Alerts This Week
Warning Icon 1 659
Alerts This Week
Warning Icon 1 659

openSUSE: 2017:3245-1 Important: Chromium Security Issues Detected

opensuse
Calendar Grey December 8, 2017
Dist Opensuse Esm H88
An essential upgrade has been launched for chromium, tackling several critical vulnerabilities impacting Fedora.
An update that fixes 41 vulnerabilities is now available

Description

This update to Chromium 63.0.3239.84 fixes the following security issues:

- CVE-2017-5124: UXSS with MHTML

- CVE-2017-5125: Heap overflow in Skia

- CVE-2017-5126: Use after free in PDFium

- CVE-2017-5127: Use after free in PDFium

- CVE-2017-5128: Heap overflow in WebGL

- CVE-2017-5129: Use after free in WebAudio

- CVE-2017-5132: Incorrect stack manipulation in WebAssembly.

- CVE-2017-5130: Heap overflow in libxml2

- CVE-2017-5131: Out of bounds write in Skia

- CVE-2017-5133: Out of bounds write in Skia

- CVE-2017-15386: UI spoofing in Blink

- CVE-2017-15387: Content security bypass

- CVE-2017-15388: Out of bounds read in Skia

- CVE-2017-15389: URL spoofing in OmniBox

- CVE-2017-15390: URL spoofing in OmniBox

- CVE-2017-15391: Extension limitation bypass in Extensions.

- CVE-2017-15392: Incorrect registry key handling in PlatformIntegration

- CVE-2017-15393: Referrer leak in Devtools

- CVE-2017-15394: URL spoofing in...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory security update important multiple issues web browser openSUSE chromium

Patch

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

- SUSE Package Hub for SUSE Linux Enterprise 12:

zypper in -t patch openSUSE-2017-1352=1

To bring your system up-to-date, use "zypper patch".

Package List

- SUSE Package Hub for SUSE Linux Enterprise 12 (x86_64):

chromedriver-63.0.3239.84-40.1

chromium-63.0.3239.84-40.1

References

https://www.suse.com/security/cve/CVE-2017-15386.html

https://www.suse.com/security/cve/CVE-2017-15387.html

https://www.suse.com/security/cve/CVE-2017-15388.html

https://www.suse.com/security/cve/CVE-2017-15389.html

https://www.suse.com/security/cve/CVE-2017-15390.html

https://www.suse.com/security/cve/CVE-2017-15391.html

https://www.suse.com/security/cve/CVE-2017-15392.html

https://www.suse.com/security/cve/CVE-2017-15393.html

https://www.suse.com/security/cve/CVE-2017-15394.html

https://www.suse.com/security/cve/CVE-2017-15395.html

https://www.suse.com/security/cve/CVE-2017-15396.html

https://www.suse.com/security/cve/CVE-2017-15398.html

https://www.suse.com/security/cve/CVE-2017-15399.html

https://www.suse.com/security/cve/CVE-2017-15408.html

https://www.suse.com/security/cve/CVE-2017-15409.html

https://www.suse.com/security/cve/CVE-2017-15410.html

https://www.suse.com/security/cve/CVE-2017-15411.html

https://www.suse.com/security/cve/CVE-2017-15412.html

https://www.suse.com/security/cve/CVE-2017-154...

Read the Full Advisory

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2017:3245-1
Rating: important
Affected Products: SUSE Package Hub for SUSE Linux Enterprise 12 .

Topics%20covered

Topics Covered

security advisory security update important multiple issues web browser openSUSE chromium

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here