Mailinglist Archive: opensuse-security-announce (29 mails)

< Previous Next >
[security-announce] openSUSE-SU-2016:1868-1: important: Security update for Chromium
openSUSE Security Update: Security update for Chromium

Announcement ID: openSUSE-SU-2016:1868-1
Rating: important
References: #989901
Cross-References: CVE-2016-1705 CVE-2016-1706 CVE-2016-1707
CVE-2016-1708 CVE-2016-1709 CVE-2016-1710
CVE-2016-1711 CVE-2016-5127 CVE-2016-5128
CVE-2016-5129 CVE-2016-5130 CVE-2016-5131
CVE-2016-5132 CVE-2016-5133 CVE-2016-5134
CVE-2016-5135 CVE-2016-5136 CVE-2016-5137

Affected Products:
SUSE Package Hub for SUSE Linux Enterprise 12

An update that fixes 18 vulnerabilities is now available.


Chromium was updated to 52.0.2743.82 to fix the following security issues

- CVE-2016-1706: Sandbox escape in PPAPI
- CVE-2016-1707: URL spoofing on iOS
- CVE-2016-1708: Use-after-free in Extensions
- CVE-2016-1709: Heap-buffer-overflow in sfntly
- CVE-2016-1710: Same-origin bypass in Blink
- CVE-2016-1711: Same-origin bypass in Blink
- CVE-2016-5127: Use-after-free in Blink
- CVE-2016-5128: Same-origin bypass in V8
- CVE-2016-5129: Memory corruption in V8
- CVE-2016-5130: URL spoofing
- CVE-2016-5131: Use-after-free in libxml
- CVE-2016-5132: Limited same-origin bypass in Service Workers
- CVE-2016-5133: Origin confusion in proxy authentication
- CVE-2016-5134: URL leakage via PAC script
- CVE-2016-5135: Content-Security-Policy bypass
- CVE-2016-5136: Use after free in extensions
- CVE-2016-5137: History sniffing with HSTS and CSP
- CVE-2016-1705: Various fixes from internal audits, fuzzing and other

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- SUSE Package Hub for SUSE Linux Enterprise 12:

zypper in -t patch openSUSE-2016-900=1

To bring your system up-to-date, use "zypper patch".

Package List:

- SUSE Package Hub for SUSE Linux Enterprise 12 (x86_64):



To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-security-announce+help@xxxxxxxxxxxx

< Previous Next >
This Thread
  • No further messages