openSUSE Security Update : chromium (openSUSE-2017-1047)

medium Nessus Plugin ID 103283
New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it is different from CVSS.

VPR Score: 8.9

Synopsis

The remote openSUSE host is missing a security update.

Description

This update for chromium to version 61.0.3163.79 fixes several issues.

These security issues were fixed :

- CVE-2017-5111: Use after free in PDFium (boo#1057364).

- CVE-2017-5112: Heap buffer overflow in WebGL (boo#1057364).

- CVE-2017-5113: Heap buffer overflow in Skia (boo#1057364).

- CVE-2017-5114: Memory lifecycle issue in PDFium (boo#1057364).

- CVE-2017-5115: Type confusion in V8 (boo#1057364).

- CVE-2017-5116: Type confusion in V8 (boo#1057364).

- CVE-2017-5117: Use of uninitialized value in Skia (boo#1057364).

- CVE-2017-5118: Bypass of Content Security Policy in Blink (boo#1057364).

- CVE-2017-5119: Use of uninitialized value in Skia (boo#1057364).

- CVE-2017-5120: Potential HTTPS downgrade during redirect navigation (boo#1057364).

Solution

Update the affected chromium packages.

See Also

https://bugzilla.opensuse.org/show_bug.cgi?id=1057364

Plugin Details

Severity: Medium

ID: 103283

File Name: openSUSE-2017-1047.nasl

Version: 3.8

Type: local

Agent: unix

Published: 9/18/2017

Updated: 1/19/2021

Dependencies: 12634

Risk Information

Risk Factor: Medium

VPR Score: 8.9

CVSS v2.0

Base Score: 6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS v3.0

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:chromedriver, p-cpe:/a:novell:opensuse:chromedriver-debuginfo, p-cpe:/a:novell:opensuse:chromium, p-cpe:/a:novell:opensuse:chromium-debuginfo, p-cpe:/a:novell:opensuse:chromium-debugsource, cpe:/o:novell:opensuse:42.2, cpe:/o:novell:opensuse:42.3

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 9/15/2017

Vulnerability Publication Date: 10/27/2017

Reference Information

CVE: CVE-2017-5111, CVE-2017-5112, CVE-2017-5113, CVE-2017-5114, CVE-2017-5115, CVE-2017-5116, CVE-2017-5117, CVE-2017-5118, CVE-2017-5119, CVE-2017-5120