Jump to content
Compatible Support Forums
Sign in to follow this  
news

[security-announce] openSUSE-SU-2017:1993-1: important: Security update for chromium

Recommended Posts

openSUSE Security Update: Security update for chromium

______________________________________________________________________________

 

Announcement ID: openSUSE-SU-2017:1993-1

Rating: important

References: #1050537

Cross-References: CVE-2017-5091 CVE-2017-5092 CVE-2017-5093

CVE-2017-5094 CVE-2017-5095 CVE-2017-5096

CVE-2017-5097 CVE-2017-5098 CVE-2017-5099

CVE-2017-5100 CVE-2017-5101 CVE-2017-5102

CVE-2017-5103 CVE-2017-5104 CVE-2017-5105

CVE-2017-5106 CVE-2017-5107 CVE-2017-5108

CVE-2017-5109 CVE-2017-5110 CVE-2017-7000

 

Affected Products:

openSUSE Leap 42.3

openSUSE Leap 42.2

______________________________________________________________________________

 

An update that fixes 21 vulnerabilities is now available.

 

Description:

 

This update Chromium to version 60.0.3112.78 fixes security issue and bugs.

 

The following security issues were fixed:

 

* CVE-2017-5091: Use after free in IndexedDB

* CVE-2017-5092: Use after free in PPAPI

* CVE-2017-5093: UI spoofing in Blink

* CVE-2017-5094: Type confusion in extensions

* CVE-2017-5095: Out-of-bounds write in PDFium

* CVE-2017-5096: User information leak via Android intents

* CVE-2017-5097: Out-of-bounds read in Skia

* CVE-2017-5098: Use after free in V8

* CVE-2017-5099: Out-of-bounds write in PPAPI

* CVE-2017-5100: Use after free in Chrome Apps

* CVE-2017-5101: URL spoofing in OmniBox

* CVE-2017-5102: Uninitialized use in Skia

* CVE-2017-5103: Uninitialized use in Skia

* CVE-2017-5104: UI spoofing in browser

* CVE-2017-7000: Pointer disclosure in SQLite

* CVE-2017-5105: URL spoofing in OmniBox

* CVE-2017-5106: URL spoofing in OmniBox

* CVE-2017-5107: User information leak via SVG

* CVE-2017-5108: Type confusion in PDFium

* CVE-2017-5109: UI spoofing in browser

* CVE-2017-5110: UI spoofing in payments dialog

* Various fixes from internal audits, fuzzing and other initiatives

 

A number of upstream bugfixes are also included in this release.

 

 

Patch Instructions:

 

To install this openSUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

 

- openSUSE Leap 42.3:

 

zypper in -t patch openSUSE-2017-854=1

 

- openSUSE Leap 42.2:

 

zypper in -t patch openSUSE-2017-854=1

 

To bring your system up-to-date, use "zypper patch".

 

 

Package List:

 

- openSUSE Leap 42.3 (x86_64):

 

chromedriver-60.0.3112.78-107.1

chromedriver-debuginfo-60.0.3112.78-107.1

chromium-60.0.3112.78-107.1

chromium-debuginfo-60.0.3112.78-107.1

chromium-debugsource-60.0.3112.78-107.1

 

- openSUSE Leap 42.2 (x86_64):

 

chromedriver-60.0.3112.78-104.21.1

chromedriver-debuginfo-60.0.3112.78-104.21.1

chromium-60.0.3112.78-104.21.1

chromium-debuginfo-60.0.3112.78-104.21.1

chromium-debugsource-60.0.3112.78-104.21.1

 

 

References:

 

https://www.suse.com/security/cve/CVE-2017-5091.html

https://www.suse.com/security/cve/CVE-2017-5092.html

https://www.suse.com/security/cve/CVE-2017-5093.html

https://www.suse.com/security/cve/CVE-2017-5094.html

https://www.suse.com/security/cve/CVE-2017-5095.html

https://www.suse.com/security/cve/CVE-2017-5096.html

https://www.suse.com/security/cve/CVE-2017-5097.html

https://www.suse.com/security/cve/CVE-2017-5098.html

https://www.suse.com/security/cve/CVE-2017-5099.html

https://www.suse.com/security/cve/CVE-2017-5100.html

https://www.suse.com/security/cve/CVE-2017-5101.html

https://www.suse.com/security/cve/CVE-2017-5102.html

https://www.suse.com/security/cve/CVE-2017-5103.html

https://www.suse.com/security/cve/CVE-2017-5104.html

https://www.suse.com/security/cve/CVE-2017-5105.html

https://www.suse.com/security/cve/CVE-2017-5106.html

https://www.suse.com/security/cve/CVE-2017-5107.html

https://www.suse.com/security/cve/CVE-2017-5108.html

https://www.suse.com/security/cve/CVE-2017-5109.html

https://www.suse.com/security/cve/CVE-2017-5110.html

https://www.suse.com/security/cve/CVE-2017-7000.html

https://bugzilla.suse.com/1050537

 

--

To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org

For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org

 

 

 

Share this post


Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  

×