Bug 1028848 - VUL-0: chromium: Security update of chromium to 57.0.2987.98
VUL-0: chromium: Security update of chromium to 57.0.2987.98
Status: RESOLVED FIXED
: CVE-2017-5030 (view as bug list)
Classification: openSUSE
Product: openSUSE Tumbleweed
Classification: openSUSE
Component: Security
Current
Other Other
: P3 - Medium : Normal (vote)
: ---
Assigned To: Security Team bot
E-mail List
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-03-10 10:54 UTC by Tomáš Chvátal
Modified: 2017-03-17 23:09 UTC (History)
2 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Tomáš Chvátal 2017-03-10 10:54:18 UTC
As per upstream released new chromium with bunch of CVE's:

https://chromereleases.googleblog.com/


[$7500][682194] High CVE-2017-5030: Memory corruption in V8. Credit to Brendon Tiszka
[$5000][682020] High CVE-2017-5031: Use after free in ANGLE. Credit to Looben Yang
[$3000][668724] High CVE-2017-5032: Out of bounds write in PDFium. Credit to Ashfaq Ansari - Project Srishti
[$3000][676623] High CVE-2017-5029: Integer overflow in libxslt. Credit to Holger Fuhrmannek
[$3000][678461] High CVE-2017-5034: Use after free in PDFium. Credit to Ke Liu of Tencent's Xuanwu LAB
[$3000][688425] High CVE-2017-5035: Incorrect security UI in Omnibox. Credit to Enzo Aguado
[$3000][691371] High CVE-2017-5036: Use after free in PDFium. Credit to Anonymous
[$1000][679640] High CVE-2017-5037: Multiple out of bounds writes in ChunkDemuxer. Credit to Yongke Wang of Tencent's Xuanwu Lab (xlab.tencent.com)
[$500][679649] High CVE-2017-5039: Use after free in PDFium. Credit to jinmo123
[$2000][691323] Medium CVE-2017-5040: Information disclosure in V8. Credit to Choongwoo Han
[$1000][642490] Medium CVE-2017-5041: Address spoofing in Omnibox. Credit to Jordi Chancel
[$1000][669086] Medium CVE-2017-5033: Bypass of Content Security Policy in Blink. Credit to Nicolai Grødum
[$1000][671932] Medium CVE-2017-5042: Incorrect handling of cookies in Cast. Credit to Mike Ruddy
[$1000][695476] Medium CVE-2017-5038: Use after free in GuestView. Credit to Anonymous
[$1000][683523] Medium CVE-2017-5043: Use after free in GuestView. Credit to Anonymous
[$1000][688987] Medium CVE-2017-5044: Heap overflow in Skia. Credit to Kushal Arvind Shah of Fortinet's FortiGuard Labs
[$500][667079] Medium CVE-2017-5045: Information disclosure in XSS Auditor. Credit to Dhaval Kapil (vampire)
[$500][680409] Medium CVE-2017-5046: Information disclosure in Blink. Credit to Masato Kinugawa
Comment 1 Marcus Meissner 2017-03-10 12:48:18 UTC
*** Bug 1028875 has been marked as a duplicate of this bug. ***
Comment 2 Bernhard Wiedemann 2017-03-10 13:00:58 UTC
This is an autogenerated message for OBS integration:
This bug (1028848) was mentioned in
https://build.opensuse.org/request/show/478469 Factory / chromium
https://build.opensuse.org/request/show/478470 42.2 / chromium
https://build.opensuse.org/request/show/478471 42.1 / chromium
Comment 3 Bernhard Wiedemann 2017-03-11 11:01:16 UTC
This is an autogenerated message for OBS integration:
This bug (1028848) was mentioned in
https://build.opensuse.org/request/show/478650 Backports:SLE-12-SP2 / chromium
Comment 4 Andreas Stieger 2017-03-14 14:03:46 UTC
Current GotoMeeting sais it does not support this version of Chromium (yet), and that their fix is imminent.
Comment 5 Andreas Stieger 2017-03-17 20:07:55 UTC
release
Comment 6 Swamp Workflow Management 2017-03-17 23:09:04 UTC
openSUSE-SU-2017:0738-1: An update that fixes 18 vulnerabilities is now available.

Category: security (important)
Bug References: 1028848
CVE References: CVE-2017-5029,CVE-2017-5030,CVE-2017-5031,CVE-2017-5032,CVE-2017-5033,CVE-2017-5034,CVE-2017-5035,CVE-2017-5036,CVE-2017-5037,CVE-2017-5038,CVE-2017-5039,CVE-2017-5040,CVE-2017-5041,CVE-2017-5042,CVE-2017-5043,CVE-2017-5044,CVE-2017-5045,CVE-2017-5046
Sources used:
openSUSE Leap 42.2 (src):    chromium-57.0.2987.98-105.2
openSUSE Leap 42.1 (src):    chromium-57.0.2987.98-105.2
Comment 7 Swamp Workflow Management 2017-03-17 23:09:32 UTC
openSUSE-SU-2017:0740-1: An update that fixes 18 vulnerabilities is now available.

Category: security (important)
Bug References: 1028848
CVE References: CVE-2017-5029,CVE-2017-5030,CVE-2017-5031,CVE-2017-5032,CVE-2017-5033,CVE-2017-5034,CVE-2017-5035,CVE-2017-5036,CVE-2017-5037,CVE-2017-5038,CVE-2017-5039,CVE-2017-5040,CVE-2017-5041,CVE-2017-5042,CVE-2017-5043,CVE-2017-5044,CVE-2017-5045,CVE-2017-5046
Sources used:
SUSE Package Hub for SUSE Linux Enterprise 12 (src):    chromium-57.0.2987.98-8.1