Mailinglist Archive: opensuse-security-announce (75 mails)

< Previous Next >
[security-announce] SUSE-SU-2016:2598-1: important: Security update for Chromium
SUSE Security Update: Security update for Chromium

Announcement ID: SUSE-SU-2016:2598-1
Rating: important
References: #1000019 #1004465
Cross-References: CVE-2016-5181 CVE-2016-5182 CVE-2016-5183
CVE-2016-5184 CVE-2016-5185 CVE-2016-5186
CVE-2016-5187 CVE-2016-5188 CVE-2016-5189
CVE-2016-5190 CVE-2016-5191 CVE-2016-5192
Affected Products:
SUSE Package Hub for SUSE Linux Enterprise 12

An update that fixes 13 vulnerabilities is now available.


Chromium was updated to 54.0.2840.59 to fix security issues and bugs.

The following security issues are fixed (bnc#1004465):

- CVE-2016-5181: Universal XSS in Blink
- CVE-2016-5182: Heap overflow in Blink
- CVE-2016-5183: Use after free in PDFium
- CVE-2016-5184: Use after free in PDFium
- CVE-2016-5185: Use after free in Blink
- CVE-2016-5187: URL spoofing
- CVE-2016-5188: UI spoofing
- CVE-2016-5192: Cross-origin bypass in Blink
- CVE-2016-5189: URL spoofing
- CVE-2016-5186: Out of bounds read in DevTools
- CVE-2016-5191: Universal XSS in Bookmarks
- CVE-2016-5190: Use after free in Internals
- CVE-2016-5193: Scheme bypass

The following bugs were fixed:

- bnc#1000019: display issues in full screen mode, add
--ui-disable-partial-swap to the launcher

The following packaging changes are included:

- The desktop sub-packages are no obsolete
- The package now uses the system variants of some bundled libraries
- The hangouts extension is now built

Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- SUSE Package Hub for SUSE Linux Enterprise 12:

zypper in -t patch 5717=1

To bring your system up-to-date, use "zypper patch".

Package List:

- SUSE Package Hub for SUSE Linux Enterprise 12 (x86_64):



To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-security-announce+help@xxxxxxxxxxxx

< Previous Next >
This Thread
  • No further messages