openSUSE Security Update: Security update for Chromium ______________________________________________________________________________ Announcement ID: openSUSE-SU-2016:1489-1 Rating: important References: #982719 Cross-References: CVE-2016-1696 CVE-2016-1697 CVE-2016-1698 CVE-2016-1699 CVE-2016-1700 CVE-2016-1701 CVE-2016-1702 CVE-2016-1703 Affected Products: openSUSE Leap 42.1 ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: Chromium was updated to 51.0.2704.79 to fix a number of security issues. [boo#982719] - CVE-2016-1696: Cross-origin bypass in Extension bindings - CVE-2016-1697: Cross-origin bypass in Blink - CVE-2016-1698: Information leak in Extension bindings - CVE-2016-1699: Parameter sanitization failure in DevTools - CVE-2016-1700: Use-after-free in Extensions - CVE-2016-1701: Use-after-free in Autofill - CVE-2016-1702: Out-of-bounds read in Skia - CVE-2016-1703: Various fixes from internal audits, fuzzing and other initiatives Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.1: zypper in -t patch 5171=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.1 (x86_64): chromedriver-51.0.2704.79-54.1 chromedriver-debuginfo-51.0.2704.79-54.1 chromium-51.0.2704.79-54.1 chromium-debuginfo-51.0.2704.79-54.1 chromium-debugsource-51.0.2704.79-54.1 chromium-desktop-gnome-51.0.2704.79-54.1 chromium-desktop-kde-51.0.2704.79-54.1 chromium-ffmpegsumo-51.0.2704.79-54.1 chromium-ffmpegsumo-debuginfo-51.0.2704.79-54.1 References: https://www.suse.com/security/cve/CVE-2016-1696.html https://www.suse.com/security/cve/CVE-2016-1697.html https://www.suse.com/security/cve/CVE-2016-1698.html https://www.suse.com/security/cve/CVE-2016-1699.html https://www.suse.com/security/cve/CVE-2016-1700.html https://www.suse.com/security/cve/CVE-2016-1701.html https://www.suse.com/security/cve/CVE-2016-1702.html https://www.suse.com/security/cve/CVE-2016-1703.html https://bugzilla.suse.com/982719 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security-announce+help@opensuse.org