openSUSE Security Update: Security update for chromium

______________________________________________________________________________



Announcement ID: openSUSE-SU-2017:3244-1

Rating: important

References: #1071691

Cross-References: CVE-2017-15408 CVE-2017-15409 CVE-2017-15410

CVE-2017-15411 CVE-2017-15412 CVE-2017-15413

CVE-2017-15415 CVE-2017-15416 CVE-2017-15417

CVE-2017-15418 CVE-2017-15419 CVE-2017-15420

CVE-2017-15422 CVE-2017-15423 CVE-2017-15424

CVE-2017-15425 CVE-2017-15426 CVE-2017-15427



Affected Products:

openSUSE Leap 42.3

openSUSE Leap 42.2

______________________________________________________________________________



An update that fixes 18 vulnerabilities is now available.



Description:



This update to Chromium 63.0.3239.84 fixes the following security issues:



- CVE-2017-15408: Heap buffer overflow in PDFium

- CVE-2017-15409: Out of bounds write in Skia

- CVE-2017-15410: Use after free in PDFium

- CVE-2017-15411: Use after free in PDFium

- CVE-2017-15412: Use after free in libXML

- CVE-2017-15413: Type confusion in WebAssembly

- CVE-2017-15415: Pointer information disclosure in IPC call

- CVE-2017-15416: Out of bounds read in Blink

- CVE-2017-15417: Cross origin information disclosure in Skia

- CVE-2017-15418: Use of uninitialized value in Skia

- CVE-2017-15419: Cross origin leak of redirect URL in Blink

- CVE-2017-15420: URL spoofing in Omnibox

- CVE-2017-15422: Integer overflow in ICU

- CVE-2017-15423: Issue with SPAKE implementation in BoringSSL

- CVE-2017-15424: URL Spoof in Omnibox

- CVE-2017-15425: URL Spoof in Omnibox

- CVE-2017-15426: URL Spoof in Omnibox

- CVE-2017-15427: Insufficient blocking of JavaScript in Omnibox





Patch Instructions:



To install this openSUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:



- openSUSE Leap 42.3:



zypper in -t patch openSUSE-2017-1349=1



- openSUSE Leap 42.2:



zypper in -t patch openSUSE-2017-1349=1



To bring your system up-to-date, use "zypper patch".





Package List:



- openSUSE Leap 42.3 (x86_64):



chromedriver-63.0.3239.84-127.1

chromedriver-debuginfo-63.0.3239.84-127.1

chromium-63.0.3239.84-127.1

chromium-debuginfo-63.0.3239.84-127.1

chromium-debugsource-63.0.3239.84-127.1



- openSUSE Leap 42.2 (x86_64):



chromedriver-63.0.3239.84-104.41.1

chromedriver-debuginfo-63.0.3239.84-104.41.1

chromium-63.0.3239.84-104.41.1

chromium-debuginfo-63.0.3239.84-104.41.1

chromium-debugsource-63.0.3239.84-104.41.1





References:



