Security update for Chromium SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2016:0817-1 Final 1 1 2016-03-18T11:40:35Z current 2016-03-18T11:40:35Z 2016-03-18T11:40:35Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for Chromium This update contains Chromium 49.0.2623.87 to fix the following issues: - CVE-2016-1643: Type confusion in Blink (boo#970514) - CVE-2016-1644: Use-after-free in Blink (boo#970509) - CVE-2016-1645: Out-of-bounds write in PDFium (boo#970511) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2016-03/msg00066.html E-Mail link for openSUSE-SU-2016:0817-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.1 chromedriver-49.0.2623.87-31.1 chromium-49.0.2623.87-31.1 chromium-desktop-gnome-49.0.2623.87-31.1 chromium-desktop-kde-49.0.2623.87-31.1 chromium-ffmpegsumo-49.0.2623.87-31.1 chromedriver-49.0.2623.87-31.1 as a component of openSUSE Leap 42.1 chromium-49.0.2623.87-31.1 as a component of openSUSE Leap 42.1 chromium-desktop-gnome-49.0.2623.87-31.1 as a component of openSUSE Leap 42.1 chromium-desktop-kde-49.0.2623.87-31.1 as a component of openSUSE Leap 42.1 chromium-ffmpegsumo-49.0.2623.87-31.1 as a component of openSUSE Leap 42.1 The ImageInputType::ensurePrimaryContent function in WebKit/Source/core/html/forms/ImageInputType.cpp in Blink, as used in Google Chrome before 49.0.2623.87, does not properly maintain the user agent shadow DOM, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion." CVE-2016-1643 openSUSE Leap 42.1:chromedriver-49.0.2623.87-31.1 openSUSE Leap 42.1:chromium-49.0.2623.87-31.1 openSUSE Leap 42.1:chromium-desktop-gnome-49.0.2623.87-31.1 openSUSE Leap 42.1:chromium-desktop-kde-49.0.2623.87-31.1 openSUSE Leap 42.1:chromium-ffmpegsumo-49.0.2623.87-31.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-03/msg00066.html https://www.suse.com/security/cve/CVE-2016-1643.html CVE-2016-1643 https://bugzilla.suse.com/970514 SUSE Bug 970514 WebKit/Source/core/layout/LayoutObject.cpp in Blink, as used in Google Chrome before 49.0.2623.87, does not properly restrict relayout scheduling, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted HTML document. CVE-2016-1644 openSUSE Leap 42.1:chromedriver-49.0.2623.87-31.1 openSUSE Leap 42.1:chromium-49.0.2623.87-31.1 openSUSE Leap 42.1:chromium-desktop-gnome-49.0.2623.87-31.1 openSUSE Leap 42.1:chromium-desktop-kde-49.0.2623.87-31.1 openSUSE Leap 42.1:chromium-ffmpegsumo-49.0.2623.87-31.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-03/msg00066.html https://www.suse.com/security/cve/CVE-2016-1644.html CVE-2016-1644 https://bugzilla.suse.com/970509 SUSE Bug 970509 Multiple integer signedness errors in the opj_j2k_update_image_data function in j2k.c in OpenJPEG, as used in PDFium in Google Chrome before 49.0.2623.87, allow remote attackers to cause a denial of service (incorrect cast and out-of-bounds write) or possibly have unspecified other impact via crafted JPEG 2000 data. CVE-2016-1645 openSUSE Leap 42.1:chromedriver-49.0.2623.87-31.1 openSUSE Leap 42.1:chromium-49.0.2623.87-31.1 openSUSE Leap 42.1:chromium-desktop-gnome-49.0.2623.87-31.1 openSUSE Leap 42.1:chromium-desktop-kde-49.0.2623.87-31.1 openSUSE Leap 42.1:chromium-ffmpegsumo-49.0.2623.87-31.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-03/msg00066.html https://www.suse.com/security/cve/CVE-2016-1645.html CVE-2016-1645 https://bugzilla.suse.com/970511 SUSE Bug 970511