openSUSE-SU-2016:2309-1

See a problem?
Import Source
https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2016:2309-1.json
JSON Data
https://api.osv.dev/v1/vulns/openSUSE-SU-2016:2309-1
Related
  • CVE-2016-5170
  • CVE-2016-5171
  • CVE-2016-5172
  • CVE-2016-5173
  • CVE-2016-5174
  • CVE-2016-5175
Published
2016-09-14T21:25:32Z
Modified
2016-09-14T21:25:32Z
Summary
Recommended update for chromium
Details

Chromium was updated to 53.0.2785.113 to fix a number of security issues and bugs.

The following vulnerabilities were fixed:

  • CVE-2016-5170: Use after free in Blink
  • CVE-2016-5171: Use after free in Blink
  • CVE-2016-5172: Arbitrary Memory Read in v8
  • CVE-2016-5173: Extension resource access
  • CVE-2016-5174: Popup not correctly suppressed
  • CVE-2016-5175: Various fixes from internal audits, fuzzing and other initiatives.

The following upstream fixes are included:

  • SPDY crasher fixes
  • Disable NV12 DXGI video on AMD
  • Forward --password-store switch to os_crypt
  • Tell the kernel to discard USB requests when they time out.
  • disallow WKBackForwardListItem navigations for pushState pages
  • arc: bluetooth: Fix advertised uuid
  • fix conflicting PendingIntent for stop button and swipe away

The widevine plugin was re-enabled (boo#998328).

References

Affected packages

SUSE:Package Hub 12 / chromium

Package

Name
chromium
Purl
purl:rpm/suse/chromium&distro=SUSE%20Package%20Hub%2012

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
53.0.2785.113-100.1

Ecosystem specific 

{
    "binaries": [
        {
            "chromium-desktop-gnome": "53.0.2785.113-100.1",
            "chromedriver": "53.0.2785.113-100.1",
            "chromium": "53.0.2785.113-100.1",
            "chromium-desktop-kde": "53.0.2785.113-100.1",
            "chromium-ffmpegsumo": "53.0.2785.113-100.1"
        }
    ]
}