First Last Prev Next    This bug is not in your last search results.
Bug 1050537 - VUL-0: chromium: multiple issues fixed in Chromium 60.0.3112.78
VUL-0: chromium: multiple issues fixed in Chromium 60.0.3112.78
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other openSUSE 42.2
: P3 - Medium : Major
: ---
Assigned To: Security Team bot
Security Team bot
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-07-25 22:07 UTC by Andreas Stieger
Modified: 2017-07-29 14:52 UTC (History)
0 users

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Stieger 2017-07-25 22:07:48 UTC 
https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html

Chromium 60.0.3112.78 contains a number of fixes and improvements, including 40 security fixes.

- CVE-2017-5091: Use after free in IndexedDB
- CVE-2017-5092: Use after free in PPAPI
- CVE-2017-5093: UI spoofing in Blink
- CVE-2017-5094: Type confusion in extensions
- CVE-2017-5095: Out-of-bounds write in PDFium
- CVE-2017-5096: User information leak via Android intents
- CVE-2017-5097: Out-of-bounds read in Skia
- CVE-2017-5098: Use after free in V8
- CVE-2017-5099: Out-of-bounds write in PPAPI
- CVE-2017-5100: Use after free in Chrome Apps
- CVE-2017-5101: URL spoofing in OmniBox
- CVE-2017-5102: Uninitialized use in Skia
- CVE-2017-5103: Uninitialized use in Skia
- CVE-2017-5104: UI spoofing in browser
- CVE-2017-7000: Pointer disclosure in SQLite
- CVE-2017-5105: URL spoofing in OmniBox
- CVE-2017-5106: URL spoofing in OmniBox
- CVE-2017-5107: User information leak via SVG
- CVE-2017-5108: Type confusion in PDFium
- CVE-2017-5109: UI spoofing in browser
- CVE-2017-5110: UI spoofing in payments dialog
- Various fixes from internal audits, fuzzing and other initiatives
Comment 1 Tomáš Chvátal 2017-07-26 13:34:21 UTC 
Submissions done.
Comment 2 Bernhard Wiedemann 2017-07-26 14:00:47 UTC 
This is an autogenerated message for OBS integration:
This bug (1050537) was mentioned in
https://build.opensuse.org/request/show/512659 42.2 / chromium
https://build.opensuse.org/request/show/512660 42.3 / chromium
https://build.opensuse.org/request/show/512661 Backports:SLE-12-SP2 / chromium
https://build.opensuse.org/request/show/512664 Factory / chromium
Comment 3 Andreas Stieger 2017-07-28 12:59:10 UTC 
release
Comment 4 Swamp Workflow Management 2017-07-28 16:07:46 UTC 
openSUSE-SU-2017:1993-1: An update that fixes 21 vulnerabilities is now available.

Category: security (important)
Bug References: 1050537
CVE References: CVE-2017-5091,CVE-2017-5092,CVE-2017-5093,CVE-2017-5094,CVE-2017-5095,CVE-2017-5096,CVE-2017-5097,CVE-2017-5098,CVE-2017-5099,CVE-2017-5100,CVE-2017-5101,CVE-2017-5102,CVE-2017-5103,CVE-2017-5104,CVE-2017-5105,CVE-2017-5106,CVE-2017-5107,CVE-2017-5108,CVE-2017-5109,CVE-2017-5110,CVE-2017-7000
Sources used:
openSUSE Leap 42.3 (src):    chromium-60.0.3112.78-107.1
openSUSE Leap 42.2 (src):    chromium-60.0.3112.78-104.21.1
Comment 5 Swamp Workflow Management 2017-07-28 16:08:00 UTC 
openSUSE-SU-2017:1994-1: An update that fixes 21 vulnerabilities is now available.

Category: security (important)
Bug References: 1050537
CVE References: CVE-2017-5091,CVE-2017-5092,CVE-2017-5093,CVE-2017-5094,CVE-2017-5095,CVE-2017-5096,CVE-2017-5097,CVE-2017-5098,CVE-2017-5099,CVE-2017-5100,CVE-2017-5101,CVE-2017-5102,CVE-2017-5103,CVE-2017-5104,CVE-2017-5105,CVE-2017-5106,CVE-2017-5107,CVE-2017-5108,CVE-2017-5109,CVE-2017-5110,CVE-2017-7000
Sources used:
SUSE Package Hub for SUSE Linux Enterprise 12 (src):    chromium-60.0.3112.78-26.1
First Last Prev Next    This bug is not in your last search results.