Bug 1008274 - (CVE-2016-5198) VUL-0: CVE-2016-5198: nodejs,chromium,v8: out of bounds memory access in v8
(CVE-2016-5198)
VUL-0: CVE-2016-5198: nodejs,chromium,v8: out of bounds memory access in v8
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Major
: ---
Assigned To: Jordi Massaguer
Security Team bot
https://smash.suse.de/issue/174351/
CVSSv2:SUSE:CVE-2016-5198:6.8:(AV:N/A...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2016-11-03 09:55 UTC by Andreas Stieger
Modified: 2020-11-10 21:20 UTC (History)
5 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Stieger 2016-11-03 09:55:31 UTC
https://googlechromereleases.blogspot.de/2016/11/stable-channel-update-for-desktop.html

The stable channel has been updated to 54.0.2840.87 for Windows, Mac, and 54.0.2840.90

High CVE-2016-5198: Out of bounds memory access in V8. Credit to Tencent Keen Security Lab, working with Trend Micro's Zero Day Initiative 

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1391356
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5198
https://bugs.chromium.org/p/chromium/issues/detail?id=659475
Comment 1 Tomáš Chvátal 2016-11-03 11:35:49 UTC
Submissions done.
Comment 2 Bernhard Wiedemann 2016-11-03 13:00:49 UTC
This is an autogenerated message for OBS integration:
This bug (1008274) was mentioned in
https://build.opensuse.org/request/show/438516 Factory / chromium
https://build.opensuse.org/request/show/438518 13.2 / chromium
https://build.opensuse.org/request/show/438519 42.1 / chromium
https://build.opensuse.org/request/show/438520 Backports:SLE-12 / chromium
Comment 3 Andreas Stieger 2016-11-03 13:19:26 UTC
Need v8 for openSUSE Leap 42.2 please
Comment 4 Swamp Workflow Management 2016-11-03 23:01:49 UTC
bugbot adjusting priority
Comment 5 Andreas Stieger 2016-11-04 16:44:53 UTC
Michael, ping for response for
network:chromium/v8
openSUSE:Leap:42.2:Update/v8
Comment 6 Swamp Workflow Management 2016-11-04 20:07:06 UTC
openSUSE-SU-2016:2732-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 1008274
CVE References: CVE-2016-5198
Sources used:
SUSE Package Hub for SUSE Linux Enterprise 12 (src):    chromium-54.0.2840.90-112.1
Comment 7 Swamp Workflow Management 2016-11-04 20:07:19 UTC
openSUSE-SU-2016:2733-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 1008274
CVE References: CVE-2016-5198
Sources used:
openSUSE Leap 42.1 (src):    chromium-54.0.2840.90-85.1
openSUSE 13.2 (src):    chromium-54.0.2840.90-134.1
Comment 8 Bernhard Wiedemann 2016-11-06 15:00:16 UTC
This is an autogenerated message for OBS integration:
This bug (1008274) was mentioned in
https://build.opensuse.org/request/show/438926 Factory / chromium
Comment 9 Bernhard Wiedemann 2016-11-08 09:00:21 UTC
This is an autogenerated message for OBS integration:
This bug (1008274) was mentioned in
https://build.opensuse.org/request/show/439118 Factory / chromium
Comment 10 Marcus Meissner 2016-12-02 14:20:05 UTC
i am adding nodejs
Comment 11 Bernhard Wiedemann 2016-12-03 11:00:23 UTC
This is an autogenerated message for OBS integration:
This bug (1008274) was mentioned in
https://build.opensuse.org/request/show/443536 Factory / chromium