openSUSE Security Update: Security update for Chromium ______________________________________________________________________________ Announcement ID: openSUSE-SU-2018:0704-1 Rating: important References: #1084296 Cross-References: CVE-2017-11215 CVE-2017-11225 CVE-2018-6057 CVE-2018-6060 CVE-2018-6061 CVE-2018-6062 CVE-2018-6063 CVE-2018-6064 CVE-2018-6065 CVE-2018-6066 CVE-2018-6067 CVE-2018-6068 CVE-2018-6069 CVE-2018-6070 CVE-2018-6071 CVE-2018-6072 CVE-2018-6073 CVE-2018-6074 CVE-2018-6075 CVE-2018-6076 CVE-2018-6077 CVE-2018-6078 CVE-2018-6079 CVE-2018-6080 CVE-2018-6081 CVE-2018-6082 CVE-2018-6083 Affected Products: openSUSE Leap 42.3 ______________________________________________________________________________ An update that fixes 27 vulnerabilities is now available. Description: This update for Chromium to version 65.0.3325.162 fixes the following issues: - CVE-2017-11215: Use after free in Flash - CVE-2017-11225: Use after free in Flash - CVE-2018-6060: Use after free in Blink - CVE-2018-6061: Race condition in V8 - CVE-2018-6062: Heap buffer overflow in Skia - CVE-2018-6057: Incorrect permissions on shared memory - CVE-2018-6063: Incorrect permissions on shared memory - CVE-2018-6064: Type confusion in V8 - CVE-2018-6065: Integer overflow in V8 - CVE-2018-6066: Same Origin Bypass via canvas - CVE-2018-6067: Buffer overflow in Skia - CVE-2018-6068: Object lifecycle issues in Chrome Custom Tab - CVE-2018-6069: Stack buffer overflow in Skia - CVE-2018-6070: CSP bypass through extensions - CVE-2018-6071: Heap bufffer overflow in Skia - CVE-2018-6072: Integer overflow in PDFium - CVE-2018-6073: Heap bufffer overflow in WebGL - CVE-2018-6074: Mark-of-the-Web bypass - CVE-2018-6075: Overly permissive cross origin downloads - CVE-2018-6076: Incorrect handling of URL fragment identifiers in Blink - CVE-2018-6077: Timing attack using SVG filters - CVE-2018-6078: URL Spoof in OmniBox - CVE-2018-6079: Information disclosure via texture data in WebGL - CVE-2018-6080: Information disclosure in IPC call - CVE-2018-6081: XSS in interstitials - CVE-2018-6082: Circumvention of port blocking - CVE-2018-6083: Incorrect processing of AppManifests Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.3: zypper in -t patch openSUSE-2018-264=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.3 (x86_64): chromedriver-65.0.3325.162-146.1 chromedriver-debuginfo-65.0.3325.162-146.1 chromium-65.0.3325.162-146.1 chromium-debuginfo-65.0.3325.162-146.1 chromium-debugsource-65.0.3325.162-146.1 References: https://www.suse.com/security/cve/CVE-2017-11215.html https://www.suse.com/security/cve/CVE-2017-11225.html https://www.suse.com/security/cve/CVE-2018-6057.html https://www.suse.com/security/cve/CVE-2018-6060.html https://www.suse.com/security/cve/CVE-2018-6061.html https://www.suse.com/security/cve/CVE-2018-6062.html https://www.suse.com/security/cve/CVE-2018-6063.html https://www.suse.com/security/cve/CVE-2018-6064.html https://www.suse.com/security/cve/CVE-2018-6065.html https://www.suse.com/security/cve/CVE-2018-6066.html https://www.suse.com/security/cve/CVE-2018-6067.html https://www.suse.com/security/cve/CVE-2018-6068.html https://www.suse.com/security/cve/CVE-2018-6069.html https://www.suse.com/security/cve/CVE-2018-6070.html https://www.suse.com/security/cve/CVE-2018-6071.html https://www.suse.com/security/cve/CVE-2018-6072.html https://www.suse.com/security/cve/CVE-2018-6073.html https://www.suse.com/security/cve/CVE-2018-6074.html https://www.suse.com/security/cve/CVE-2018-6075.html https://www.suse.com/security/cve/CVE-2018-6076.html https://www.suse.com/security/cve/CVE-2018-6077.html https://www.suse.com/security/cve/CVE-2018-6078.html https://www.suse.com/security/cve/CVE-2018-6079.html https://www.suse.com/security/cve/CVE-2018-6080.html https://www.suse.com/security/cve/CVE-2018-6081.html https://www.suse.com/security/cve/CVE-2018-6082.html https://www.suse.com/security/cve/CVE-2018-6083.html https://bugzilla.suse.com/1084296 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security-announce+help@opensuse.org