Bugzilla – Bug 1028848
VUL-0: chromium: Security update of chromium to 57.0.2987.98
Last modified: 2017-03-17 23:09:32 UTC
As per upstream released new chromium with bunch of CVE's: https://chromereleases.googleblog.com/ [$7500][682194] High CVE-2017-5030: Memory corruption in V8. Credit to Brendon Tiszka [$5000][682020] High CVE-2017-5031: Use after free in ANGLE. Credit to Looben Yang [$3000][668724] High CVE-2017-5032: Out of bounds write in PDFium. Credit to Ashfaq Ansari - Project Srishti [$3000][676623] High CVE-2017-5029: Integer overflow in libxslt. Credit to Holger Fuhrmannek [$3000][678461] High CVE-2017-5034: Use after free in PDFium. Credit to Ke Liu of Tencent's Xuanwu LAB [$3000][688425] High CVE-2017-5035: Incorrect security UI in Omnibox. Credit to Enzo Aguado [$3000][691371] High CVE-2017-5036: Use after free in PDFium. Credit to Anonymous [$1000][679640] High CVE-2017-5037: Multiple out of bounds writes in ChunkDemuxer. Credit to Yongke Wang of Tencent's Xuanwu Lab (xlab.tencent.com) [$500][679649] High CVE-2017-5039: Use after free in PDFium. Credit to jinmo123 [$2000][691323] Medium CVE-2017-5040: Information disclosure in V8. Credit to Choongwoo Han [$1000][642490] Medium CVE-2017-5041: Address spoofing in Omnibox. Credit to Jordi Chancel [$1000][669086] Medium CVE-2017-5033: Bypass of Content Security Policy in Blink. Credit to Nicolai Grødum [$1000][671932] Medium CVE-2017-5042: Incorrect handling of cookies in Cast. Credit to Mike Ruddy [$1000][695476] Medium CVE-2017-5038: Use after free in GuestView. Credit to Anonymous [$1000][683523] Medium CVE-2017-5043: Use after free in GuestView. Credit to Anonymous [$1000][688987] Medium CVE-2017-5044: Heap overflow in Skia. Credit to Kushal Arvind Shah of Fortinet's FortiGuard Labs [$500][667079] Medium CVE-2017-5045: Information disclosure in XSS Auditor. Credit to Dhaval Kapil (vampire) [$500][680409] Medium CVE-2017-5046: Information disclosure in Blink. Credit to Masato Kinugawa
*** Bug 1028875 has been marked as a duplicate of this bug. ***
This is an autogenerated message for OBS integration: This bug (1028848) was mentioned in https://build.opensuse.org/request/show/478469 Factory / chromium https://build.opensuse.org/request/show/478470 42.2 / chromium https://build.opensuse.org/request/show/478471 42.1 / chromium
This is an autogenerated message for OBS integration: This bug (1028848) was mentioned in https://build.opensuse.org/request/show/478650 Backports:SLE-12-SP2 / chromium
Current GotoMeeting sais it does not support this version of Chromium (yet), and that their fix is imminent.
release
openSUSE-SU-2017:0738-1: An update that fixes 18 vulnerabilities is now available. Category: security (important) Bug References: 1028848 CVE References: CVE-2017-5029,CVE-2017-5030,CVE-2017-5031,CVE-2017-5032,CVE-2017-5033,CVE-2017-5034,CVE-2017-5035,CVE-2017-5036,CVE-2017-5037,CVE-2017-5038,CVE-2017-5039,CVE-2017-5040,CVE-2017-5041,CVE-2017-5042,CVE-2017-5043,CVE-2017-5044,CVE-2017-5045,CVE-2017-5046 Sources used: openSUSE Leap 42.2 (src): chromium-57.0.2987.98-105.2 openSUSE Leap 42.1 (src): chromium-57.0.2987.98-105.2
openSUSE-SU-2017:0740-1: An update that fixes 18 vulnerabilities is now available. Category: security (important) Bug References: 1028848 CVE References: CVE-2017-5029,CVE-2017-5030,CVE-2017-5031,CVE-2017-5032,CVE-2017-5033,CVE-2017-5034,CVE-2017-5035,CVE-2017-5036,CVE-2017-5037,CVE-2017-5038,CVE-2017-5039,CVE-2017-5040,CVE-2017-5041,CVE-2017-5042,CVE-2017-5043,CVE-2017-5044,CVE-2017-5045,CVE-2017-5046 Sources used: SUSE Package Hub for SUSE Linux Enterprise 12 (src): chromium-57.0.2987.98-8.1