Alerts This Week
Warning Icon 1 637
Alerts This Week
Warning Icon 1 637

openSUSE 42.1 Security Update: 2016:1869-1 Important Chromium Fixes

opensuse
Calendar Grey July 25, 2016
Dist Opensuse Esm H88
Fedora upgrade addresses various critical Firefox vulnerabilities, boosting user protection substantially by implementing essential updates.
An update that fixes 18 vulnerabilities is now available

Description

Chromium was updated to 52.0.2743.82 to fix the following security issues

(boo#989901):

- CVE-2016-1706: Sandbox escape in PPAPI

- CVE-2016-1707: URL spoofing on iOS

- CVE-2016-1708: Use-after-free in Extensions

- CVE-2016-1709: Heap-buffer-overflow in sfntly

- CVE-2016-1710: Same-origin bypass in Blink

- CVE-2016-1711: Same-origin bypass in Blink

- CVE-2016-5127: Use-after-free in Blink

- CVE-2016-5128: Same-origin bypass in V8

- CVE-2016-5129: Memory corruption in V8

- CVE-2016-5130: URL spoofing

- CVE-2016-5131: Use-after-free in libxml

- CVE-2016-5132: Limited same-origin bypass in Service Workers - CVE-2016-5133: Origin confusion in proxy authentication

- CVE-2016-5134: URL leakage via PAC script

- CVE-2016-5135: Content-Security-Policy bypass

- CVE-2016-5136: Use after free in extensions

- CVE-2016-5137: History sniffing with HSTS and CSP

- CVE-2016-1705: Various fixes from internal audits, fuzzing and other

...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory memory corruption security fix important openSUSE Chromium sandbox escape

Patch

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.1:

zypper in -t patch openSUSE-2016-900=1

To bring your system up-to-date, use "zypper patch".

Package List

- openSUSE Leap 42.1 (x86_64):

chromedriver-52.0.2743.82-61.1

chromium-52.0.2743.82-61.1

chromium-desktop-gnome-52.0.2743.82-61.1

chromium-desktop-kde-52.0.2743.82-61.1

chromium-ffmpegsumo-52.0.2743.82-61.1

References

https://www.suse.com/security/cve/CVE-2016-1705.html

https://www.suse.com/security/cve/CVE-2016-1706.html

https://www.suse.com/security/cve/CVE-2016-1707.html

https://www.suse.com/security/cve/CVE-2016-1708.html

https://www.suse.com/security/cve/CVE-2016-1709.html

https://www.suse.com/security/cve/CVE-2016-1710.html

https://www.suse.com/security/cve/CVE-2016-1711.html

https://www.suse.com/security/cve/CVE-2016-5127.html

https://www.suse.com/security/cve/CVE-2016-5128.html

https://www.suse.com/security/cve/CVE-2016-5129.html

https://www.suse.com/security/cve/CVE-2016-5130.html

https://www.suse.com/security/cve/CVE-2016-5131.html

https://www.suse.com/security/cve/CVE-2016-5132.html

https://www.suse.com/security/cve/CVE-2016-5133.html

https://www.suse.com/security/cve/CVE-2016-5134.html

https://www.suse.com/security/cve/CVE-2016-5135.html

https://www.suse.com/security/cve/CVE-2016-5136.html

https://www.suse.com/security/cve/CVE-2016-5137.html

https://bugzilla.suse.com/989901

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2016:1869-1
Rating: important
Affected Products: openSUSE Leap 42.1 .

Topics%20covered

Topics Covered

security advisory memory corruption security fix important openSUSE Chromium sandbox escape

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here