Bug 998743 - VUL-0: chromium: multiple vulnerabilities fixed in 53.0.2785.113
VUL-0: chromium: multiple vulnerabilities fixed in 53.0.2785.113
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P5 - None : Major
: unspecified
Assigned To: Security Team bot
Security Team bot
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2016-09-14 07:37 UTC by Tomáš Chvátal
Modified: 2019-12-11 20:32 UTC (History)
1 user (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Tomáš Chvátal 2016-09-14 07:37:54 UTC
Copy&paste from release announcement:

[$TBD][641101] High CVE-2016-5170: Use after free in Blink. Credit to Anonymous
[$TBD][643357] High CVE-2016-5171: Use after free in Blink. Credit to Anonymous
[$TBD][616386] Medium CVE-2016-5172: Arbitrary Memory Read in v8. Credit to Choongwoo Han
[$3000][468931] Medium CVE-2016-5173: Extension resource access. Credit to Anonymous
[$1000][579934] Medium CVE-2016-5174: Popup not correctly suppressed. Credit to Andrey Kovalev (@L1kvID) Yandex Security Team
 We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel. 
 As usual, our ongoing internal security work was responsible for a wide range of fixes:
[646394] CVE-2016-5175: Various fixes from internal audits, fuzzing and other initiatives.
Comment 2 Bernhard Wiedemann 2016-09-14 08:00:41 UTC
This is an autogenerated message for OBS integration:
This bug (998743) was mentioned in
https://build.opensuse.org/request/show/427466 Factory / chromium
https://build.opensuse.org/request/show/427467 13.2 / chromium
https://build.opensuse.org/request/show/427469 42.1 / chromium
Comment 3 Andreas Stieger 2016-09-14 08:08:28 UTC
All submitted. Copies for openSUSE:Backports:SLE-12/chromium :-)
Comment 4 Andreas Stieger 2016-09-14 21:28:48 UTC
done
Comment 5 Swamp Workflow Management 2016-09-15 01:09:10 UTC
openSUSE-SU-2016:2309-1: An update that fixes 6 vulnerabilities is now available.

Category: security (important)
Bug References: 998328,998743
CVE References: CVE-2016-5170,CVE-2016-5171,CVE-2016-5172,CVE-2016-5173,CVE-2016-5174,CVE-2016-5175
Sources used:
SUSE Package Hub for SUSE Linux Enterprise 12 (src):    chromium-53.0.2785.113-100.1
Comment 6 Swamp Workflow Management 2016-09-15 01:09:24 UTC
openSUSE-SU-2016:2310-1: An update that fixes 6 vulnerabilities is now available.

Category: security (important)
Bug References: 998743
CVE References: CVE-2016-5170,CVE-2016-5171,CVE-2016-5172,CVE-2016-5173,CVE-2016-5174,CVE-2016-5175
Sources used:
openSUSE 13.2 (src):    chromium-53.0.2785.113-123.1
Comment 7 Swamp Workflow Management 2016-09-15 01:09:46 UTC
openSUSE-SU-2016:2311-1: An update that fixes 6 vulnerabilities is now available.

Category: security (important)
Bug References: 998328,998743
CVE References: CVE-2016-5170,CVE-2016-5171,CVE-2016-5172,CVE-2016-5173,CVE-2016-5174,CVE-2016-5175
Sources used:
openSUSE Leap 42.1 (src):    chromium-53.0.2785.113-74.1
Comment 8 Bernhard Wiedemann 2016-09-15 14:01:02 UTC
This is an autogenerated message for OBS integration:
This bug (998743) was mentioned in
https://build.opensuse.org/request/show/427938 Factory / chromium
Comment 9 Bernhard Wiedemann 2016-10-13 12:01:14 UTC
This is an autogenerated message for OBS integration:
This bug (998743) was mentioned in
https://build.opensuse.org/request/show/434712 13.2 / chromium
https://build.opensuse.org/request/show/434713 42.1 / chromium
https://build.opensuse.org/request/show/434714 Factory / chromium
Comment 10 Swamp Workflow Management 2018-09-20 13:12:35 UTC
This is an autogenerated message for OBS integration:
This bug (998743) was mentioned in
https://build.opensuse.org/request/show/636889 42.3+Backports:SLE-12 / nodejs8
Comment 11 Swamp Workflow Management 2018-10-17 10:42:54 UTC
This is an autogenerated message for OBS integration:
This bug (998743) was mentioned in
https://build.opensuse.org/request/show/642571 42.3+Backports:SLE-12 / nodejs8
Comment 12 Swamp Workflow Management 2018-11-16 14:03:18 UTC
This is an autogenerated message for OBS integration:
This bug (998743) was mentioned in
https://build.opensuse.org/request/show/649577 Backports:SLE-12-SP2 / nodejs8
Comment 15 Swamp Workflow Management 2019-12-11 20:32:39 UTC
SUSE-SU-2019:14246-1: An update that fixes 118 vulnerabilities is now available.

Category: security (important)
Bug References: 1000036,1001652,1025108,1029377,1029902,1040164,104105,1042670,1043008,1044946,1047925,1047936,1048299,1049186,1050653,1056058,1058013,1066242,1066953,1070738,1070853,1072320,1072322,1073796,1073798,1073799,1073803,1073808,1073818,1073823,1073829,1073830,1073832,1073846,1074235,1077230,1079761,1081750,1082318,1087453,1087459,1087463,1088573,1091764,1094814,1097158,1097375,1097401,1097404,1097748,1104841,1105019,1107030,1109465,1117473,1117626,1117627,1117629,1117630,1120644,1122191,1123482,1124525,1127532,1129346,1130694,1130840,1133452,1133810,1134209,1138459,1140290,1140868,1141853,1144919,1145665,1146090,1146091,1146093,1146094,1146095,1146097,1146099,1146100,1149323,1153423,1154738,1447070,1447409,744625,744629,845955,865853,905528,917607,935856,937414,947747,948045,948602,955142,957814,957815,961254,962297,966076,966077,985201,986541,991344,998743
CVE References: CVE-2013-2882,CVE-2013-6639,CVE-2013-6640,CVE-2013-6668,CVE-2014-0224,CVE-2015-3193,CVE-2015-3194,CVE-2015-5380,CVE-2015-7384,CVE-2016-2086,CVE-2016-2178,CVE-2016-2183,CVE-2016-2216,CVE-2016-5172,CVE-2016-5325,CVE-2016-6304,CVE-2016-6306,CVE-2016-7052,CVE-2016-7099,CVE-2017-1000381,CVE-2017-10686,CVE-2017-11111,CVE-2017-11499,CVE-2017-14228,CVE-2017-14849,CVE-2017-14919,CVE-2017-15896,CVE-2017-15897,CVE-2017-17810,CVE-2017-17811,CVE-2017-17812,CVE-2017-17813,CVE-2017-17814,CVE-2017-17815,CVE-2017-17816,CVE-2017-17817,CVE-2017-17818,CVE-2017-17819,CVE-2017-17820,CVE-2017-18207,CVE-2017-3735,CVE-2017-3736,CVE-2017-3738,CVE-2018-0732,CVE-2018-1000168,CVE-2018-12115,CVE-2018-12116,CVE-2018-12121,CVE-2018-12122,CVE-2018-12123,CVE-2018-20406,CVE-2018-20852,CVE-2018-7158,CVE-2018-7159,CVE-2018-7160,CVE-2018-7161,CVE-2018-7167,CVE-2019-10160,CVE-2019-11709,CVE-2019-11710,CVE-2019-11711,CVE-2019-11712,CVE-2019-11713,CVE-2019-11714,CVE-2019-11715,CVE-2019-11716,CVE-2019-11717,CVE-2019-11718,CVE-2019-11719,CVE-2019-11720,CVE-2019-11721,CVE-2019-11723,CVE-2019-11724,CVE-2019-11725,CVE-2019-11727,CVE-2019-11728,CVE-2019-11729,CVE-2019-11730,CVE-2019-11733,CVE-2019-11735,CVE-2019-11736,CVE-2019-11738,CVE-2019-11740,CVE-2019-11742,CVE-2019-11743,CVE-2019-11744,CVE-2019-11746,CVE-2019-11747,CVE-2019-11748,CVE-2019-11749,CVE-2019-11750,CVE-2019-11751,CVE-2019-11752,CVE-2019-11753,CVE-2019-11757,CVE-2019-11758,CVE-2019-11759,CVE-2019-11760,CVE-2019-11761,CVE-2019-11762,CVE-2019-11763,CVE-2019-11764,CVE-2019-13173,CVE-2019-15903,CVE-2019-5010,CVE-2019-5737,CVE-2019-9511,CVE-2019-9512,CVE-2019-9513,CVE-2019-9514,CVE-2019-9515,CVE-2019-9516,CVE-2019-9517,CVE-2019-9518,CVE-2019-9636,CVE-2019-9811,CVE-2019-9812,CVE-2019-9947
Sources used:
SUSE Linux Enterprise Server 11-SP4-LTSS (src):    MozillaFirefox-68.2.0-78.51.4, MozillaFirefox-branding-SLED-68-21.9.8, firefox-atk-2.26.1-2.8.4, firefox-cairo-1.15.10-2.13.4, firefox-gcc5-5.3.1+r233831-14.1, firefox-gcc8-8.2.1+r264010-2.5.1, firefox-gdk-pixbuf-2.36.11-2.8.4, firefox-glib2-2.54.3-2.14.7, firefox-gtk3-3.10.9-2.15.3, firefox-harfbuzz-1.7.5-2.7.4, firefox-libffi-3.2.1.git259-2.3.3, firefox-libffi-gcc5-5.3.1+r233831-14.1, firefox-pango-1.40.14-2.7.4, mozilla-nspr-4.21-29.6.1, mozilla-nss-3.45-38.9.3

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.