openSUSE: 2017:2902-1: important: chromium
Description
This update to Chromium 62.0.3202.75 fixes the following security issues: - CVE-2017-5124: UXSS with MHTML - CVE-2017-5125: Heap overflow in Skia - CVE-2017-5126: Use after free in PDFium - CVE-2017-5127: Use after free in PDFium - CVE-2017-5128: Heap overflow in WebGL - CVE-2017-5129: Use after free in WebAudio - CVE-2017-5132: Incorrect stack manipulation in WebAssembly. - CVE-2017-5130: Heap overflow in libxml2 - CVE-2017-5131: Out of bounds write in Skia - CVE-2017-5133: Out of bounds write in Skia - CVE-2017-15386: UI spoofing in Blink - CVE-2017-15387: Content security bypass - CVE-2017-15388: Out of bounds read in Skia - CVE-2017-15389: URL spoofing in OmniBox - CVE-2017-15390: URL spoofing in OmniBox - CVE-2017-15391: Extension limitation bypass in Extensions. - CVE-2017-15392: Incorrect registry key handling in PlatformIntegration - CVE-2017-15393: Referrer leak in Devtools - CVE-2017-15394: URL spoofing in extensions UI - CVE-2017-15395: Null pointer dereference in ImageCapture - CVE-2017-15396: Stack overflow in V8
Patch
Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.3: zypper in -t patch openSUSE-2017-1221=1 - openSUSE Leap 42.2: zypper in -t patch openSUSE-2017-1221=1 To bring your system up-to-date, use "zypper patch".
Package List
- openSUSE Leap 42.3 (x86_64): chromedriver-62.0.3202.75-118.1 chromedriver-debuginfo-62.0.3202.75-118.1 chromium-62.0.3202.75-118.1 chromium-debuginfo-62.0.3202.75-118.1 chromium-debugsource-62.0.3202.75-118.1 - openSUSE Leap 42.2 (x86_64): chromedriver-62.0.3202.75-104.32.1 chromedriver-debuginfo-62.0.3202.75-104.32.1 chromium-62.0.3202.75-104.32.1 chromium-debuginfo-62.0.3202.75-104.32.1 chromium-debugsource-62.0.3202.75-104.32.1
References
https://www.suse.com/security/cve/CVE-2017-15386.html https://www.suse.com/security/cve/CVE-2017-15387.html https://www.suse.com/security/cve/CVE-2017-15388.html https://www.suse.com/security/cve/CVE-2017-15389.html https://www.suse.com/security/cve/CVE-2017-15390.html https://www.suse.com/security/cve/CVE-2017-15391.html https://www.suse.com/security/cve/CVE-2017-15392.html https://www.suse.com/security/cve/CVE-2017-15393.html https://www.suse.com/security/cve/CVE-2017-15394.html https://www.suse.com/security/cve/CVE-2017-15395.html https://www.suse.com/security/cve/CVE-2017-15396.html https://www.suse.com/security/cve/CVE-2017-5124.html https://www.suse.com/security/cve/CVE-2017-5125.html https://www.suse.com/security/cve/CVE-2017-5126.html https://www.suse.com/security/cve/CVE-2017-5127.html https://www.suse.com/security/cve/CVE-2017-5128.html https://www.suse.com/security/cve/CVE-2017-5129.html https://www.suse.com/security/cve/CVE-2017-5130.html https://www.suse.com/security/cve/CVE-2017-5131.html https://www.suse.com/security/cve/CVE-2017-5132.html https://www.suse.com/security/cve/CVE-2017-5133.html https://bugzilla.suse.com/1064066 https://bugzilla.suse.com/1065405