openSUSE Security Update: Security update for Chromium
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2016:1869-1
Rating:             important
References:         #989901 
Cross-References:   CVE-2016-1705 CVE-2016-1706 CVE-2016-1707
                    CVE-2016-1708 CVE-2016-1709 CVE-2016-1710
                    CVE-2016-1711 CVE-2016-5127 CVE-2016-5128
                    CVE-2016-5129 CVE-2016-5130 CVE-2016-5131
                    CVE-2016-5132 CVE-2016-5133 CVE-2016-5134
                    CVE-2016-5135 CVE-2016-5136 CVE-2016-5137
                   
Affected Products:
                    openSUSE Leap 42.1
______________________________________________________________________________

   An update that fixes 18 vulnerabilities is now available.

Description:

   Chromium was updated to 52.0.2743.82 to fix the following security issues
   (boo#989901):

   - CVE-2016-1706: Sandbox escape in PPAPI
   - CVE-2016-1707: URL spoofing on iOS
   - CVE-2016-1708: Use-after-free in Extensions
   - CVE-2016-1709: Heap-buffer-overflow in sfntly
   - CVE-2016-1710: Same-origin bypass in Blink
   - CVE-2016-1711: Same-origin bypass in Blink
   - CVE-2016-5127: Use-after-free in Blink
   - CVE-2016-5128: Same-origin bypass in V8
   - CVE-2016-5129: Memory corruption in V8
   - CVE-2016-5130: URL spoofing
   - CVE-2016-5131: Use-after-free in libxml
   - CVE-2016-5132: Limited same-origin bypass in Service Workers   - CVE-2016-5133: Origin confusion in proxy authentication
   - CVE-2016-5134: URL leakage via PAC script
   - CVE-2016-5135: Content-Security-Policy bypass
   - CVE-2016-5136: Use after free in extensions
   - CVE-2016-5137: History sniffing with HSTS and CSP
   - CVE-2016-1705: Various fixes from internal audits, fuzzing and other
     initiatives


Patch Instructions:

   To install this openSUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - openSUSE Leap 42.1:

      zypper in -t patch openSUSE-2016-900=1

   To bring your system up-to-date, use "zypper patch".


Package List:

   - openSUSE Leap 42.1 (x86_64):

      chromedriver-52.0.2743.82-61.1
      chromium-52.0.2743.82-61.1
      chromium-desktop-gnome-52.0.2743.82-61.1
      chromium-desktop-kde-52.0.2743.82-61.1
      chromium-ffmpegsumo-52.0.2743.82-61.1


References:

   https://www.suse.com/security/cve/CVE-2016-1705.html
   https://www.suse.com/security/cve/CVE-2016-1706.html
   https://www.suse.com/security/cve/CVE-2016-1707.html
   https://www.suse.com/security/cve/CVE-2016-1708.html
   https://www.suse.com/security/cve/CVE-2016-1709.html
   https://www.suse.com/security/cve/CVE-2016-1710.html
   https://www.suse.com/security/cve/CVE-2016-1711.html
   https://www.suse.com/security/cve/CVE-2016-5127.html
   https://www.suse.com/security/cve/CVE-2016-5128.html
   https://www.suse.com/security/cve/CVE-2016-5129.html
   https://www.suse.com/security/cve/CVE-2016-5130.html
   https://www.suse.com/security/cve/CVE-2016-5131.html
   https://www.suse.com/security/cve/CVE-2016-5132.html
   https://www.suse.com/security/cve/CVE-2016-5133.html
   https://www.suse.com/security/cve/CVE-2016-5134.html
   https://www.suse.com/security/cve/CVE-2016-5135.html
   https://www.suse.com/security/cve/CVE-2016-5136.html
   https://www.suse.com/security/cve/CVE-2016-5137.html
   https://bugzilla.suse.com/989901

openSUSE: 2016:1869-1: important: Chromium

July 25, 2016
An update that fixes 18 vulnerabilities is now available

Description

Chromium was updated to 52.0.2743.82 to fix the following security issues (boo#989901): - CVE-2016-1706: Sandbox escape in PPAPI - CVE-2016-1707: URL spoofing on iOS - CVE-2016-1708: Use-after-free in Extensions - CVE-2016-1709: Heap-buffer-overflow in sfntly - CVE-2016-1710: Same-origin bypass in Blink - CVE-2016-1711: Same-origin bypass in Blink - CVE-2016-5127: Use-after-free in Blink - CVE-2016-5128: Same-origin bypass in V8 - CVE-2016-5129: Memory corruption in V8 - CVE-2016-5130: URL spoofing - CVE-2016-5131: Use-after-free in libxml - CVE-2016-5132: Limited same-origin bypass in Service Workers - CVE-2016-5133: Origin confusion in proxy authentication - CVE-2016-5134: URL leakage via PAC script - CVE-2016-5135: Content-Security-Policy bypass - CVE-2016-5136: Use after free in extensions - CVE-2016-5137: History sniffing with HSTS and CSP - CVE-2016-1705: Various fixes from internal audits, fuzzing and other initiatives

 

Patch

Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.1: zypper in -t patch openSUSE-2016-900=1 To bring your system up-to-date, use "zypper patch".


Package List

- openSUSE Leap 42.1 (x86_64): chromedriver-52.0.2743.82-61.1 chromium-52.0.2743.82-61.1 chromium-desktop-gnome-52.0.2743.82-61.1 chromium-desktop-kde-52.0.2743.82-61.1 chromium-ffmpegsumo-52.0.2743.82-61.1


References

https://www.suse.com/security/cve/CVE-2016-1705.html https://www.suse.com/security/cve/CVE-2016-1706.html https://www.suse.com/security/cve/CVE-2016-1707.html https://www.suse.com/security/cve/CVE-2016-1708.html https://www.suse.com/security/cve/CVE-2016-1709.html https://www.suse.com/security/cve/CVE-2016-1710.html https://www.suse.com/security/cve/CVE-2016-1711.html https://www.suse.com/security/cve/CVE-2016-5127.html https://www.suse.com/security/cve/CVE-2016-5128.html https://www.suse.com/security/cve/CVE-2016-5129.html https://www.suse.com/security/cve/CVE-2016-5130.html https://www.suse.com/security/cve/CVE-2016-5131.html https://www.suse.com/security/cve/CVE-2016-5132.html https://www.suse.com/security/cve/CVE-2016-5133.html https://www.suse.com/security/cve/CVE-2016-5134.html https://www.suse.com/security/cve/CVE-2016-5135.html https://www.suse.com/security/cve/CVE-2016-5136.html https://www.suse.com/security/cve/CVE-2016-5137.html https://bugzilla.suse.com/989901


Severity
Announcement ID: openSUSE-SU-2016:1869-1
Rating: important
Affected Products: openSUSE Leap 42.1 .

Related News

24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved