{"affected":[{"ecosystem_specific":{"binaries":[{"chromedriver":"86.0.4240.183-bp152.2.26.1","chromium":"86.0.4240.183-bp152.2.26.1","gn":"0.1807-bp152.2.3.4"}]},"package":{"ecosystem":"SUSE:Package Hub 15 SP2","name":"chromium","purl":"pkg:rpm/suse/chromium&distro=SUSE%20Package%20Hub%2015%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"86.0.4240.183-bp152.2.26.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"chromedriver":"86.0.4240.183-bp152.2.26.1","chromium":"86.0.4240.183-bp152.2.26.1","gn":"0.1807-bp152.2.3.4"}]},"package":{"ecosystem":"SUSE:Package Hub 15 SP2","name":"gn","purl":"pkg:rpm/suse/gn&distro=SUSE%20Package%20Hub%2015%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.1807-bp152.2.3.4"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for chromium, gn fixes the following issues:\n\nchromium was updated to 86.0.4240.183 boo#1178375\n\n- CVE-2020-16004: Use after free in user interface.\n- CVE-2020-16005: Insufficient policy enforcement in ANGLE.\n- CVE-2020-16006: Inappropriate implementation in V8\n- CVE-2020-16007: Insufficient data validation in installer.\n- CVE-2020-16008: Stack buffer overflow in WebRTC.\n- CVE-2020-16009: Inappropriate implementation in V8.\n- CVE-2020-16011: Heap buffer overflow in UI on Windows.\n\nUpdate to 86.0.4240.111 boo#1177936\n\n- CVE-2020-16000: Inappropriate implementation in Blink.\n- CVE-2020-16001: Use after free in media.\n- CVE-2020-16002: Use after free in PDFium.\n- CVE-2020-15999: Heap buffer overflow in Freetype.\n- CVE-2020-16003: Use after free in printing.\n\n- chromium-86-f_seal.patch: F_SEAL* definitions added for leap 15.1 and 15.2\n\n- Remove vdpau->vaapi bridge as it breaks a lot:\n  (fixes welcome by someone else than me)\n\n- Fix cookiemonster:\n\nUpdate to 86.0.4240.75 boo#1177408:\n\n* CVE-2020-15967: Use after free in payments.\n* CVE-2020-15968: Use after free in Blink.\n* CVE-2020-15969: Use after free in WebRTC. \n* CVE-2020-15970: Use after free in NFC.\n* CVE-2020-15971: Use after free in printing. \n* CVE-2020-15972: Use after free in audio. \n* CVE-2020-15990: Use after free in autofill. \n* CVE-2020-15991: Use after free in password manager.\n* CVE-2020-15973: Insufficient policy enforcement in extensions.\n* CVE-2020-15974: Integer overflow in Blink. \n* CVE-2020-15975: Integer overflow in SwiftShader. \n* CVE-2020-15976: Use after free in WebXR. \n* CVE-2020-6557: Inappropriate implementation in networking. \n* CVE-2020-15977: Insufficient data validation in dialogs.\n* CVE-2020-15978: Insufficient data validation in navigation.\n* CVE-2020-15979: Inappropriate implementation in V8.\n* CVE-2020-15980: Insufficient policy enforcement in Intents.\n* CVE-2020-15981: Out of bounds read in audio. \n* CVE-2020-15982: Side-channel information leakage in cache. \n* CVE-2020-15983: Insufficient data validation in webUI.\n* CVE-2020-15984: Insufficient policy enforcement in Omnibox. \n* CVE-2020-15985: Inappropriate implementation in Blink. \n* CVE-2020-15986: Integer overflow in media. \n* CVE-2020-15987: Use after free in WebRTC. \n* CVE-2020-15992: Insufficient policy enforcement in networking. \n* CVE-2020-15988: Insufficient policy enforcement in downloads.\n* CVE-2020-15989: Uninitialized Use in PDFium.\n\n- Update to 0.1807:\n\n  * no upstream changelog\n","id":"openSUSE-SU-2020:1829-1","modified":"2020-11-05T08:42:50Z","published":"2020-11-05T08:42:50Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3H3IAURHPZWH2LAQL44ANHYEB6AFWZGW/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1177408"},{"type":"REPORT","url":"https://bugzilla.suse.com/1177936"},{"type":"REPORT","url":"https://bugzilla.suse.com/1178375"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-15967"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-15968"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-15969"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-15970"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-15971"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-15972"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-15973"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-15974"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-15975"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-15976"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-15977"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-15978"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-15979"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-15980"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-15981"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-15982"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-15983"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-15984"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-15985"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-15986"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-15987"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-15988"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-15989"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-15990"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-15991"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-15992"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-15999"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-16000"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-16001"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-16002"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-16003"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-16004"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-16005"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-16006"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-16007"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-16008"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-16009"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-16011"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-6557"}],"related":["CVE-2020-15967","CVE-2020-15968","CVE-2020-15969","CVE-2020-15970","CVE-2020-15971","CVE-2020-15972","CVE-2020-15973","CVE-2020-15974","CVE-2020-15975","CVE-2020-15976","CVE-2020-15977","CVE-2020-15978","CVE-2020-15979","CVE-2020-15980","CVE-2020-15981","CVE-2020-15982","CVE-2020-15983","CVE-2020-15984","CVE-2020-15985","CVE-2020-15986","CVE-2020-15987","CVE-2020-15988","CVE-2020-15989","CVE-2020-15990","CVE-2020-15991","CVE-2020-15992","CVE-2020-15999","CVE-2020-16000","CVE-2020-16001","CVE-2020-16002","CVE-2020-16003","CVE-2020-16004","CVE-2020-16005","CVE-2020-16006","CVE-2020-16007","CVE-2020-16008","CVE-2020-16009","CVE-2020-16011","CVE-2020-6557"],"summary":"Security update for chromium, gn","upstream":["CVE-2020-15967","CVE-2020-15968","CVE-2020-15969","CVE-2020-15970","CVE-2020-15971","CVE-2020-15972","CVE-2020-15973","CVE-2020-15974","CVE-2020-15975","CVE-2020-15976","CVE-2020-15977","CVE-2020-15978","CVE-2020-15979","CVE-2020-15980","CVE-2020-15981","CVE-2020-15982","CVE-2020-15983","CVE-2020-15984","CVE-2020-15985","CVE-2020-15986","CVE-2020-15987","CVE-2020-15988","CVE-2020-15989","CVE-2020-15990","CVE-2020-15991","CVE-2020-15992","CVE-2020-15999","CVE-2020-16000","CVE-2020-16001","CVE-2020-16002","CVE-2020-16003","CVE-2020-16004","CVE-2020-16005","CVE-2020-16006","CVE-2020-16007","CVE-2020-16008","CVE-2020-16009","CVE-2020-16011","CVE-2020-6557"]}