openSUSE Security Update : Chromium (openSUSE-2017-353)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

Chromium was updated to 57.0.2987.98 to fix security issues and bugs.

The following vulnerabilities were fixed (bsc#1028848) :

- CVE-2017-5030: Memory corruption in V8

- CVE-2017-5031: Use after free in ANGLE

- CVE-2017-5032: Out of bounds write in PDFium

- CVE-2017-5029: Integer overflow in libxslt

- CVE-2017-5034: Use after free in PDFium

- CVE-2017-5035: Incorrect security UI in Omnibox

- CVE-2017-5036: Use after free in PDFium

- CVE-2017-5037: Multiple out of bounds writes in
ChunkDemuxer

- CVE-2017-5039: Use after free in PDFium

- CVE-2017-5040: Information disclosure in V8

- CVE-2017-5041: Address spoofing in Omnibox

- CVE-2017-5033: Bypass of Content Security Policy in
Blink

- CVE-2017-5042: Incorrect handling of cookies in Cast

- CVE-2017-5038: Use after free in GuestView

- CVE-2017-5043: Use after free in GuestView

- CVE-2017-5044: Heap overflow in Skia

- CVE-2017-5045: Information disclosure in XSS Auditor

- CVE-2017-5046: Information disclosure in Blink

The following non-security changes are included :

- Address broken rendering on non-intel cards

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=1028848

Solution :

Update the affected Chromium packages.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now