Mailinglist Archive: opensuse-security-announce (65 mails)

< Previous Next >
[security-announce] openSUSE-SU-2017:0740-1: important: Security update for Chromium
openSUSE Security Update: Security update for Chromium

Announcement ID: openSUSE-SU-2017:0740-1
Rating: important
References: #1028848
Cross-References: CVE-2017-5029 CVE-2017-5030 CVE-2017-5031
CVE-2017-5032 CVE-2017-5033 CVE-2017-5034
CVE-2017-5035 CVE-2017-5036 CVE-2017-5037
CVE-2017-5038 CVE-2017-5039 CVE-2017-5040
CVE-2017-5041 CVE-2017-5042 CVE-2017-5043
CVE-2017-5044 CVE-2017-5045 CVE-2017-5046

Affected Products:
SUSE Package Hub for SUSE Linux Enterprise 12

An update that fixes 18 vulnerabilities is now available.


Chromium was updated to 57.0.2987.98 to fix security issues and bugs.

The following vulnerabilities were fixed (bsc#1028848):

- CVE-2017-5030: Memory corruption in V8
- CVE-2017-5031: Use after free in ANGLE
- CVE-2017-5032: Out of bounds write in PDFium
- CVE-2017-5029: Integer overflow in libxslt
- CVE-2017-5034: Use after free in PDFium
- CVE-2017-5035: Incorrect security UI in Omnibox
- CVE-2017-5036: Use after free in PDFium
- CVE-2017-5037: Multiple out of bounds writes in ChunkDemuxer
- CVE-2017-5039: Use after free in PDFium
- CVE-2017-5040: Information disclosure in V8
- CVE-2017-5041: Address spoofing in Omnibox
- CVE-2017-5033: Bypass of Content Security Policy in Blink
- CVE-2017-5042: Incorrect handling of cookies in Cast
- CVE-2017-5038: Use after free in GuestView
- CVE-2017-5043: Use after free in GuestView
- CVE-2017-5044: Heap overflow in Skia
- CVE-2017-5045: Information disclosure in XSS Auditor
- CVE-2017-5046: Information disclosure in Blink

The following non-security changes are included:

- Address broken rendering on non-intel cards

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- SUSE Package Hub for SUSE Linux Enterprise 12:

zypper in -t patch openSUSE-2017-353=1

To bring your system up-to-date, use "zypper patch".

Package List:

- SUSE Package Hub for SUSE Linux Enterprise 12 (x86_64):



To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-security-announce+help@xxxxxxxxxxxx

< Previous Next >
This Thread
  • No further messages