openSUSE Security Update : chromium (openSUSE-2019-2692)

high Nessus Plugin ID 132087

Language:

Synopsis

The remote openSUSE host is missing a security update.

Description

This update for chromium fixes the following issues :

Chromium was updated to 79.0.3945.79 (boo#1158982)	

- CVE-2019-13725: Fixed a use after free in Bluetooth

- CVE-2019-13726: Fixed a heap buffer overflow in password manager

- CVE-2019-13727: Fixed an insufficient policy enforcement in WebSockets

- CVE-2019-13728: Fixed an out of bounds write in V8

- CVE-2019-13729: Fixed a use after free in WebSockets

- CVE-2019-13730: Fixed a type Confusion in V8

- CVE-2019-13732: Fixed a use after free in WebAudio

- CVE-2019-13734: Fixed an out of bounds write in SQLite

- CVE-2019-13735: Fixed an out of bounds write in V8

- CVE-2019-13764: Fixed a type Confusion in V8

- CVE-2019-13736: Fixed an integer overflow in PDFium

- CVE-2019-13737: Fixed an insufficient policy enforcement in autocomplete

- CVE-2019-13738: Fixed an insufficient policy enforcement in navigation

- CVE-2019-13739: Fixed an incorrect security UI in Omnibox

- CVE-2019-13740: Fixed an incorrect security UI in sharing

- CVE-2019-13741: Fixed an insufficient validation of untrusted input in Blink

- CVE-2019-13742: Fixed an incorrect security UI in Omnibox

- CVE-2019-13743: Fixed an incorrect security UI in external protocol handling

- CVE-2019-13744: Fixed an insufficient policy enforcement in cookies

- CVE-2019-13745: Fixed an insufficient policy enforcement in audio

- CVE-2019-13746: Fixed an insufficient policy enforcement in Omnibox

- CVE-2019-13747: Fixed an uninitialized Use in rendering

- CVE-2019-13748: Fixed an insufficient policy enforcement in developer tools

- CVE-2019-13749: Fixed an incorrect security UI in Omnibox

- CVE-2019-13750: Fixed an insufficient data validation in SQLite

- CVE-2019-13751: Fixed an uninitialized Use in SQLite

- CVE-2019-13752: Fixed an out of bounds read in SQLite

- CVE-2019-13753: Fixed an out of bounds read in SQLite

- CVE-2019-13754: Fixed an insufficient policy enforcement in extensions

- CVE-2019-13755: Fixed an insufficient policy enforcement in extensions

- CVE-2019-13756: Fixed an incorrect security UI in printing

- CVE-2019-13757: Fixed an incorrect security UI in Omnibox

- CVE-2019-13758: Fixed an insufficient policy enforcement in navigation

- CVE-2019-13759: Fixed an incorrect security UI in interstitials

- CVE-2019-13761: Fixed an incorrect security UI in Omnibox

- CVE-2019-13762: Fixed an insufficient policy enforcement in downloads

- CVE-2019-13763: Fixed an insufficient policy enforcement in payments

Solution

Update the affected chromium packages.

See Also

https://bugzilla.opensuse.org/show_bug.cgi?id=1158982

Plugin Details

Severity: High

ID: 132087

File Name: openSUSE-2019-2692.nasl

Version: 1.3

Type: local

Agent: unix

Published: 12/17/2019

Updated: 5/29/2020

Supported Sensors: Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.4

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:chromedriver, p-cpe:/a:novell:opensuse:chromedriver-debuginfo, p-cpe:/a:novell:opensuse:chromium, p-cpe:/a:novell:opensuse:chromium-debuginfo, p-cpe:/a:novell:opensuse:chromium-debugsource, cpe:/o:novell:opensuse:15.1

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Exploit Ease: No known exploits are available

Patch Publication Date: 12/16/2019

Vulnerability Publication Date: 12/10/2019

Reference Information

CVE: CVE-2019-13725, CVE-2019-13726, CVE-2019-13727, CVE-2019-13728, CVE-2019-13729, CVE-2019-13730, CVE-2019-13732, CVE-2019-13734, CVE-2019-13735, CVE-2019-13736, CVE-2019-13737, CVE-2019-13738, CVE-2019-13739, CVE-2019-13740, CVE-2019-13741, CVE-2019-13742, CVE-2019-13743, CVE-2019-13744, CVE-2019-13745, CVE-2019-13746, CVE-2019-13747, CVE-2019-13748, CVE-2019-13749, CVE-2019-13750, CVE-2019-13751, CVE-2019-13752, CVE-2019-13753, CVE-2019-13754, CVE-2019-13755, CVE-2019-13756, CVE-2019-13757, CVE-2019-13758, CVE-2019-13759, CVE-2019-13761, CVE-2019-13762, CVE-2019-13763, CVE-2019-13764