openSUSE Security Update: Security update for chromium ______________________________________________________________________________ Announcement ID: openSUSE-SU-2017:1994-1 Rating: important References: #1050537 Cross-References: CVE-2017-5091 CVE-2017-5092 CVE-2017-5093 CVE-2017-5094 CVE-2017-5095 CVE-2017-5096 CVE-2017-5097 CVE-2017-5098 CVE-2017-5099 CVE-2017-5100 CVE-2017-5101 CVE-2017-5102 CVE-2017-5103 CVE-2017-5104 CVE-2017-5105 CVE-2017-5106 CVE-2017-5107 CVE-2017-5108 CVE-2017-5109 CVE-2017-5110 CVE-2017-7000 Affected Products: SUSE Package Hub for SUSE Linux Enterprise 12 ______________________________________________________________________________ An update that fixes 21 vulnerabilities is now available. Description: This update Chromium to version 60.0.3112.78 fixes security issue and bugs. The following security issues were fixed: * CVE-2017-5091: Use after free in IndexedDB * CVE-2017-5092: Use after free in PPAPI * CVE-2017-5093: UI spoofing in Blink * CVE-2017-5094: Type confusion in extensions * CVE-2017-5095: Out-of-bounds write in PDFium * CVE-2017-5096: User information leak via Android intents * CVE-2017-5097: Out-of-bounds read in Skia * CVE-2017-5098: Use after free in V8 * CVE-2017-5099: Out-of-bounds write in PPAPI * CVE-2017-5100: Use after free in Chrome Apps * CVE-2017-5101: URL spoofing in OmniBox * CVE-2017-5102: Uninitialized use in Skia * CVE-2017-5103: Uninitialized use in Skia * CVE-2017-5104: UI spoofing in browser * CVE-2017-7000: Pointer disclosure in SQLite * CVE-2017-5105: URL spoofing in OmniBox * CVE-2017-5106: URL spoofing in OmniBox * CVE-2017-5107: User information leak via SVG * CVE-2017-5108: Type confusion in PDFium * CVE-2017-5109: UI spoofing in browser * CVE-2017-5110: UI spoofing in payments dialog * Various fixes from internal audits, fuzzing and other initiatives A number of upstream bugfixes are also included in this release. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Package Hub for SUSE Linux Enterprise 12: zypper in -t patch openSUSE-2017-854=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Package Hub for SUSE Linux Enterprise 12 (x86_64): chromedriver-60.0.3112.78-26.1 chromedriver-debuginfo-60.0.3112.78-26.1 chromium-60.0.3112.78-26.1 chromium-debuginfo-60.0.3112.78-26.1 chromium-debugsource-60.0.3112.78-26.1 References: https://www.suse.com/security/cve/CVE-2017-5091.html https://www.suse.com/security/cve/CVE-2017-5092.html https://www.suse.com/security/cve/CVE-2017-5093.html https://www.suse.com/security/cve/CVE-2017-5094.html https://www.suse.com/security/cve/CVE-2017-5095.html https://www.suse.com/security/cve/CVE-2017-5096.html https://www.suse.com/security/cve/CVE-2017-5097.html https://www.suse.com/security/cve/CVE-2017-5098.html https://www.suse.com/security/cve/CVE-2017-5099.html https://www.suse.com/security/cve/CVE-2017-5100.html https://www.suse.com/security/cve/CVE-2017-5101.html https://www.suse.com/security/cve/CVE-2017-5102.html https://www.suse.com/security/cve/CVE-2017-5103.html https://www.suse.com/security/cve/CVE-2017-5104.html https://www.suse.com/security/cve/CVE-2017-5105.html https://www.suse.com/security/cve/CVE-2017-5106.html https://www.suse.com/security/cve/CVE-2017-5107.html https://www.suse.com/security/cve/CVE-2017-5108.html https://www.suse.com/security/cve/CVE-2017-5109.html https://www.suse.com/security/cve/CVE-2017-5110.html https://www.suse.com/security/cve/CVE-2017-7000.html https://bugzilla.suse.com/1050537 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security-announce+help@opensuse.org