openSUSE Security Update: Security update for Chromium ______________________________________________________________________________ Announcement ID: openSUSE-SU-2016:0518-1 Rating: moderate References: #965566 #965738 #965999 #966082 Cross-References: CVE-2016-1622 CVE-2016-1623 CVE-2016-1624 CVE-2016-1625 CVE-2016-1626 CVE-2016-1627 Affected Products: openSUSE 13.1 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update to Chromium 48.0.2564.109 fixes the following issues: Security fixes (boo#965999): - CVE-2016-1622: Same-origin bypass in Extensions - CVE-2016-1623: Same-origin bypass in DOM - CVE-2016-1624: Buffer overflow in Brotli - CVE-2016-1625: Navigation bypass in Chrome Instant - CVE-2016-1626: Out-of-bounds read in PDFium - CVE-2016-1627: Various fixes from internal audits, fuzzing and other initiatives Non-security bug fixes: - boo#965738: resolve issues with specific banking websites when built against system libraries - boo#966082: chromium: sandbox related stacktrace printed - boo#965566: Drop libva support - Prevent graphical issues related to libjpeg - On KDE 5 kwallet5 is the default password store now Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.1: zypper in -t patch 2016-238=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.1 (i586 x86_64): chromedriver-48.0.2564.109-125.1 chromedriver-debuginfo-48.0.2564.109-125.1 chromium-48.0.2564.109-125.1 chromium-debuginfo-48.0.2564.109-125.1 chromium-debugsource-48.0.2564.109-125.1 chromium-desktop-gnome-48.0.2564.109-125.1 chromium-desktop-kde-48.0.2564.109-125.1 chromium-ffmpegsumo-48.0.2564.109-125.1 chromium-ffmpegsumo-debuginfo-48.0.2564.109-125.1 References: https://www.suse.com/security/cve/CVE-2016-1622.html https://www.suse.com/security/cve/CVE-2016-1623.html https://www.suse.com/security/cve/CVE-2016-1624.html https://www.suse.com/security/cve/CVE-2016-1625.html https://www.suse.com/security/cve/CVE-2016-1626.html https://www.suse.com/security/cve/CVE-2016-1627.html https://bugzilla.suse.com/965566 https://bugzilla.suse.com/965738 https://bugzilla.suse.com/965999 https://bugzilla.suse.com/966082