openSUSE Security Update: Security update for chromium ______________________________________________________________________________ Announcement ID: openSUSE-SU-2017:3244-1 Rating: important References: #1071691 Cross-References: CVE-2017-15408 CVE-2017-15409 CVE-2017-15410 CVE-2017-15411 CVE-2017-15412 CVE-2017-15413 CVE-2017-15415 CVE-2017-15416 CVE-2017-15417 CVE-2017-15418 CVE-2017-15419 CVE-2017-15420 CVE-2017-15422 CVE-2017-15423 CVE-2017-15424 CVE-2017-15425 CVE-2017-15426 CVE-2017-15427 Affected Products: openSUSE Leap 42.3 openSUSE Leap 42.2 ______________________________________________________________________________ An update that fixes 18 vulnerabilities is now available. Description: This update to Chromium 63.0.3239.84 fixes the following security issues: - CVE-2017-15408: Heap buffer overflow in PDFium - CVE-2017-15409: Out of bounds write in Skia - CVE-2017-15410: Use after free in PDFium - CVE-2017-15411: Use after free in PDFium - CVE-2017-15412: Use after free in libXML - CVE-2017-15413: Type confusion in WebAssembly - CVE-2017-15415: Pointer information disclosure in IPC call - CVE-2017-15416: Out of bounds read in Blink - CVE-2017-15417: Cross origin information disclosure in Skia - CVE-2017-15418: Use of uninitialized value in Skia - CVE-2017-15419: Cross origin leak of redirect URL in Blink - CVE-2017-15420: URL spoofing in Omnibox - CVE-2017-15422: Integer overflow in ICU - CVE-2017-15423: Issue with SPAKE implementation in BoringSSL - CVE-2017-15424: URL Spoof in Omnibox - CVE-2017-15425: URL Spoof in Omnibox - CVE-2017-15426: URL Spoof in Omnibox - CVE-2017-15427: Insufficient blocking of JavaScript in Omnibox Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.3: zypper in -t patch openSUSE-2017-1349=1 - openSUSE Leap 42.2: zypper in -t patch openSUSE-2017-1349=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.3 (x86_64): chromedriver-63.0.3239.84-127.1 chromedriver-debuginfo-63.0.3239.84-127.1 chromium-63.0.3239.84-127.1 chromium-debuginfo-63.0.3239.84-127.1 chromium-debugsource-63.0.3239.84-127.1 - openSUSE Leap 42.2 (x86_64): chromedriver-63.0.3239.84-104.41.1 chromedriver-debuginfo-63.0.3239.84-104.41.1 chromium-63.0.3239.84-104.41.1 chromium-debuginfo-63.0.3239.84-104.41.1 chromium-debugsource-63.0.3239.84-104.41.1 References: https://www.suse.com/security/cve/CVE-2017-15408.html https://www.suse.com/security/cve/CVE-2017-15409.html https://www.suse.com/security/cve/CVE-2017-15410.html https://www.suse.com/security/cve/CVE-2017-15411.html https://www.suse.com/security/cve/CVE-2017-15412.html https://www.suse.com/security/cve/CVE-2017-15413.html https://www.suse.com/security/cve/CVE-2017-15415.html https://www.suse.com/security/cve/CVE-2017-15416.html https://www.suse.com/security/cve/CVE-2017-15417.html https://www.suse.com/security/cve/CVE-2017-15418.html https://www.suse.com/security/cve/CVE-2017-15419.html https://www.suse.com/security/cve/CVE-2017-15420.html https://www.suse.com/security/cve/CVE-2017-15422.html https://www.suse.com/security/cve/CVE-2017-15423.html https://www.suse.com/security/cve/CVE-2017-15424.html https://www.suse.com/security/cve/CVE-2017-15425.html https://www.suse.com/security/cve/CVE-2017-15426.html https://www.suse.com/security/cve/CVE-2017-15427.html https://bugzilla.suse.com/1071691 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security-announce+help@opensuse.org