openSUSE Security Update: Security update for Chromium ______________________________________________________________________________
Announcement ID: openSUSE-SU-2016:0518-1 Rating: moderate References: #965566 #965738 #965999 #966082 Cross-References: CVE-2016-1622 CVE-2016-1623 CVE-2016-1624 CVE-2016-1625 CVE-2016-1626 CVE-2016-1627
Affected Products: openSUSE 13.1 ______________________________________________________________________________
An update that fixes 6 vulnerabilities is now available.
Description:
This update to Chromium 48.0.2564.109 fixes the following issues:
Security fixes (boo#965999):
- CVE-2016-1622: Same-origin bypass in Extensions - CVE-2016-1623: Same-origin bypass in DOM - CVE-2016-1624: Buffer overflow in Brotli - CVE-2016-1625: Navigation bypass in Chrome Instant - CVE-2016-1626: Out-of-bounds read in PDFium - CVE-2016-1627: Various fixes from internal audits, fuzzing and other initiatives
Non-security bug fixes:
- boo#965738: resolve issues with specific banking websites when built against system libraries - boo#966082: chromium: sandbox related stacktrace printed - boo#965566: Drop libva support - Prevent graphical issues related to libjpeg - On KDE 5 kwallet5 is the default password store now
Patch Instructions:
To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product:
- openSUSE 13.1:
zypper in -t patch 2016-238=1
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 13.1 (i586 x86_64):
chromedriver-48.0.2564.109-125.1 chromedriver-debuginfo-48.0.2564.109-125.1 chromium-48.0.2564.109-125.1 chromium-debuginfo-48.0.2564.109-125.1 chromium-debugsource-48.0.2564.109-125.1 chromium-desktop-gnome-48.0.2564.109-125.1 chromium-desktop-kde-48.0.2564.109-125.1 chromium-ffmpegsumo-48.0.2564.109-125.1 chromium-ffmpegsumo-debuginfo-48.0.2564.109-125.1
References:
https://www.suse.com/security/cve/CVE-2016-1622.html https://www.suse.com/security/cve/CVE-2016-1623.html https://www.suse.com/security/cve/CVE-2016-1624.html https://www.suse.com/security/cve/CVE-2016-1625.html https://www.suse.com/security/cve/CVE-2016-1626.html https://www.suse.com/security/cve/CVE-2016-1627.html https://bugzilla.suse.com/965566 https://bugzilla.suse.com/965738 https://bugzilla.suse.com/965999 https://bugzilla.suse.com/966082