Bug 1002140 - (CVE-2016-5177) VUL-0: CVE-2016-5177,CVE-2016-5178: chromium: 53.0.2785.143 update contains 3 security fixes
(CVE-2016-5177)
VUL-0: CVE-2016-5177,CVE-2016-5178: chromium: 53.0.2785.143 update contains 3...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P5 - None : Normal
: unspecified
Assigned To: Security Team bot
Security Team bot
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2016-09-30 07:57 UTC by Tomáš Chvátal
Modified: 2016-10-13 12:00 UTC (History)
1 user (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Tomáš Chvátal 2016-09-30 07:57:03 UTC
https://googlechromereleases.blogspot.cz/2016/09/stable-channel-update-for-desktop_29.html


This update includes 3 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information
 [$5000][642496] High CVE-2016-5177: Use after free in V8. Credit to Anonymous
 We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel. 
 As usual, our ongoing internal security work was responsible for a wide range of fixes:
[651092] CVE-2016-5178: Various fixes from internal audits, fuzzing and other initiatives.
Comment 1 Bernhard Wiedemann 2016-09-30 10:00:42 UTC
This is an autogenerated message for OBS integration:
This bug (1002140) was mentioned in
https://build.opensuse.org/request/show/431468 Factory / chromium
https://build.opensuse.org/request/show/431469 13.2 / chromium
https://build.opensuse.org/request/show/431470 42.1 / chromium
Comment 2 Andreas Stieger 2016-09-30 11:33:11 UTC
incident is running.
Comment 3 Andreas Stieger 2016-10-04 07:44:57 UTC
released, 42.2 will be picked up
Comment 4 Bernhard Wiedemann 2016-10-04 08:00:31 UTC
This is an autogenerated message for OBS integration:
This bug (1002140) was mentioned in
https://build.opensuse.org/request/show/433068 42.2 / chromium
Comment 5 Swamp Workflow Management 2016-10-04 11:08:55 UTC
openSUSE-SU-2016:2429-1: An update that solves two vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1001135,1002140,999091
CVE References: CVE-2016-5177,CVE-2016-5178
Sources used:
openSUSE Leap 42.1 (src):    chromium-53.0.2785.143-79.2
openSUSE 13.2 (src):    chromium-53.0.2785.143-128.1
Comment 6 Swamp Workflow Management 2016-10-04 11:10:19 UTC
openSUSE-SU-2016:2432-1: An update that solves two vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1001135,1002140,999091
CVE References: CVE-2016-5177,CVE-2016-5178
Sources used:
SUSE Package Hub for SUSE Linux Enterprise 12 (src):    chromium-53.0.2785.143-106.1
Comment 7 Bernhard Wiedemann 2016-10-13 12:00:38 UTC
This is an autogenerated message for OBS integration:
This bug (1002140) was mentioned in
https://build.opensuse.org/request/show/434712 13.2 / chromium
https://build.opensuse.org/request/show/434713 42.1 / chromium
https://build.opensuse.org/request/show/434714 Factory / chromium