Critical vulnerabilities affecting OpenSUSE, formerly SUSE Linux, disclosed

Even with the marked decrease in industrial, government and academic activities due to the global coronavirus outbreak, reports on technological developments’ vulnerabilities have continued to appear. This time, vulnerability assessment firms have revealed multiple security flaws affecting OpenSUSE, a Linux distro formerly known as SUSE Linux.

In total, nine vulnerabilities that could be exploited by remote threat actors to perform various malicious activities were reported. Below is a review of the most dangerous flaws reported, alongside with their respective Common Vulnerability Scoring System (CVSS) keys.

CVE-2020-6422: This vulnerability exists due to a WebGL use-after-free error in Google Chrome. A remote threat actor could create a malicious website to execute arbitrary code on the affected user’s system. This is a security flaw considered critical, so it is recommended that administrators of affected deployments update immediately, as mentioned by the vulnerability assessment specialists.

CVE-2019-20503: This vulnerability exists due to a limit condition in sctp_load_addresses_from_init of usrsctp. The flaw can be exploited by a remote hacker to pass specially designed data to the application and generate an out-of-bounds read condition, accessing the contents of the affected system’s memory.

This flaw is considered medium security and patches to fix it are now available on developer platforms.

CVE-2020-6424: This vulnerability allows remote hackers to use a use-after-free error on a media component in Google Chrome to execute arbitrary code on the target system using a vulnerable website. Vulnerability assessment experts mention that this is also a critical flaw, so administrators should install the corresponding updates as soon as possible.

CVE-2020-6425: This is a flaw that exists due to insufficient policy enforcement on some Google Chrome extensions. If exploited, a threat actor could trick a victim into installing a specially designed extension and leading to an arbitrary code execution scenario.

CVE-2020-6426: This flaw exists due to incorrect implementation in the V8 engine of the Google Chrome browser. Remote hackers can create web pages specially designed to execute arbitrary code on affected systems.

The International Institute of Cyber Security (IICS) recommends checking the official platforms of the developers of this distribution to download the corresponding updates and find more details about these flaws.