openSUSE: 2023:0421-1 Critical: Firefox Buffer Overflow Vulnerability
opensuse
March 18, 2017
An update that fixes 18 vulnerabilities is now available
Description
Chromium was updated to 57.0.2987.98 to fix security issues and bugs.
The following vulnerabilities were fixed (bsc#1028848):
- CVE-2017-5030: Memory corruption in V8
- CVE-2017-5031: Use after free in ANGLE
- CVE-2017-5032: Out of bounds write in PDFium
- CVE-2017-5029: Integer overflow in libxslt
- CVE-2017-5034: Use after free in PDFium
- CVE-2017-5035: Incorrect security UI in Omnibox
- CVE-2017-5036: Use after free in PDFium
- CVE-2017-5037: Multiple out of bounds writes in ChunkDemuxer
- CVE-2017-5039: Use after free in PDFium
- CVE-2017-5040: Information disclosure in V8
- CVE-2017-5041: Address spoofing in Omnibox
- CVE-2017-5033: Bypass of Content Security Policy in Blink
- CVE-2017-5042: Incorrect handling of cookies in Cast
- CVE-2017-5038: Use after free in GuestView
- CVE-2017-5043: Use after free in GuestView
- CVE-2017-5044: Heap overflow in Skia
- CVE-2017-5045: Information disclosure in XSS Auditor
-...
Read the Full Advisory
Patch
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE Leap 42.2:
zypper in -t patch openSUSE-2017-353=1
- openSUSE Leap 42.1:
zypper in -t patch openSUSE-2017-353=1
To bring your system up-to-date, use "zypper patch".
Package List
- openSUSE Leap 42.2 (x86_64):
chromedriver-57.0.2987.98-105.2
chromedriver-debuginfo-57.0.2987.98-105.2
chromium-57.0.2987.98-105.2
chromium-debuginfo-57.0.2987.98-105.2
chromium-debugsource-57.0.2987.98-105.2
- openSUSE Leap 42.1 (x86_64):
chromedriver-57.0.2987.98-105.2
chromedriver-debuginfo-57.0.2987.98-105.2
chromium-57.0.2987.98-105.2
chromium-debuginfo-57.0.2987.98-105.2
chromium-debugsource-57.0.2987.98-105.2
References
https://www.suse.com/security/cve/CVE-2017-5029.html
https://www.suse.com/security/cve/CVE-2017-5030.html
https://www.suse.com/security/cve/CVE-2017-5031.html
https://www.suse.com/security/cve/CVE-2017-5032.html
https://www.suse.com/security/cve/CVE-2017-5033.html
https://www.suse.com/security/cve/CVE-2017-5034.html
https://www.suse.com/security/cve/CVE-2017-5035.html
https://www.suse.com/security/cve/CVE-2017-5036.html
https://www.suse.com/security/cve/CVE-2017-5037.html
https://www.suse.com/security/cve/CVE-2017-5038.html
https://www.suse.com/security/cve/CVE-2017-5039.html
https://www.suse.com/security/cve/CVE-2017-5040.html
https://www.suse.com/security/cve/CVE-2017-5041.html
https://www.suse.com/security/cve/CVE-2017-5042.html
https://www.suse.com/security/cve/CVE-2017-5043.html
https://www.suse.com/security/cve/CVE-2017-5044.html
https://www.suse.com/security/cve/CVE-2017-5045.html
https://www.suse.com/security/cve/CVE-2017-5046.html
https://bugzilla.suse.com/1028848
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: openSUSE-SU-2017:0738-1
Rating: important
Affected Products:
openSUSE Leap 42.2
openSUSE Leap 42.1
.
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!