openSUSE Security Update : chromium (openSUSE-2017-1047)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

This update for chromium to version 61.0.3163.79 fixes several issues.

These security issues were fixed :

- CVE-2017-5111: Use after free in PDFium (boo#1057364).

- CVE-2017-5112: Heap buffer overflow in WebGL
(boo#1057364).

- CVE-2017-5113: Heap buffer overflow in Skia
(boo#1057364).

- CVE-2017-5114: Memory lifecycle issue in PDFium
(boo#1057364).

- CVE-2017-5115: Type confusion in V8 (boo#1057364).

- CVE-2017-5116: Type confusion in V8 (boo#1057364).

- CVE-2017-5117: Use of uninitialized value in Skia
(boo#1057364).

- CVE-2017-5118: Bypass of Content Security Policy in
Blink (boo#1057364).

- CVE-2017-5119: Use of uninitialized value in Skia
(boo#1057364).

- CVE-2017-5120: Potential HTTPS downgrade during redirect
navigation (boo#1057364).

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=1057364

Solution :

Update the affected chromium packages.

Risk factor :

High

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now