SUSE-SU-2016:2598-1: important: Security update for Chromium

sle-security-updates at sle-security-updates at
Sun Oct 23 13:08:40 MDT 2016

   SUSE Security Update: Security update for Chromium

Announcement ID:    SUSE-SU-2016:2598-1
Rating:             important
References:         #1000019 #1004465 
Cross-References:   CVE-2016-5181 CVE-2016-5182 CVE-2016-5183
                    CVE-2016-5184 CVE-2016-5185 CVE-2016-5186
                    CVE-2016-5187 CVE-2016-5188 CVE-2016-5189
                    CVE-2016-5190 CVE-2016-5191 CVE-2016-5192
Affected Products:
                    SUSE Package Hub for SUSE Linux Enterprise 12

   An update that fixes 13 vulnerabilities is now available.


   Chromium was updated to 54.0.2840.59 to fix security issues and bugs.

   The following security issues are fixed (bnc#1004465):

   - CVE-2016-5181: Universal XSS in Blink
   - CVE-2016-5182: Heap overflow in Blink
   - CVE-2016-5183: Use after free in PDFium
   - CVE-2016-5184: Use after free in PDFium
   - CVE-2016-5185: Use after free in Blink
   - CVE-2016-5187: URL spoofing
   - CVE-2016-5188: UI spoofing
   - CVE-2016-5192: Cross-origin bypass in Blink
   - CVE-2016-5189: URL spoofing
   - CVE-2016-5186: Out of bounds read in DevTools
   - CVE-2016-5191: Universal XSS in Bookmarks
   - CVE-2016-5190: Use after free in Internals
   - CVE-2016-5193: Scheme bypass

   The following bugs were fixed:

   -  bnc#1000019: display issues in full screen mode, add
      --ui-disable-partial-swap to the launcher

   The following packaging changes are included:

   - The desktop sub-packages are no obsolete
   - The package now uses the system variants of some bundled libraries
   - The hangouts extension is now built

Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Package Hub for SUSE Linux Enterprise 12:

      zypper in -t patch 5717=1

   To bring your system up-to-date, use "zypper patch".

Package List:

   - SUSE Package Hub for SUSE Linux Enterprise 12 (x86_64):



More information about the sle-security-updates mailing list