libre2-0-20200101-lp151.10.6.1.i586", "openSUSE Leap 15.1:libre2-0-20200101-lp151.10.6.1.x86_64", "openSUSE Leap 15.1:libre2-0-32bit-20200101-lp151.10.6.1.x86_64", "openSUSE Leap 15.1:re2-devel-20200101-lp151.10.6.1.i586", "openSUSE Leap 15.1:re2-devel-20200101-lp151.10.6.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2020-01-11T09:16:12Z", "details": "moderate" } ], "title": "CVE-2019-5844" }, { "cve": "CVE-2019-5845", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2019-5845" } ], "notes": [ { "category": "general", "text": "Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Leap 15.1:chromedriver-79.0.3945.117-lp151.2.57.2.x86_64", "openSUSE Leap 15.1:chromium-79.0.3945.117-lp151.2.57.2.x86_64", "openSUSE Leap 15.1:libre2-0-20200101-lp151.10.6.1.i586", "openSUSE Leap 15.1:libre2-0-20200101-lp151.10.6.1.x86_64", "openSUSE Leap 15.1:libre2-0-32bit-20200101-lp151.10.6.1.x86_64", "openSUSE Leap 15.1:re2-devel-20200101-lp151.10.6.1.i586", "openSUSE Leap 15.1:re2-devel-20200101-lp151.10.6.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2019-5845", "url": "https://www.suse.com/security/cve/CVE-2019-5845" }, { "category": "external", "summary": "SUSE Bug 1129059 for CVE-2019-5845", "url": "https://bugzilla.suse.com/1129059" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Leap 15.1:chromedriver-79.0.3945.117-lp151.2.57.2.x86_64", "openSUSE Leap 15.1:chromium-79.0.3945.117-lp151.2.57.2.x86_64", "openSUSE Leap 15.1:libre2-0-20200101-lp151.10.6.1.i586", "openSUSE Leap 15.1:libre2-0-20200101-lp151.10.6.1.x86_64", "openSUSE Leap 15.1:libre2-0-32bit-20200101-lp151.10.6.1.x86_64", "openSUSE Leap 15.1:re2-devel-20200101-lp151.10.6.1.i586", "openSUSE Leap 15.1:re2-devel-20200101-lp151.10.6.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "openSUSE Leap 15.1:chromedriver-79.0.3945.117-lp151.2.57.2.x86_64", "openSUSE Leap 15.1:chromium-79.0.3945.117-lp151.2.57.2.x86_64", "openSUSE Leap 15.1:libre2-0-20200101-lp151.10.6.1.i586", "openSUSE Leap 15.1:libre2-0-20200101-lp151.10.6.1.x86_64", "openSUSE Leap 15.1:libre2-0-32bit-20200101-lp151.10.6.1.x86_64", "openSUSE Leap 15.1:re2-devel-20200101-lp151.10.6.1.i586", "openSUSE Leap 15.1:re2-devel-20200101-lp151.10.6.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2020-01-11T09:16:12Z", "details": "moderate" } ], "title": "CVE-2019-5845" }, { "cve": "CVE-2019-5846", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2019-5846" } ], "notes": [ { "category": "general", "text": "Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Leap 15.1:chromedriver-79.0.3945.117-lp151.2.57.2.x86_64", "openSUSE Leap 15.1:chromium-79.0.3945.117-lp151.2.57.2.x86_64", "openSUSE Leap 15.1:libre2-0-20200101-lp151.10.6.1.i586", "openSUSE Leap 15.1:libre2-0-20200101-lp151.10.6.1.x86_64", "openSUSE Leap 15.1:libre2-0-32bit-20200101-lp151.10.6.1.x86_64", "openSUSE Leap 15.1:re2-devel-20200101-lp151.10.6.1.i586", "openSUSE Leap 15.1:re2-devel-20200101-lp151.10.6.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2019-5846", "url": "https://www.suse.com/security/cve/CVE-2019-5846" }, { "category": "external", "summary": "SUSE Bug 1129059 for CVE-2019-5846", "url": "https://bugzilla.suse.com/1129059" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Leap 15.1:chromedriver-79.0.3945.117-lp151.2.57.2.x86_64", "openSUSE Leap 15.1:chromium-79.0.3945.117-lp151.2.57.2.x86_64", "openSUSE Leap 15.1:libre2-0-20200101-lp151.10.6.1.i586", "openSUSE Leap 15.1:libre2-0-20200101-lp151.10.6.1.x86_64", "openSUSE Leap 15.1:libre2-0-32bit-20200101-lp151.10.6.1.x86_64", "openSUSE Leap 15.1:re2-devel-20200101-lp151.10.6.1.i586", "openSUSE Leap 15.1:re2-devel-20200101-lp151.10.6.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "openSUSE Leap 15.1:chromedriver-79.0.3945.117-lp151.2.57.2.x86_64", "openSUSE Leap 15.1:chromium-79.0.3945.117-lp151.2.57.2.x86_64", "openSUSE Leap 15.1:libre2-0-20200101-lp151.10.6.1.i586", "openSUSE Leap 15.1:libre2-0-20200101-lp151.10.6.1.x86_64", "openSUSE Leap 15.1:libre2-0-32bit-20200101-lp151.10.6.1.x86_64", "openSUSE Leap 15.1:re2-devel-20200101-lp151.10.6.1.i586", "openSUSE Leap 15.1:re2-devel-20200101-lp151.10.6.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2020-01-11T09:16:12Z", "details": "moderate" } ], "title": "CVE-2019-5846" }, { "cve": "CVE-2020-6377", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2020-6377" } ], "notes": [ { "category": "general", "text": "Use after free in audio in Google Chrome prior to 79.0.3945.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Leap 15.1:chromedriver-79.0.3945.117-lp151.2.57.2.x86_64", "openSUSE Leap 15.1:chromium-79.0.3945.117-lp151.2.57.2.x86_64", "openSUSE Leap 15.1:libre2-0-20200101-lp151.10.6.1.i586", "openSUSE Leap 15.1:libre2-0-20200101-lp151.10.6.1.x86_64", "openSUSE Leap 15.1:libre2-0-32bit-20200101-lp151.10.6.1.x86_64", "openSUSE Leap 15.1:re2-devel-20200101-lp151.10.6.1.i586", "openSUSE Leap 15.1:re2-devel-20200101-lp151.10.6.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2020-6377", "url": "https://www.suse.com/security/cve/CVE-2020-6377" }, { "category": "external", "summary": "SUSE Bug 1160337 for CVE-2020-6377", "url": "https://bugzilla.suse.com/1160337" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Leap 15.1:chromedriver-79.0.3945.117-lp151.2.57.2.x86_64", "openSUSE Leap 15.1:chromium-79.0.3945.117-lp151.2.57.2.x86_64", "openSUSE Leap 15.1:libre2-0-20200101-lp151.10.6.1.i586", "openSUSE Leap 15.1:libre2-0-20200101-lp151.10.6.1.x86_64", "openSUSE Leap 15.1:libre2-0-32bit-20200101-lp151.10.6.1.x86_64", "openSUSE Leap 15.1:re2-devel-20200101-lp151.10.6.1.i586", "openSUSE Leap 15.1:re2-devel-20200101-lp151.10.6.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "openSUSE Leap 15.1:chromedriver-79.0.3945.117-lp151.2.57.2.x86_64", "openSUSE Leap 15.1:chromium-79.0.3945.117-lp151.2.57.2.x86_64", "openSUSE Leap 15.1:libre2-0-20200101-lp151.10.6.1.i586", "openSUSE Leap 15.1:libre2-0-20200101-lp151.10.6.1.x86_64", "openSUSE Leap 15.1:libre2-0-32bit-20200101-lp151.10.6.1.x86_64", "openSUSE Leap 15.1:re2-devel-20200101-lp151.10.6.1.i586", "openSUSE Leap 15.1:re2-devel-20200101-lp151.10.6.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2020-01-11T09:16:12Z", "details": "important" } ], "title": "CVE-2020-6377" } ] }
opensuse-su-2020:0053-1
Vulnerability from csaf_opensuse
Published
2020-01-14 13:16
Modified
2020-01-14 13:16
Summary
Security update for chromium
Notes
Title of the patch
Security update for chromium
Description of the patch
This update for chromium version 79.0.3945.117 fixes the following issues:
- CVE-2020-6377: Fixed a use-after-free in audio
- Various fixes from internal audits, fuzzing and other initiatives
This update was imported from the openSUSE:Leap:15.1:Update update project.
Patchnames
openSUSE-2020-53
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ "document": { "aggregate_severity": { "namespace": "https://www.suse.com/support/security/rating/", "text": "important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright 2024 SUSE LLC. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Security update for chromium", "title": "Title of the patch" }, { "category": "description", "text": "This update for chromium version 79.0.3945.117 fixes the following issues:\n\n- CVE-2020-6377: Fixed a use-after-free in audio\n- Various fixes from internal audits, fuzzing and other initiatives\n\nThis update was imported from the openSUSE:Leap:15.1:Update update project.", "title": "Description of the patch" }, { "category": "details", "text": "openSUSE-2020-53", "title": "Patchnames" }, { "category": "legal_disclaimer", "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", "title": "Terms of use" } ], "publisher": { "category": "vendor", "contact_details": "https://www.suse.com/support/security/contact/", "name": "SUSE Product Security Team", "namespace": "https://www.suse.com/" }, "references": [ { "category": "external", "summary": "SUSE ratings", "url": "https://www.suse.com/support/security/rating/" }, { "category": "self", "summary": "URL of this CSAF notice", "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2020_0053-1.json" }, { "category": "self", "summary": "URL for openSUSE-SU-2020:0053-1", "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/DJVDDQTN3TAJZUQRZNCGYR25JLJ5EXMF/" }, { "category": "self", "summary": "E-Mail link for openSUSE-SU-2020:0053-1", "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/DJVDDQTN3TAJZUQRZNCGYR25JLJ5EXMF/" }, { "category": "self", "summary": "SUSE Bug 1160337", "url": "https://bugzilla.suse.com/1160337" }, { "category": "self", "summary": "SUSE CVE CVE-2019-5844 page", "url": "https://www.suse.com/security/cve/CVE-2019-5844/" }, { "category": "self", "summary": "SUSE CVE CVE-2019-5845 page", "url": "https://www.suse.com/security/cve/CVE-2019-5845/" }, { "category": "self", "summary": "SUSE CVE CVE-2019-5846 page", "url": "https://www.suse.com/security/cve/CVE-2019-5846/" }, { "category": "self", "summary": "SUSE CVE CVE-2020-6377 page", "url": "https://www.suse.com/security/cve/CVE-2020-6377/" } ], "title": "Security update for chromium", "tracking": { "current_release_date": "2020-01-14T13:16:26Z", "generator": { "date": "2020-01-14T13:16:26Z", "engine": { "name": "cve-database.git:bin/generate-csaf.pl", "version": "1" } }, "id": "openSUSE-SU-2020:0053-1", "initial_release_date": "2020-01-14T13:16:26Z", "revision_history": [ { "date": "2020-01-14T13:16:26Z", "number": "1", "summary": "Current version" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version", "name": "chromedriver-79.0.3945.117-bp151.3.53.3.aarch64", "product": { "name": "chromedriver-79.0.3945.117-bp151.3.53.3.aarch64", "product_id": "chromedriver-79.0.3945.117-bp151.3.53.3.aarch64" } }, { "category": "product_version", "name": "chromium-79.0.3945.117-bp151.3.53.3.aarch64", "product": { "name": "chromium-79.0.3945.117-bp151.3.53.3.aarch64", "product_id": "chromium-79.0.3945.117-bp151.3.53.3.aarch64" } }, { "category": "product_version", "name": "libre2-0-20200101-bp151.6.12.1.aarch64", "product": { "name": "libre2-0-20200101-bp151.6.12.1.aarch64", "product_id": "libre2-0-20200101-bp151.6.12.1.aarch64" } }, { "category": "product_version", "name": "re2-devel-20200101-bp151.6.12.1.aarch64", "product": { "name": "re2-devel-20200101-bp151.6.12.1.aarch64", "product_id": "re2-devel-20200101-bp151.6.12.1.aarch64" } } ], "category": "architecture", "name": "aarch64" }, { "branches": [ { "category": "product_version", "name": "libre2-0-64bit-20200101-bp151.6.12.1.aarch64_ilp32", "product": { "name": "libre2-0-64bit-20200101-bp151.6.12.1.aarch64_ilp32", "product_id": "libre2-0-64bit-20200101-bp151.6.12.1.aarch64_ilp32" } } ], "category": "architecture", "name": "aarch64_ilp32" }, { "branches": [ { "category": "product_version", "name": "libre2-0-20200101-bp151.6.12.1.ppc64le", "product": { "name": "libre2-0-20200101-bp151.6.12.1.ppc64le", "product_id": "libre2-0-20200101-bp151.6.12.1.ppc64le" } }, { "category": "product_version", "name": "re2-devel-20200101-bp151.6.12.1.ppc64le", "product": { "name": "re2-devel-20200101-bp151.6.12.1.ppc64le", "product_id": "re2-devel-20200101-bp151.6.12.1.ppc64le" } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "libre2-0-20200101-bp151.6.12.1.s390x", "product": { "name": "libre2-0-20200101-bp151.6.12.1.s390x", "product_id": "libre2-0-20200101-bp151.6.12.1.s390x" } }, { "category": "product_version", "name": "re2-devel-20200101-bp151.6.12.1.s390x", "product": { "name": "re2-devel-20200101-bp151.6.12.1.s390x", "product_id": "re2-devel-20200101-bp151.6.12.1.s390x" } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "chromedriver-79.0.3945.117-bp151.3.53.3.x86_64", "product": { "name": "chromedriver-79.0.3945.117-bp151.3.53.3.x86_64", "product_id": "chromedriver-79.0.3945.117-bp151.3.53.3.x86_64" } }, { "category": "product_version", "name": "chromium-79.0.3945.117-bp151.3.53.3.x86_64", "product": { "name": "chromium-79.0.3945.117-bp151.3.53.3.x86_64", "product_id": "chromium-79.0.3945.117-bp151.3.53.3.x86_64" } }, { "category": "product_version", "name": "libre2-0-20200101-bp151.6.12.1.x86_64", "product": { "name": "libre2-0-20200101-bp151.6.12.1.x86_64", "product_id": "libre2-0-20200101-bp151.6.12.1.x86_64" } }, { "category": "product_version", "name": "re2-devel-20200101-bp151.6.12.1.x86_64", "product": { "name": "re2-devel-20200101-bp151.6.12.1.x86_64", "product_id": "re2-devel-20200101-bp151.6.12.1.x86_64" } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_name", "name": "SUSE Package Hub 15 SP1", "product": { "name": "SUSE Package Hub 15 SP1", "product_id": "SUSE Package Hub 15 SP1" } } ], "category": "product_family", "name": "SUSE Linux Enterprise" } ], "category": "vendor", "name": "SUSE" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "chromedriver-79.0.3945.117-bp151.3.53.3.aarch64 as component of SUSE Package Hub 15 SP1", "product_id": "SUSE Package Hub 15 SP1:chromedriver-79.0.3945.117-bp151.3.53.3.aarch64" }, "product_reference": "chromedriver-79.0.3945.117-bp151.3.53.3.aarch64", "relates_to_product_reference": "SUSE Package Hub 15 SP1" }, { "category": "default_component_of", "full_product_name": { "name": "chromedriver-79.0.3945.117-bp151.3.53.3.x86_64 as component of SUSE Package Hub 15 SP1", "product_id": "SUSE Package Hub 15 SP1:chromedriver-79.0.3945.117-bp151.3.53.3.x86_64" }, "product_reference": "chromedriver-79.0.3945.117-bp151.3.53.3.x86_64", "relates_to_product_reference": "SUSE Package Hub 15 SP1" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-79.0.3945.117-bp151.3.53.3.aarch64 as component of SUSE Package Hub 15 SP1", "product_id": "SUSE Package Hub 15 SP1:chromium-79.0.3945.117-bp151.3.53.3.aarch64" }, "product_reference": "chromium-79.0.3945.117-bp151.3.53.3.aarch64", "relates_to_product_reference": "SUSE Package Hub 15 SP1" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-79.0.3945.117-bp151.3.53.3.x86_64 as component of SUSE Package Hub 15 SP1", "product_id": "SUSE Package Hub 15 SP1:chromium-79.0.3945.117-bp151.3.53.3.x86_64" }, "product_reference": "chromium-79.0.3945.117-bp151.3.53.3.x86_64", "relates_to_product_reference": "SUSE Package Hub 15 SP1" }, { "category": "default_component_of", "full_product_name": { "name": "libre2-0-20200101-bp151.6.12.1.aarch64 as component of SUSE Package Hub 15 SP1", "product_id": "SUSE Package Hub 15 SP1:libre2-0-20200101-bp151.6.12.1.aarch64" }, "product_reference": "libre2-0-20200101-bp151.6.12.1.aarch64", "relates_to_product_reference": "SUSE Package Hub 15 SP1" }, { "category": "default_component_of", "full_product_name": { "name": "libre2-0-20200101-bp151.6.12.1.ppc64le as component of SUSE Package Hub 15 SP1", "product_id": "SUSE Package Hub 15 SP1:libre2-0-20200101-bp151.6.12.1.ppc64le" }, "product_reference": "libre2-0-20200101-bp151.6.12.1.ppc64le", "relates_to_product_reference": "SUSE Package Hub 15 SP1" }, { "category": "default_component_of", "full_product_name": { "name": "libre2-0-20200101-bp151.6.12.1.s390x as component of SUSE Package Hub 15 SP1", "product_id": "SUSE Package Hub 15 SP1:libre2-0-20200101-bp151.6.12.1.s390x" }, "product_reference": "libre2-0-20200101-bp151.6.12.1.s390x", "relates_to_product_reference": "SUSE Package Hub 15 SP1" }, { "category": "default_component_of", "full_product_name": { "name": "libre2-0-20200101-bp151.6.12.1.x86_64 as component of SUSE Package Hub 15 SP1", "product_id": "SUSE Package Hub 15 SP1:libre2-0-20200101-bp151.6.12.1.x86_64" }, "product_reference": "libre2-0-20200101-bp151.6.12.1.x86_64", "relates_to_product_reference": "SUSE Package Hub 15 SP1" }, { "category": "default_component_of", "full_product_name": { "name": "libre2-0-64bit-20200101-bp151.6.12.1.aarch64_ilp32 as component of SUSE Package Hub 15 SP1", "product_id": "SUSE Package Hub 15 SP1:libre2-0-64bit-20200101-bp151.6.12.1.aarch64_ilp32" }, "product_reference": "libre2-0-64bit-20200101-bp151.6.12.1.aarch64_ilp32", "relates_to_product_reference": "SUSE Package Hub 15 SP1" }, { "category": "default_component_of", "full_product_name": { "name": "re2-devel-20200101-bp151.6.12.1.aarch64 as component of SUSE Package Hub 15 SP1", "product_id": "SUSE Package Hub 15 SP1:re2-devel-20200101-bp151.6.12.1.aarch64" }, "product_reference": "re2-devel-20200101-bp151.6.12.1.aarch64", "relates_to_product_reference": "SUSE Package Hub 15 SP1" }, { "category": "default_component_of", "full_product_name": { "name": "re2-devel-20200101-bp151.6.12.1.ppc64le as component of SUSE Package Hub 15 SP1", "product_id": "SUSE Package Hub 15 SP1:re2-devel-20200101-bp151.6.12.1.ppc64le" }, "product_reference": "re2-devel-20200101-bp151.6.12.1.ppc64le", "relates_to_product_reference": "SUSE Package Hub 15 SP1" }, { "category": "default_component_of", "full_product_name": { "name": "re2-devel-20200101-bp151.6.12.1.s390x as component of SUSE Package Hub 15 SP1", "product_id": "SUSE Package Hub 15 SP1:re2-devel-20200101-bp151.6.12.1.s390x" }, "product_reference": "re2-devel-20200101-bp151.6.12.1.s390x", "relates_to_product_reference": "SUSE Package Hub 15 SP1" }, { "category": "default_component_of", "full_product_name": { "name": "re2-devel-20200101-bp151.6.12.1.x86_64 as component of SUSE Package Hub 15 SP1", "product_id": "SUSE Package Hub 15 SP1:re2-devel-20200101-bp151.6.12.1.x86_64" }, "product_reference": "re2-devel-20200101-bp151.6.12.1.x86_64", "relates_to_product_reference": "SUSE Package Hub 15 SP1" } ] }, "vulnerabilities": [ { "cve": "CVE-2019-5844", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2019-5844" } ], "notes": [ { "category": "general", "text": "Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Package Hub 15 SP1:chromedriver-79.0.3945.117-bp151.3.53.3.aarch64", "SUSE Package Hub 15 SP1:chromedriver-79.0.3945.117-bp151.3.53.3.x86_64", "SUSE Package Hub 15 SP1:chromium-79.0.3945.117-bp151.3.53.3.aarch64", "SUSE Package Hub 15 SP1:chromium-79.0.3945.117-bp151.3.53.3.x86_64", "SUSE Package Hub 15 SP1:libre2-0-20200101-bp151.6.12.1.aarch64", "SUSE Package Hub 15 SP1:libre2-0-20200101-bp151.6.12.1.ppc64le", "SUSE Package Hub 15 SP1:libre2-0-20200101-bp151.6.12.1.s390x", "SUSE Package Hub 15 SP1:libre2-0-20200101-bp151.6.12.1.x86_64", "SUSE Package Hub 15 SP1:libre2-0-64bit-20200101-bp151.6.12.1.aarch64_ilp32", "SUSE Package Hub 15 SP1:re2-devel-20200101-bp151.6.12.1.aarch64", "SUSE Package Hub 15 SP1:re2-devel-20200101-bp151.6.12.1.ppc64le", "SUSE Package Hub 15 SP1:re2-devel-20200101-bp151.6.12.1.s390x", "SUSE Package Hub 15 SP1:re2-devel-20200101-bp151.6.12.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2019-5844", "url": "https://www.suse.com/security/cve/CVE-2019-5844" }, { "category": "external", "summary": "SUSE Bug 1129059 for CVE-2019-5844", "url": "https://bugzilla.suse.com/1129059" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Package Hub 15 SP1:chromedriver-79.0.3945.117-bp151.3.53.3.aarch64", "SUSE Package Hub 15 SP1:chromedriver-79.0.3945.117-bp151.3.53.3.x86_64", "SUSE Package Hub 15 SP1:chromium-79.0.3945.117-bp151.3.53.3.aarch64", "SUSE Package Hub 15 SP1:chromium-79.0.3945.117-bp151.3.53.3.x86_64", "SUSE Package Hub 15 SP1:libre2-0-20200101-bp151.6.12.1.aarch64", "SUSE Package Hub 15 SP1:libre2-0-20200101-bp151.6.12.1.ppc64le", "SUSE Package Hub 15 SP1:libre2-0-20200101-bp151.6.12.1.s390x", "SUSE Package Hub 15 SP1:libre2-0-20200101-bp151.6.12.1.x86_64", "SUSE Package Hub 15 SP1:libre2-0-64bit-20200101-bp151.6.12.1.aarch64_ilp32", "SUSE Package Hub 15 SP1:re2-devel-20200101-bp151.6.12.1.aarch64", "SUSE Package Hub 15 SP1:re2-devel-20200101-bp151.6.12.1.ppc64le", "SUSE Package Hub 15 SP1:re2-devel-20200101-bp151.6.12.1.s390x", "SUSE Package Hub 15 SP1:re2-devel-20200101-bp151.6.12.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "SUSE Package Hub 15 SP1:chromedriver-79.0.3945.117-bp151.3.53.3.aarch64", "SUSE Package Hub 15 SP1:chromedriver-79.0.3945.117-bp151.3.53.3.x86_64", "SUSE Package Hub 15 SP1:chromium-79.0.3945.117-bp151.3.53.3.aarch64", "SUSE Package Hub 15 SP1:chromium-79.0.3945.117-bp151.3.53.3.x86_64", "SUSE Package Hub 15 SP1:libre2-0-20200101-bp151.6.12.1.aarch64", "SUSE Package Hub 15 SP1:libre2-0-20200101-bp151.6.12.1.ppc64le", "SUSE Package Hub 15 SP1:libre2-0-20200101-bp151.6.12.1.s390x", "SUSE Package Hub 15 SP1:libre2-0-20200101-bp151.6.12.1.x86_64", "SUSE Package Hub 15 SP1:libre2-0-64bit-20200101-bp151.6.12.1.aarch64_ilp32", "SUSE Package Hub 15 SP1:re2-devel-20200101-bp151.6.12.1.aarch64", "SUSE Package Hub 15 SP1:re2-devel-20200101-bp151.6.12.1.ppc64le", "SUSE Package Hub 15 SP1:re2-devel-20200101-bp151.6.12.1.s390x", "SUSE Package Hub 15 SP1:re2-devel-20200101-bp151.6.12.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2020-01-14T13:16:26Z", "details": "moderate" } ], "title": "CVE-2019-5844" }, { "cve": "CVE-2019-5845", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2019-5845" } ], "notes": [ { "category": "general", "text": "Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Package Hub 15 SP1:chromedriver-79.0.3945.117-bp151.3.53.3.aarch64", "SUSE Package Hub 15 SP1:chromedriver-79.0.3945.117-bp151.3.53.3.x86_64", "SUSE Package Hub 15 SP1:chromium-79.0.3945.117-bp151.3.53.3.aarch64", "SUSE Package Hub 15 SP1:chromium-79.0.3945.117-bp151.3.53.3.x86_64", "SUSE Package Hub 15 SP1:libre2-0-20200101-bp151.6.12.1.aarch64", "SUSE Package Hub 15 SP1:libre2-0-20200101-bp151.6.12.1.ppc64le", "SUSE Package Hub 15 SP1:libre2-0-20200101-bp151.6.12.1.s390x", "SUSE Package Hub 15 SP1:libre2-0-20200101-bp151.6.12.1.x86_64", "SUSE Package Hub 15 SP1:libre2-0-64bit-20200101-bp151.6.12.1.aarch64_ilp32", "SUSE Package Hub 15 SP1:re2-devel-20200101-bp151.6.12.1.aarch64", "SUSE Package Hub 15 SP1:re2-devel-20200101-bp151.6.12.1.ppc64le", "SUSE Package Hub 15 SP1:re2-devel-20200101-bp151.6.12.1.s390x", "SUSE Package Hub 15 SP1:re2-devel-20200101-bp151.6.12.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2019-5845", "url": "https://www.suse.com/security/cve/CVE-2019-5845" }, { "category": "external", "summary": "SUSE Bug 1129059 for CVE-2019-5845", "url": "https://bugzilla.suse.com/1129059" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Package Hub 15 SP1:chromedriver-79.0.3945.117-bp151.3.53.3.aarch64", "SUSE Package Hub 15 SP1:chromedriver-79.0.3945.117-bp151.3.53.3.x86_64", "SUSE Package Hub 15 SP1:chromium-79.0.3945.117-bp151.3.53.3.aarch64", "SUSE Package Hub 15 SP1:chromium-79.0.3945.117-bp151.3.53.3.x86_64", "SUSE Package Hub 15 SP1:libre2-0-20200101-bp151.6.12.1.aarch64", "SUSE Package Hub 15 SP1:libre2-0-20200101-bp151.6.12.1.ppc64le", "SUSE Package Hub 15 SP1:libre2-0-20200101-bp151.6.12.1.s390x", "SUSE Package Hub 15 SP1:libre2-0-20200101-bp151.6.12.1.x86_64", "SUSE Package Hub 15 SP1:libre2-0-64bit-20200101-bp151.6.12.1.aarch64_ilp32", "SUSE Package Hub 15 SP1:re2-devel-20200101-bp151.6.12.1.aarch64", "SUSE Package Hub 15 SP1:re2-devel-20200101-bp151.6.12.1.ppc64le", "SUSE Package Hub 15 SP1:re2-devel-20200101-bp151.6.12.1.s390x", "SUSE Package Hub 15 SP1:re2-devel-20200101-bp151.6.12.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "SUSE Package Hub 15 SP1:chromedriver-79.0.3945.117-bp151.3.53.3.aarch64", "SUSE Package Hub 15 SP1:chromedriver-79.0.3945.117-bp151.3.53.3.x86_64", "SUSE Package Hub 15 SP1:chromium-79.0.3945.117-bp151.3.53.3.aarch64", "SUSE Package Hub 15 SP1:chromium-79.0.3945.117-bp151.3.53.3.x86_64", "SUSE Package Hub 15 SP1:libre2-0-20200101-bp151.6.12.1.aarch64", "SUSE Package Hub 15 SP1:libre2-0-20200101-bp151.6.12.1.ppc64le", "SUSE Package Hub 15 SP1:libre2-0-20200101-bp151.6.12.1.s390x", "SUSE Package Hub 15 SP1:libre2-0-20200101-bp151.6.12.1.x86_64", "SUSE Package Hub 15 SP1:libre2-0-64bit-20200101-bp151.6.12.1.aarch64_ilp32", "SUSE Package Hub 15 SP1:re2-devel-20200101-bp151.6.12.1.aarch64", "SUSE Package Hub 15 SP1:re2-devel-20200101-bp151.6.12.1.ppc64le", "SUSE Package Hub 15 SP1:re2-devel-20200101-bp151.6.12.1.s390x", "SUSE Package Hub 15 SP1:re2-devel-20200101-bp151.6.12.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2020-01-14T13:16:26Z", "details": "moderate" } ], "title": "CVE-2019-5845" }, { "cve": "CVE-2019-5846", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2019-5846" } ], "notes": [ { "category": "general", "text": "Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Package Hub 15 SP1:chromedriver-79.0.3945.117-bp151.3.53.3.aarch64", "SUSE Package Hub 15 SP1:chromedriver-79.0.3945.117-bp151.3.53.3.x86_64", "SUSE Package Hub 15 SP1:chromium-79.0.3945.117-bp151.3.53.3.aarch64", "SUSE Package Hub 15 SP1:chromium-79.0.3945.117-bp151.3.53.3.x86_64", "SUSE Package Hub 15 SP1:libre2-0-20200101-bp151.6.12.1.aarch64", "SUSE Package Hub 15 SP1:libre2-0-20200101-bp151.6.12.1.ppc64le", "SUSE Package Hub 15 SP1:libre2-0-20200101-bp151.6.12.1.s390x", "SUSE Package Hub 15 SP1:libre2-0-20200101-bp151.6.12.1.x86_64", "SUSE Package Hub 15 SP1:libre2-0-64bit-20200101-bp151.6.12.1.aarch64_ilp32", "SUSE Package Hub 15 SP1:re2-devel-20200101-bp151.6.12.1.aarch64", "SUSE Package Hub 15 SP1:re2-devel-20200101-bp151.6.12.1.ppc64le", "SUSE Package Hub 15 SP1:re2-devel-20200101-bp151.6.12.1.s390x", "SUSE Package Hub 15 SP1:re2-devel-20200101-bp151.6.12.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2019-5846", "url": "https://www.suse.com/security/cve/CVE-2019-5846" }, { "category": "external", "summary": "SUSE Bug 1129059 for CVE-2019-5846", "url": "https://bugzilla.suse.com/1129059" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Package Hub 15 SP1:chromedriver-79.0.3945.117-bp151.3.53.3.aarch64", "SUSE Package Hub 15 SP1:chromedriver-79.0.3945.117-bp151.3.53.3.x86_64", "SUSE Package Hub 15 SP1:chromium-79.0.3945.117-bp151.3.53.3.aarch64", "SUSE Package Hub 15 SP1:chromium-79.0.3945.117-bp151.3.53.3.x86_64", "SUSE Package Hub 15 SP1:libre2-0-20200101-bp151.6.12.1.aarch64", "SUSE Package Hub 15 SP1:libre2-0-20200101-bp151.6.12.1.ppc64le", "SUSE Package Hub 15 SP1:libre2-0-20200101-bp151.6.12.1.s390x", "SUSE Package Hub 15 SP1:libre2-0-20200101-bp151.6.12.1.x86_64", "SUSE Package Hub 15 SP1:libre2-0-64bit-20200101-bp151.6.12.1.aarch64_ilp32", "SUSE Package Hub 15 SP1:re2-devel-20200101-bp151.6.12.1.aarch64", "SUSE Package Hub 15 SP1:re2-devel-20200101-bp151.6.12.1.ppc64le", "SUSE Package Hub 15 SP1:re2-devel-20200101-bp151.6.12.1.s390x", "SUSE Package Hub 15 SP1:re2-devel-20200101-bp151.6.12.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "SUSE Package Hub 15 SP1:chromedriver-79.0.3945.117-bp151.3.53.3.aarch64", "SUSE Package Hub 15 SP1:chromedriver-79.0.3945.117-bp151.3.53.3.x86_64", "SUSE Package Hub 15 SP1:chromium-79.0.3945.117-bp151.3.53.3.aarch64", "SUSE Package Hub 15 SP1:chromium-79.0.3945.117-bp151.3.53.3.x86_64", "SUSE Package Hub 15 SP1:libre2-0-20200101-bp151.6.12.1.aarch64", "SUSE Package Hub 15 SP1:libre2-0-20200101-bp151.6.12.1.ppc64le", "SUSE Package Hub 15 SP1:libre2-0-20200101-bp151.6.12.1.s390x", "SUSE Package Hub 15 SP1:libre2-0-20200101-bp151.6.12.1.x86_64", "SUSE Package Hub 15 SP1:libre2-0-64bit-20200101-bp151.6.12.1.aarch64_ilp32", "SUSE Package Hub 15 SP1:re2-devel-20200101-bp151.6.12.1.aarch64", "SUSE Package Hub 15 SP1:re2-devel-20200101-bp151.6.12.1.ppc64le", "SUSE Package Hub 15 SP1:re2-devel-20200101-bp151.6.12.1.s390x", "SUSE Package Hub 15 SP1:re2-devel-20200101-bp151.6.12.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2020-01-14T13:16:26Z", "details": "moderate" } ], "title": "CVE-2019-5846" }, { "cve": "CVE-2020-6377", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2020-6377" } ], "notes": [ { "category": "general", "text": "Use after free in audio in Google Chrome prior to 79.0.3945.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Package Hub 15 SP1:chromedriver-79.0.3945.117-bp151.3.53.3.aarch64", "SUSE Package Hub 15 SP1:chromedriver-79.0.3945.117-bp151.3.53.3.x86_64", "SUSE Package Hub 15 SP1:chromium-79.0.3945.117-bp151.3.53.3.aarch64", "SUSE Package Hub 15 SP1:chromium-79.0.3945.117-bp151.3.53.3.x86_64", "SUSE Package Hub 15 SP1:libre2-0-20200101-bp151.6.12.1.aarch64", "SUSE Package Hub 15 SP1:libre2-0-20200101-bp151.6.12.1.ppc64le", "SUSE Package Hub 15 SP1:libre2-0-20200101-bp151.6.12.1.s390x", "SUSE Package Hub 15 SP1:libre2-0-20200101-bp151.6.12.1.x86_64", "SUSE Package Hub 15 SP1:libre2-0-64bit-20200101-bp151.6.12.1.aarch64_ilp32", "SUSE Package Hub 15 SP1:re2-devel-20200101-bp151.6.12.1.aarch64", "SUSE Package Hub 15 SP1:re2-devel-20200101-bp151.6.12.1.ppc64le", "SUSE Package Hub 15 SP1:re2-devel-20200101-bp151.6.12.1.s390x", "SUSE Package Hub 15 SP1:re2-devel-20200101-bp151.6.12.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2020-6377", "url": "https://www.suse.com/security/cve/CVE-2020-6377" }, { "category": "external", "summary": "SUSE Bug 1160337 for CVE-2020-6377", "url": "https://bugzilla.suse.com/1160337" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Package Hub 15 SP1:chromedriver-79.0.3945.117-bp151.3.53.3.aarch64", "SUSE Package Hub 15 SP1:chromedriver-79.0.3945.117-bp151.3.53.3.x86_64", "SUSE Package Hub 15 SP1:chromium-79.0.3945.117-bp151.3.53.3.aarch64", "SUSE Package Hub 15 SP1:chromium-79.0.3945.117-bp151.3.53.3.x86_64", "SUSE Package Hub 15 SP1:libre2-0-20200101-bp151.6.12.1.aarch64", "SUSE Package Hub 15 SP1:libre2-0-20200101-bp151.6.12.1.ppc64le", "SUSE Package Hub 15 SP1:libre2-0-20200101-bp151.6.12.1.s390x", "SUSE Package Hub 15 SP1:libre2-0-20200101-bp151.6.12.1.x86_64", "SUSE Package Hub 15 SP1:libre2-0-64bit-20200101-bp151.6.12.1.aarch64_ilp32", "SUSE Package Hub 15 SP1:re2-devel-20200101-bp151.6.12.1.aarch64", "SUSE Package Hub 15 SP1:re2-devel-20200101-bp151.6.12.1.ppc64le", "SUSE Package Hub 15 SP1:re2-devel-20200101-bp151.6.12.1.s390x", "SUSE Package Hub 15 SP1:re2-devel-20200101-bp151.6.12.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "SUSE Package Hub 15 SP1:chromedriver-79.0.3945.117-bp151.3.53.3.aarch64", "SUSE Package Hub 15 SP1:chromedriver-79.0.3945.117-bp151.3.53.3.x86_64", "SUSE Package Hub 15 SP1:chromium-79.0.3945.117-bp151.3.53.3.aarch64", "SUSE Package Hub 15 SP1:chromium-79.0.3945.117-bp151.3.53.3.x86_64", "SUSE Package Hub 15 SP1:libre2-0-20200101-bp151.6.12.1.aarch64", "SUSE Package Hub 15 SP1:libre2-0-20200101-bp151.6.12.1.ppc64le", "SUSE Package Hub 15 SP1:libre2-0-20200101-bp151.6.12.1.s390x", "SUSE Package Hub 15 SP1:libre2-0-20200101-bp151.6.12.1.x86_64", "SUSE Package Hub 15 SP1:libre2-0-64bit-20200101-bp151.6.12.1.aarch64_ilp32", "SUSE Package Hub 15 SP1:re2-devel-20200101-bp151.6.12.1.aarch64", "SUSE Package Hub 15 SP1:re2-devel-20200101-bp151.6.12.1.ppc64le", "SUSE Package Hub 15 SP1:re2-devel-20200101-bp151.6.12.1.s390x", "SUSE Package Hub 15 SP1:re2-devel-20200101-bp151.6.12.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2020-01-14T13:16:26Z", "details": "important" } ], "title": "CVE-2020-6377" } ] }
opensuse-su-2020:0009-1
Vulnerability from csaf_opensuse
Published
2020-01-12 05:15
Modified
2020-01-12 05:15
Summary
Security update for chromium
Notes
Title of the patch
Security update for chromium
Description of the patch
This update for chromium version 79.0.3945.117 fixes the following issues:
- CVE-2020-6377: Fixed a use-after-free in audio
- Various fixes from internal audits, fuzzing and other initiatives
This update was imported from the openSUSE:Leap:15.1:Update update project.
Patchnames
openSUSE-2020-9
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ "document": { "aggregate_severity": { "namespace": "https://www.suse.com/support/security/rating/", "text": "important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright 2024 SUSE LLC. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Security update for chromium", "title": "Title of the patch" }, { "category": "description", "text": "This update for chromium version 79.0.3945.117 fixes the following issues:\n\n- CVE-2020-6377: Fixed a use-after-free in audio\n- Various fixes from internal audits, fuzzing and other initiatives\n\nThis update was imported from the openSUSE:Leap:15.1:Update update project.", "title": "Description of the patch" }, { "category": "details", "text": "openSUSE-2020-9", "title": "Patchnames" }, { "category": "legal_disclaimer", "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", "title": "Terms of use" } ], "publisher": { "category": "vendor", "contact_details": "https://www.suse.com/support/security/contact/", "name": "SUSE Product Security Team", "namespace": "https://www.suse.com/" }, "references": [ { "category": "external", "summary": "SUSE ratings", "url": "https://www.suse.com/support/security/rating/" }, { "category": "self", "summary": "URL of this CSAF notice", "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2020_0009-1.json" }, { "category": "self", "summary": "URL for openSUSE-SU-2020:0009-1", "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/BVQCSGAQO7JEY65Y2E4QZDPAWMXO5ZVH/" }, { "category": "self", "summary": "E-Mail link for openSUSE-SU-2020:0009-1", "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/BVQCSGAQO7JEY65Y2E4QZDPAWMXO5ZVH/" }, { "category": "self", "summary": "SUSE Bug 1160337", "url": "https://bugzilla.suse.com/1160337" }, { "category": "self", "summary": "SUSE CVE CVE-2019-5844 page", "url": "https://www.suse.com/security/cve/CVE-2019-5844/" }, { "category": "self", "summary": "SUSE CVE CVE-2019-5845 page", "url": "https://www.suse.com/security/cve/CVE-2019-5845/" }, { "category": "self", "summary": "SUSE CVE CVE-2019-5846 page", "url": "https://www.suse.com/security/cve/CVE-2019-5846/" }, { "category": "self", "summary": "SUSE CVE CVE-2020-6377 page", "url": "https://www.suse.com/security/cve/CVE-2020-6377/" } ], "title": "Security update for chromium", "tracking": { "current_release_date": "2020-01-12T05:15:32Z", "generator": { "date": "2020-01-12T05:15:32Z", "engine": { "name": "cve-database.git:bin/generate-csaf.pl", "version": "1" } }, "id": "openSUSE-SU-2020:0009-1", "initial_release_date": "2020-01-12T05:15:32Z", "revision_history": [ { "date": "2020-01-12T05:15:32Z", "number": "1", "summary": "Current version" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version", "name": "chromedriver-79.0.3945.117-bp151.3.47.1.aarch64", "product": { "name": "chromedriver-79.0.3945.117-bp151.3.47.1.aarch64", "product_id": "chromedriver-79.0.3945.117-bp151.3.47.1.aarch64" } }, { "category": "product_version", "name": "chromium-79.0.3945.117-bp151.3.47.1.aarch64", "product": { "name": "chromium-79.0.3945.117-bp151.3.47.1.aarch64", "product_id": "chromium-79.0.3945.117-bp151.3.47.1.aarch64" } }, { "category": "product_version", "name": "libre2-0-20200101-bp151.6.6.1.aarch64", "product": { "name": "libre2-0-20200101-bp151.6.6.1.aarch64", "product_id": "libre2-0-20200101-bp151.6.6.1.aarch64" } }, { "category": "product_version", "name": "re2-devel-20200101-bp151.6.6.1.aarch64", "product": { "name": "re2-devel-20200101-bp151.6.6.1.aarch64", "product_id": "re2-devel-20200101-bp151.6.6.1.aarch64" } } ], "category": "architecture", "name": "aarch64" }, { "branches": [ { "category": "product_version", "name": "libre2-0-64bit-20200101-bp151.6.6.1.aarch64_ilp32", "product": { "name": "libre2-0-64bit-20200101-bp151.6.6.1.aarch64_ilp32", "product_id": "libre2-0-64bit-20200101-bp151.6.6.1.aarch64_ilp32" } } ], "category": "architecture", "name": "aarch64_ilp32" }, { "branches": [ { "category": "product_version", "name": "libre2-0-20200101-bp151.6.6.1.ppc64le", "product": { "name": "libre2-0-20200101-bp151.6.6.1.ppc64le", "product_id": "libre2-0-20200101-bp151.6.6.1.ppc64le" } }, { "category": "product_version", "name": "re2-devel-20200101-bp151.6.6.1.ppc64le", "product": { "name": "re2-devel-20200101-bp151.6.6.1.ppc64le", "product_id": "re2-devel-20200101-bp151.6.6.1.ppc64le" } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "libre2-0-20200101-bp151.6.6.1.s390x", "product": { "name": "libre2-0-20200101-bp151.6.6.1.s390x", "product_id": "libre2-0-20200101-bp151.6.6.1.s390x" } }, { "category": "product_version", "name": "re2-devel-20200101-bp151.6.6.1.s390x", "product": { "name": "re2-devel-20200101-bp151.6.6.1.s390x", "product_id": "re2-devel-20200101-bp151.6.6.1.s390x" } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "chromedriver-79.0.3945.117-bp151.3.47.1.x86_64", "product": { "name": "chromedriver-79.0.3945.117-bp151.3.47.1.x86_64", "product_id": "chromedriver-79.0.3945.117-bp151.3.47.1.x86_64" } }, { "category": "product_version", "name": "chromium-79.0.3945.117-bp151.3.47.1.x86_64", "product": { "name": "chromium-79.0.3945.117-bp151.3.47.1.x86_64", "product_id": "chromium-79.0.3945.117-bp151.3.47.1.x86_64" } }, { "category": "product_version", "name": "libre2-0-20200101-bp151.6.6.1.x86_64", "product": { "name": "libre2-0-20200101-bp151.6.6.1.x86_64", "product_id": "libre2-0-20200101-bp151.6.6.1.x86_64" } }, { "category": "product_version", "name": "re2-devel-20200101-bp151.6.6.1.x86_64", "product": { "name": "re2-devel-20200101-bp151.6.6.1.x86_64", "product_id": "re2-devel-20200101-bp151.6.6.1.x86_64" } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_name", "name": "SUSE Package Hub 15 SP1", "product": { "name": "SUSE Package Hub 15 SP1", "product_id": "SUSE Package Hub 15 SP1" } } ], "category": "product_family", "name": "SUSE Linux Enterprise" } ], "category": "vendor", "name": "SUSE" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "chromedriver-79.0.3945.117-bp151.3.47.1.aarch64 as component of SUSE Package Hub 15 SP1", "product_id": "SUSE Package Hub 15 SP1:chromedriver-79.0.3945.117-bp151.3.47.1.aarch64" }, "product_reference": "chromedriver-79.0.3945.117-bp151.3.47.1.aarch64", "relates_to_product_reference": "SUSE Package Hub 15 SP1" }, { "category": "default_component_of", "full_product_name": { "name": "chromedriver-79.0.3945.117-bp151.3.47.1.x86_64 as component of SUSE Package Hub 15 SP1", "product_id": "SUSE Package Hub 15 SP1:chromedriver-79.0.3945.117-bp151.3.47.1.x86_64" }, "product_reference": "chromedriver-79.0.3945.117-bp151.3.47.1.x86_64", "relates_to_product_reference": "SUSE Package Hub 15 SP1" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-79.0.3945.117-bp151.3.47.1.aarch64 as component of SUSE Package Hub 15 SP1", "product_id": "SUSE Package Hub 15 SP1:chromium-79.0.3945.117-bp151.3.47.1.aarch64" }, "product_reference": "chromium-79.0.3945.117-bp151.3.47.1.aarch64", "relates_to_product_reference": "SUSE Package Hub 15 SP1" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-79.0.3945.117-bp151.3.47.1.x86_64 as component of SUSE Package Hub 15 SP1", "product_id": "SUSE Package Hub 15 SP1:chromium-79.0.3945.117-bp151.3.47.1.x86_64" }, "product_reference": "chromium-79.0.3945.117-bp151.3.47.1.x86_64", "relates_to_product_reference": "SUSE Package Hub 15 SP1" }, { "category": "default_component_of", "full_product_name": { "name": "libre2-0-20200101-bp151.6.6.1.aarch64 as component of SUSE Package Hub 15 SP1", "product_id": "SUSE Package Hub 15 SP1:libre2-0-20200101-bp151.6.6.1.aarch64" }, "product_reference": "libre2-0-20200101-bp151.6.6.1.aarch64", "relates_to_product_reference": "SUSE Package Hub 15 SP1" }, { "category": "default_component_of", "full_product_name": { "name": "libre2-0-20200101-bp151.6.6.1.ppc64le as component of SUSE Package Hub 15 SP1", "product_id": "SUSE Package Hub 15 SP1:libre2-0-20200101-bp151.6.6.1.ppc64le" }, "product_reference": "libre2-0-20200101-bp151.6.6.1.ppc64le", "relates_to_product_reference": "SUSE Package Hub 15 SP1" }, { "category": "default_component_of", "full_product_name": { "name": "libre2-0-20200101-bp151.6.6.1.s390x as component of SUSE Package Hub 15 SP1", "product_id": "SUSE Package Hub 15 SP1:libre2-0-20200101-bp151.6.6.1.s390x" }, "product_reference": "libre2-0-20200101-bp151.6.6.1.s390x", "relates_to_product_reference": "SUSE Package Hub 15 SP1" }, { "category": "default_component_of", "full_product_name": { "name": "libre2-0-20200101-bp151.6.6.1.x86_64 as component of SUSE Package Hub 15 SP1", "product_id": "SUSE Package Hub 15 SP1:libre2-0-20200101-bp151.6.6.1.x86_64" }, "product_reference": "libre2-0-20200101-bp151.6.6.1.x86_64", "relates_to_product_reference": "SUSE Package Hub 15 SP1" }, { "category": "default_component_of", "full_product_name": { "name": "libre2-0-64bit-20200101-bp151.6.6.1.aarch64_ilp32 as component of SUSE Package Hub 15 SP1", "product_id": "SUSE Package Hub 15 SP1:libre2-0-64bit-20200101-bp151.6.6.1.aarch64_ilp32" }, "product_reference": "libre2-0-64bit-20200101-bp151.6.6.1.aarch64_ilp32", "relates_to_product_reference": "SUSE Package Hub 15 SP1" }, { "category": "default_component_of", "full_product_name": { "name": "re2-devel-20200101-bp151.6.6.1.aarch64 as component of SUSE Package Hub 15 SP1", "product_id": "SUSE Package Hub 15 SP1:re2-devel-20200101-bp151.6.6.1.aarch64" }, "product_reference": "re2-devel-20200101-bp151.6.6.1.aarch64", "relates_to_product_reference": "SUSE Package Hub 15 SP1" }, { "category": "default_component_of", "full_product_name": { "name": "re2-devel-20200101-bp151.6.6.1.ppc64le as component of SUSE Package Hub 15 SP1", "product_id": "SUSE Package Hub 15 SP1:re2-devel-20200101-bp151.6.6.1.ppc64le" }, "product_reference": "re2-devel-20200101-bp151.6.6.1.ppc64le", "relates_to_product_reference": "SUSE Package Hub 15 SP1" }, { "category": "default_component_of", "full_product_name": { "name": "re2-devel-20200101-bp151.6.6.1.s390x as component of SUSE Package Hub 15 SP1", "product_id": "SUSE Package Hub 15 SP1:re2-devel-20200101-bp151.6.6.1.s390x" }, "product_reference": "re2-devel-20200101-bp151.6.6.1.s390x", "relates_to_product_reference": "SUSE Package Hub 15 SP1" }, { "category": "default_component_of", "full_product_name": { "name": "re2-devel-20200101-bp151.6.6.1.x86_64 as component of SUSE Package Hub 15 SP1", "product_id": "SUSE Package Hub 15 SP1:re2-devel-20200101-bp151.6.6.1.x86_64" }, "product_reference": "re2-devel-20200101-bp151.6.6.1.x86_64", "relates_to_product_reference": "SUSE Package Hub 15 SP1" } ] }, "vulnerabilities": [ { "cve": "CVE-2019-5844", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2019-5844" } ], "notes": [ { "category": "general", "text": "Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Package Hub 15 SP1:chromedriver-79.0.3945.117-bp151.3.47.1.aarch64", "SUSE Package Hub 15 SP1:chromedriver-79.0.3945.117-bp151.3.47.1.x86_64", "SUSE Package Hub 15 SP1:chromium-79.0.3945.117-bp151.3.47.1.aarch64", "SUSE Package Hub 15 SP1:chromium-79.0.3945.117-bp151.3.47.1.x86_64", "SUSE Package Hub 15 SP1:libre2-0-20200101-bp151.6.6.1.aarch64", "SUSE Package Hub 15 SP1:libre2-0-20200101-bp151.6.6.1.ppc64le", "SUSE Package Hub 15 SP1:libre2-0-20200101-bp151.6.6.1.s390x", "SUSE Package Hub 15 SP1:libre2-0-20200101-bp151.6.6.1.x86_64", "SUSE Package Hub 15 SP1:libre2-0-64bit-20200101-bp151.6.6.1.aarch64_ilp32", "SUSE Package Hub 15 SP1:re2-devel-20200101-bp151.6.6.1.aarch64", "SUSE Package Hub 15 SP1:re2-devel-20200101-bp151.6.6.1.ppc64le", "SUSE Package Hub 15 SP1:re2-devel-20200101-bp151.6.6.1.s390x", "SUSE Package Hub 15 SP1:re2-devel-20200101-bp151.6.6.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2019-5844", "url": "https://www.suse.com/security/cve/CVE-2019-5844" }, { "category": "external", "summary": "SUSE Bug 1129059 for CVE-2019-5844", "url": "https://bugzilla.suse.com/1129059" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Package Hub 15 SP1:chromedriver-79.0.3945.117-bp151.3.47.1.aarch64", "SUSE Package Hub 15 SP1:chromedriver-79.0.3945.117-bp151.3.47.1.x86_64", "SUSE Package Hub 15 SP1:chromium-79.0.3945.117-bp151.3.47.1.aarch64", "SUSE Package Hub 15 SP1:chromium-79.0.3945.117-bp151.3.47.1.x86_64", "SUSE Package Hub 15 SP1:libre2-0-20200101-bp151.6.6.1.aarch64", "SUSE Package Hub 15 SP1:libre2-0-20200101-bp151.6.6.1.ppc64le", "SUSE Package Hub 15 SP1:libre2-0-20200101-bp151.6.6.1.s390x", "SUSE Package Hub 15 SP1:libre2-0-20200101-bp151.6.6.1.x86_64", "SUSE Package Hub 15 SP1:libre2-0-64bit-20200101-bp151.6.6.1.aarch64_ilp32", "SUSE Package Hub 15 SP1:re2-devel-20200101-bp151.6.6.1.aarch64", "SUSE Package Hub 15 SP1:re2-devel-20200101-bp151.6.6.1.ppc64le", "SUSE Package Hub 15 SP1:re2-devel-20200101-bp151.6.6.1.s390x", "SUSE Package Hub 15 SP1:re2-devel-20200101-bp151.6.6.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "SUSE Package Hub 15 SP1:chromedriver-79.0.3945.117-bp151.3.47.1.aarch64", "SUSE Package Hub 15 SP1:chromedriver-79.0.3945.117-bp151.3.47.1.x86_64", "SUSE Package Hub 15 SP1:chromium-79.0.3945.117-bp151.3.47.1.aarch64", "SUSE Package Hub 15 SP1:chromium-79.0.3945.117-bp151.3.47.1.x86_64", "SUSE Package Hub 15 SP1:libre2-0-20200101-bp151.6.6.1.aarch64", "SUSE Package Hub 15 SP1:libre2-0-20200101-bp151.6.6.1.ppc64le", "SUSE Package Hub 15 SP1:libre2-0-20200101-bp151.6.6.1.s390x", "SUSE Package Hub 15 SP1:libre2-0-20200101-bp151.6.6.1.x86_64", "SUSE Package Hub 15 SP1:libre2-0-64bit-20200101-bp151.6.6.1.aarch64_ilp32", "SUSE Package Hub 15 SP1:re2-devel-20200101-bp151.6.6.1.aarch64", "SUSE Package Hub 15 SP1:re2-devel-20200101-bp151.6.6.1.ppc64le", "SUSE Package Hub 15 SP1:re2-devel-20200101-bp151.6.6.1.s390x", "SUSE Package Hub 15 SP1:re2-devel-20200101-bp151.6.6.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2020-01-12T05:15:32Z", "details": "moderate" } ], "title": "CVE-2019-5844" }, { "cve": "CVE-2019-5845", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2019-5845" } ], "notes": [ { "category": "general", "text": "Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Package Hub 15 SP1:chromedriver-79.0.3945.117-bp151.3.47.1.aarch64", "SUSE Package Hub 15 SP1:chromedriver-79.0.3945.117-bp151.3.47.1.x86_64", "SUSE Package Hub 15 SP1:chromium-79.0.3945.117-bp151.3.47.1.aarch64", "SUSE Package Hub 15 SP1:chromium-79.0.3945.117-bp151.3.47.1.x86_64", "SUSE Package Hub 15 SP1:libre2-0-20200101-bp151.6.6.1.aarch64", "SUSE Package Hub 15 SP1:libre2-0-20200101-bp151.6.6.1.ppc64le", "SUSE Package Hub 15 SP1:libre2-0-20200101-bp151.6.6.1.s390x", "SUSE Package Hub 15 SP1:libre2-0-20200101-bp151.6.6.1.x86_64", "SUSE Package Hub 15 SP1:libre2-0-64bit-20200101-bp151.6.6.1.aarch64_ilp32", "SUSE Package Hub 15 SP1:re2-devel-20200101-bp151.6.6.1.aarch64", "SUSE Package Hub 15 SP1:re2-devel-20200101-bp151.6.6.1.ppc64le", "SUSE Package Hub 15 SP1:re2-devel-20200101-bp151.6.6.1.s390x", "SUSE Package Hub 15 SP1:re2-devel-20200101-bp151.6.6.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2019-5845", "url": "https://www.suse.com/security/cve/CVE-2019-5845" }, { "category": "external", "summary": "SUSE Bug 1129059 for CVE-2019-5845", "url": "https://bugzilla.suse.com/1129059" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Package Hub 15 SP1:chromedriver-79.0.3945.117-bp151.3.47.1.aarch64", "SUSE Package Hub 15 SP1:chromedriver-79.0.3945.117-bp151.3.47.1.x86_64", "SUSE Package Hub 15 SP1:chromium-79.0.3945.117-bp151.3.47.1.aarch64", "SUSE Package Hub 15 SP1:chromium-79.0.3945.117-bp151.3.47.1.x86_64", "SUSE Package Hub 15 SP1:libre2-0-20200101-bp151.6.6.1.aarch64", "SUSE Package Hub 15 SP1:libre2-0-20200101-bp151.6.6.1.ppc64le", "SUSE Package Hub 15 SP1:libre2-0-20200101-bp151.6.6.1.s390x", "SUSE Package Hub 15 SP1:libre2-0-20200101-bp151.6.6.1.x86_64", "SUSE Package Hub 15 SP1:libre2-0-64bit-20200101-bp151.6.6.1.aarch64_ilp32", "SUSE Package Hub 15 SP1:re2-devel-20200101-bp151.6.6.1.aarch64", "SUSE Package Hub 15 SP1:re2-devel-20200101-bp151.6.6.1.ppc64le", "SUSE Package Hub 15 SP1:re2-devel-20200101-bp151.6.6.1.s390x", "SUSE Package Hub 15 SP1:re2-devel-20200101-bp151.6.6.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "SUSE Package Hub 15 SP1:chromedriver-79.0.3945.117-bp151.3.47.1.aarch64", "SUSE Package Hub 15 SP1:chromedriver-79.0.3945.117-bp151.3.47.1.x86_64", "SUSE Package Hub 15 SP1:chromium-79.0.3945.117-bp151.3.47.1.aarch64", "SUSE Package Hub 15 SP1:chromium-79.0.3945.117-bp151.3.47.1.x86_64", "SUSE Package Hub 15 SP1:libre2-0-20200101-bp151.6.6.1.aarch64", "SUSE Package Hub 15 SP1:libre2-0-20200101-bp151.6.6.1.ppc64le", "SUSE Package Hub 15 SP1:libre2-0-20200101-bp151.6.6.1.s390x", "SUSE Package Hub 15 SP1:libre2-0-20200101-bp151.6.6.1.x86_64", "SUSE Package Hub 15 SP1:libre2-0-64bit-20200101-bp151.6.6.1.aarch64_ilp32", "SUSE Package Hub 15 SP1:re2-devel-20200101-bp151.6.6.1.aarch64", "SUSE Package Hub 15 SP1:re2-devel-20200101-bp151.6.6.1.ppc64le", "SUSE Package Hub 15 SP1:re2-devel-20200101-bp151.6.6.1.s390x", "SUSE Package Hub 15 SP1:re2-devel-20200101-bp151.6.6.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2020-01-12T05:15:32Z", "details": "moderate" } ], "title": "CVE-2019-5845" }, { "cve": "CVE-2019-5846", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2019-5846" } ], "notes": [ { "category": "general", "text": "Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Package Hub 15 SP1:chromedriver-79.0.3945.117-bp151.3.47.1.aarch64", "SUSE Package Hub 15 SP1:chromedriver-79.0.3945.117-bp151.3.47.1.x86_64", "SUSE Package Hub 15 SP1:chromium-79.0.3945.117-bp151.3.47.1.aarch64", "SUSE Package Hub 15 SP1:chromium-79.0.3945.117-bp151.3.47.1.x86_64", "SUSE Package Hub 15 SP1:libre2-0-20200101-bp151.6.6.1.aarch64", "SUSE Package Hub 15 SP1:libre2-0-20200101-bp151.6.6.1.ppc64le", "SUSE Package Hub 15 SP1:libre2-0-20200101-bp151.6.6.1.s390x", "SUSE Package Hub 15 SP1:libre2-0-20200101-bp151.6.6.1.x86_64", "SUSE Package Hub 15 SP1:libre2-0-64bit-20200101-bp151.6.6.1.aarch64_ilp32", "SUSE Package Hub 15 SP1:re2-devel-20200101-bp151.6.6.1.aarch64", "SUSE Package Hub 15 SP1:re2-devel-20200101-bp151.6.6.1.ppc64le", "SUSE Package Hub 15 SP1:re2-devel-20200101-bp151.6.6.1.s390x", "SUSE Package Hub 15 SP1:re2-devel-20200101-bp151.6.6.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2019-5846", "url": "https://www.suse.com/security/cve/CVE-2019-5846" }, { "category": "external", "summary": "SUSE Bug 1129059 for CVE-2019-5846", "url": "https://bugzilla.suse.com/1129059" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Package Hub 15 SP1:chromedriver-79.0.3945.117-bp151.3.47.1.aarch64", "SUSE Package Hub 15 SP1:chromedriver-79.0.3945.117-bp151.3.47.1.x86_64", "SUSE Package Hub 15 SP1:chromium-79.0.3945.117-bp151.3.47.1.aarch64", "SUSE Package Hub 15 SP1:chromium-79.0.3945.117-bp151.3.47.1.x86_64", "SUSE Package Hub 15 SP1:libre2-0-20200101-bp151.6.6.1.aarch64", "SUSE Package Hub 15 SP1:libre2-0-20200101-bp151.6.6.1.ppc64le", "SUSE Package Hub 15 SP1:libre2-0-20200101-bp151.6.6.1.s390x", "SUSE Package Hub 15 SP1:libre2-0-20200101-bp151.6.6.1.x86_64", "SUSE Package Hub 15 SP1:libre2-0-64bit-20200101-bp151.6.6.1.aarch64_ilp32", "SUSE Package Hub 15 SP1:re2-devel-20200101-bp151.6.6.1.aarch64", "SUSE Package Hub 15 SP1:re2-devel-20200101-bp151.6.6.1.ppc64le", "SUSE Package Hub 15 SP1:re2-devel-20200101-bp151.6.6.1.s390x", "SUSE Package Hub 15 SP1:re2-devel-20200101-bp151.6.6.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "SUSE Package Hub 15 SP1:chromedriver-79.0.3945.117-bp151.3.47.1.aarch64", "SUSE Package Hub 15 SP1:chromedriver-79.0.3945.117-bp151.3.47.1.x86_64", "SUSE Package Hub 15 SP1:chromium-79.0.3945.117-bp151.3.47.1.aarch64", "SUSE Package Hub 15 SP1:chromium-79.0.3945.117-bp151.3.47.1.x86_64", "SUSE Package Hub 15 SP1:libre2-0-20200101-bp151.6.6.1.aarch64", "SUSE Package Hub 15 SP1:libre2-0-20200101-bp151.6.6.1.ppc64le", "SUSE Package Hub 15 SP1:libre2-0-20200101-bp151.6.6.1.s390x", "SUSE Package Hub 15 SP1:libre2-0-20200101-bp151.6.6.1.x86_64", "SUSE Package Hub 15 SP1:libre2-0-64bit-20200101-bp151.6.6.1.aarch64_ilp32", "SUSE Package Hub 15 SP1:re2-devel-20200101-bp151.6.6.1.aarch64", "SUSE Package Hub 15 SP1:re2-devel-20200101-bp151.6.6.1.ppc64le", "SUSE Package Hub 15 SP1:re2-devel-20200101-bp151.6.6.1.s390x", "SUSE Package Hub 15 SP1:re2-devel-20200101-bp151.6.6.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2020-01-12T05:15:32Z", "details": "moderate" } ], "title": "CVE-2019-5846" }, { "cve": "CVE-2020-6377", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2020-6377" } ], "notes": [ { "category": "general", "text": "Use after free in audio in Google Chrome prior to 79.0.3945.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Package Hub 15 SP1:chromedriver-79.0.3945.117-bp151.3.47.1.aarch64", "SUSE Package Hub 15 SP1:chromedriver-79.0.3945.117-bp151.3.47.1.x86_64", "SUSE Package Hub 15 SP1:chromium-79.0.3945.117-bp151.3.47.1.aarch64", "SUSE Package Hub 15 SP1:chromium-79.0.3945.117-bp151.3.47.1.x86_64", "SUSE Package Hub 15 SP1:libre2-0-20200101-bp151.6.6.1.aarch64", "SUSE Package Hub 15 SP1:libre2-0-20200101-bp151.6.6.1.ppc64le", "SUSE Package Hub 15 SP1:libre2-0-20200101-bp151.6.6.1.s390x", "SUSE Package Hub 15 SP1:libre2-0-20200101-bp151.6.6.1.x86_64", "SUSE Package Hub 15 SP1:libre2-0-64bit-20200101-bp151.6.6.1.aarch64_ilp32", "SUSE Package Hub 15 SP1:re2-devel-20200101-bp151.6.6.1.aarch64", "SUSE Package Hub 15 SP1:re2-devel-20200101-bp151.6.6.1.ppc64le", "SUSE Package Hub 15 SP1:re2-devel-20200101-bp151.6.6.1.s390x", "SUSE Package Hub 15 SP1:re2-devel-20200101-bp151.6.6.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2020-6377", "url": "https://www.suse.com/security/cve/CVE-2020-6377" }, { "category": "external", "summary": "SUSE Bug 1160337 for CVE-2020-6377", "url": "https://bugzilla.suse.com/1160337" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Package Hub 15 SP1:chromedriver-79.0.3945.117-bp151.3.47.1.aarch64", "SUSE Package Hub 15 SP1:chromedriver-79.0.3945.117-bp151.3.47.1.x86_64", "SUSE Package Hub 15 SP1:chromium-79.0.3945.117-bp151.3.47.1.aarch64", "SUSE Package Hub 15 SP1:chromium-79.0.3945.117-bp151.3.47.1.x86_64", "SUSE Package Hub 15 SP1:libre2-0-20200101-bp151.6.6.1.aarch64", "SUSE Package Hub 15 SP1:libre2-0-20200101-bp151.6.6.1.ppc64le", "SUSE Package Hub 15 SP1:libre2-0-20200101-bp151.6.6.1.s390x", "SUSE Package Hub 15 SP1:libre2-0-20200101-bp151.6.6.1.x86_64", "SUSE Package Hub 15 SP1:libre2-0-64bit-20200101-bp151.6.6.1.aarch64_ilp32", "SUSE Package Hub 15 SP1:re2-devel-20200101-bp151.6.6.1.aarch64", "SUSE Package Hub 15 SP1:re2-devel-20200101-bp151.6.6.1.ppc64le", "SUSE Package Hub 15 SP1:re2-devel-20200101-bp151.6.6.1.s390x", "SUSE Package Hub 15 SP1:re2-devel-20200101-bp151.6.6.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "SUSE Package Hub 15 SP1:chromedriver-79.0.3945.117-bp151.3.47.1.aarch64", "SUSE Package Hub 15 SP1:chromedriver-79.0.3945.117-bp151.3.47.1.x86_64", "SUSE Package Hub 15 SP1:chromium-79.0.3945.117-bp151.3.47.1.aarch64", "SUSE Package Hub 15 SP1:chromium-79.0.3945.117-bp151.3.47.1.x86_64", "SUSE Package Hub 15 SP1:libre2-0-20200101-bp151.6.6.1.aarch64", "SUSE Package Hub 15 SP1:libre2-0-20200101-bp151.6.6.1.ppc64le", "SUSE Package Hub 15 SP1:libre2-0-20200101-bp151.6.6.1.s390x", "SUSE Package Hub 15 SP1:libre2-0-20200101-bp151.6.6.1.x86_64", "SUSE Package Hub 15 SP1:libre2-0-64bit-20200101-bp151.6.6.1.aarch64_ilp32", "SUSE Package Hub 15 SP1:re2-devel-20200101-bp151.6.6.1.aarch64", "SUSE Package Hub 15 SP1:re2-devel-20200101-bp151.6.6.1.ppc64le", "SUSE Package Hub 15 SP1:re2-devel-20200101-bp151.6.6.1.s390x", "SUSE Package Hub 15 SP1:re2-devel-20200101-bp151.6.6.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2020-01-12T05:15:32Z", "details": "important" } ], "title": "CVE-2020-6377" } ] }
fkie_cve-2019-5845
Vulnerability from fkie_nvd
Published
2020-01-03 23:15
Modified
2024-11-21 04:45
Severity ?
Summary
Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
References
▶ | URL | Tags | |
---|---|---|---|
chrome-cve-admin@google.com | http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00002.html | ||
chrome-cve-admin@google.com | http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00004.html | ||
chrome-cve-admin@google.com | http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00007.html | ||
chrome-cve-admin@google.com | http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00023.html | ||
chrome-cve-admin@google.com | https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html | ||
chrome-cve-admin@google.com | https://crbug.com/915197 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00002.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00004.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00007.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00023.html | ||
af854a3a-2127-422b-91ae-364da2661108 | https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html | ||
af854a3a-2127-422b-91ae-364da2661108 | https://crbug.com/915197 |
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "matchCriteriaId": "EA174888-9FEB-4029-8E0D-D6CFCF1A74F6", "versionEndExcluding": "73.0.3683.75", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "40513095-7E6E-46B3-B604-C926F1BA3568", "vulnerable": true }, { "criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page." }, { "lang": "es", "value": "Un acceso fuera de l\u00edmites en SwiftShader en Google Chrome versiones anteriores a la versi\u00f3n 73.0.3683.75, permiti\u00f3 a un atacante remoto explotar potencialmente una corrupci\u00f3n de la pila por medio de una p\u00e1gina HTML especialmente dise\u00f1ada." } ], "id": "CVE-2019-5845", "lastModified": "2024-11-21T04:45:37.823", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2020-01-03T23:15:12.523", "references": [ { "source": "chrome-cve-admin@google.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00002.html" }, { "source": "chrome-cve-admin@google.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00004.html" }, { "source": "chrome-cve-admin@google.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00007.html" }, { "source": "chrome-cve-admin@google.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00023.html" }, { "source": "chrome-cve-admin@google.com", "url": "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html" }, { "source": "chrome-cve-admin@google.com", "url": "https://crbug.com/915197" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00002.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00004.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00007.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00023.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://crbug.com/915197" } ], "sourceIdentifier": "chrome-cve-admin@google.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-787" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
ghsa-7872-4j89-whg8
Vulnerability from github
Published
2022-05-24 17:05
Modified
2022-10-08 00:00
Severity ?
VLAI Severity ?
Details
Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
{ "affected": [], "aliases": [ "CVE-2019-5845" ], "database_specific": { "cwe_ids": [ "CWE-787" ], "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2020-01-03T23:15:00Z", "severity": "MODERATE" }, "details": "Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "id": "GHSA-7872-4j89-whg8", "modified": "2022-10-08T00:00:28Z", "published": "2022-05-24T17:05:34Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5845" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html" }, { "type": "WEB", "url": "https://crbug.com/915197" }, { "type": "WEB", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00002.html" }, { "type": "WEB", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00004.html" }, { "type": "WEB", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00007.html" }, { "type": "WEB", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00023.html" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "type": "CVSS_V3" } ] }
gsd-2019-5845
Vulnerability from gsd
Modified
2023-12-13 01:23
Details
Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Aliases
Aliases
{ "GSD": { "alias": "CVE-2019-5845", "description": "Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "id": "GSD-2019-5845", "references": [ "https://www.suse.com/security/cve/CVE-2019-5845.html" ] }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2019-5845" ], "details": "Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "id": "GSD-2019-5845", "modified": "2023-12-13T01:23:55.150771Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "security@google.com", "ID": "CVE-2019-5845", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Chrome", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "73.0.3683.75" } ] } } ] }, "vendor_name": "Google" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Out of bounds memory access" } ] } ] }, "references": { "reference_data": [ { "name": "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html", "refsource": "MISC", "url": "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html" }, { "name": "https://crbug.com/915197", "refsource": "MISC", "url": "https://crbug.com/915197" }, { "name": "openSUSE-SU-2020:0004", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00002.html" }, { "name": "openSUSE-SU-2020:0006", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00004.html" }, { "name": "openSUSE-SU-2020:0009", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00007.html" }, { "name": "openSUSE-SU-2020:0053", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00023.html" } ] } }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "73.0.3683.75", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "security@google.com", "ID": "CVE-2019-5845" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "CWE-787" } ] } ] }, "references": { "reference_data": [ { "name": "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html", "refsource": "MISC", "tags": [ "Release Notes", "Vendor Advisory" ], "url": "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html" }, { "name": "https://crbug.com/915197", "refsource": "MISC", "tags": [ "Exploit", "Patch", "Vendor Advisory" ], "url": "https://crbug.com/915197" }, { "name": "openSUSE-SU-2020:0004", "refsource": "SUSE", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00002.html" }, { "name": "openSUSE-SU-2020:0006", "refsource": "SUSE", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00004.html" }, { "name": "openSUSE-SU-2020:0009", "refsource": "SUSE", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00007.html" }, { "name": "openSUSE-SU-2020:0053", "refsource": "SUSE", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00023.html" } ] } }, "impact": { "baseMetricV2": { "acInsufInfo": false, "cvssV2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true }, "baseMetricV3": { "cvssV3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 3.6 } }, "lastModifiedDate": "2022-10-07T18:56Z", "publishedDate": "2020-01-03T23:15Z" } } }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…