Vulnerability from csaf_opensuse
Published
2017-03-17 20:07
Modified
2017-03-17 20:07
Summary
Security update for Chromium
Notes
Title of the patch
Security update for Chromium
Description of the patch
Chromium was updated to 57.0.2987.98 to fix security issues and bugs.
The following vulnerabilities were fixed (bsc#1028848):
- CVE-2017-5030: Memory corruption in V8
- CVE-2017-5031: Use after free in ANGLE
- CVE-2017-5032: Out of bounds write in PDFium
- CVE-2017-5029: Integer overflow in libxslt
- CVE-2017-5034: Use after free in PDFium
- CVE-2017-5035: Incorrect security UI in Omnibox
- CVE-2017-5036: Use after free in PDFium
- CVE-2017-5037: Multiple out of bounds writes in ChunkDemuxer
- CVE-2017-5039: Use after free in PDFium
- CVE-2017-5040: Information disclosure in V8
- CVE-2017-5041: Address spoofing in Omnibox
- CVE-2017-5033: Bypass of Content Security Policy in Blink
- CVE-2017-5042: Incorrect handling of cookies in Cast
- CVE-2017-5038: Use after free in GuestView
- CVE-2017-5043: Use after free in GuestView
- CVE-2017-5044: Heap overflow in Skia
- CVE-2017-5045: Information disclosure in XSS Auditor
- CVE-2017-5046: Information disclosure in Blink
The following non-security changes are included:
- Address broken rendering on non-intel cards
Patchnames
openSUSE-2017-353
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for Chromium", title: "Title of the patch", }, { category: "description", text: "Chromium was updated to 57.0.2987.98 to fix security issues and bugs.\n\nThe following vulnerabilities were fixed (bsc#1028848):\n\n- CVE-2017-5030: Memory corruption in V8\n- CVE-2017-5031: Use after free in ANGLE\n- CVE-2017-5032: Out of bounds write in PDFium\n- CVE-2017-5029: Integer overflow in libxslt\n- CVE-2017-5034: Use after free in PDFium\n- CVE-2017-5035: Incorrect security UI in Omnibox\n- CVE-2017-5036: Use after free in PDFium\n- CVE-2017-5037: Multiple out of bounds writes in ChunkDemuxer\n- CVE-2017-5039: Use after free in PDFium\n- CVE-2017-5040: Information disclosure in V8\n- CVE-2017-5041: Address spoofing in Omnibox\n- CVE-2017-5033: Bypass of Content Security Policy in Blink\n- CVE-2017-5042: Incorrect handling of cookies in Cast\n- CVE-2017-5038: Use after free in GuestView\n- CVE-2017-5043: Use after free in GuestView\n- CVE-2017-5044: Heap overflow in Skia\n- CVE-2017-5045: Information disclosure in XSS Auditor\n- CVE-2017-5046: Information disclosure in Blink\n\n \nThe following non-security changes are included:\n\n- Address broken rendering on non-intel cards \n", title: "Description of the patch", }, { category: "details", text: "openSUSE-2017-353", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2017_0740-1.json", }, { category: "self", summary: "URL for openSUSE-SU-2017:0740-1", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2PWEOYPGN6NS2GPOOLH27ZPXQ7KSRFP4/#2PWEOYPGN6NS2GPOOLH27ZPXQ7KSRFP4", }, { category: "self", summary: "E-Mail link for openSUSE-SU-2017:0740-1", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2PWEOYPGN6NS2GPOOLH27ZPXQ7KSRFP4/#2PWEOYPGN6NS2GPOOLH27ZPXQ7KSRFP4", }, { category: "self", summary: "SUSE Bug 1028848", url: "https://bugzilla.suse.com/1028848", }, { category: "self", summary: "SUSE CVE CVE-2017-5029 page", url: "https://www.suse.com/security/cve/CVE-2017-5029/", }, { category: "self", summary: "SUSE CVE CVE-2017-5030 page", url: "https://www.suse.com/security/cve/CVE-2017-5030/", }, { category: "self", summary: "SUSE CVE CVE-2017-5031 page", url: "https://www.suse.com/security/cve/CVE-2017-5031/", }, { category: "self", summary: "SUSE CVE CVE-2017-5032 page", url: "https://www.suse.com/security/cve/CVE-2017-5032/", }, { category: "self", summary: "SUSE CVE CVE-2017-5033 page", url: "https://www.suse.com/security/cve/CVE-2017-5033/", }, { category: "self", summary: "SUSE CVE CVE-2017-5034 page", url: "https://www.suse.com/security/cve/CVE-2017-5034/", }, { category: "self", summary: "SUSE CVE CVE-2017-5035 page", url: "https://www.suse.com/security/cve/CVE-2017-5035/", }, { category: "self", summary: "SUSE CVE CVE-2017-5036 page", url: "https://www.suse.com/security/cve/CVE-2017-5036/", }, { category: "self", summary: "SUSE CVE CVE-2017-5037 page", url: "https://www.suse.com/security/cve/CVE-2017-5037/", }, { category: "self", summary: "SUSE CVE CVE-2017-5038 page", url: "https://www.suse.com/security/cve/CVE-2017-5038/", }, { category: "self", summary: "SUSE CVE CVE-2017-5039 page", url: "https://www.suse.com/security/cve/CVE-2017-5039/", }, { category: "self", summary: "SUSE CVE CVE-2017-5040 page", url: "https://www.suse.com/security/cve/CVE-2017-5040/", }, { category: "self", summary: "SUSE CVE CVE-2017-5041 page", url: "https://www.suse.com/security/cve/CVE-2017-5041/", }, { category: "self", summary: "SUSE CVE CVE-2017-5042 page", url: "https://www.suse.com/security/cve/CVE-2017-5042/", }, { category: "self", summary: "SUSE CVE CVE-2017-5043 page", url: "https://www.suse.com/security/cve/CVE-2017-5043/", }, { category: "self", summary: "SUSE CVE CVE-2017-5044 page", url: "https://www.suse.com/security/cve/CVE-2017-5044/", }, { category: "self", summary: "SUSE CVE CVE-2017-5045 page", url: "https://www.suse.com/security/cve/CVE-2017-5045/", }, { category: "self", summary: "SUSE CVE CVE-2017-5046 page", url: "https://www.suse.com/security/cve/CVE-2017-5046/", }, ], title: "Security update for Chromium", tracking: { current_release_date: "2017-03-17T20:07:47Z", generator: { date: "2017-03-17T20:07:47Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2017:0740-1", initial_release_date: "2017-03-17T20:07:47Z", revision_history: [ { date: "2017-03-17T20:07:47Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "chromedriver-57.0.2987.98-8.1.x86_64", product: { name: "chromedriver-57.0.2987.98-8.1.x86_64", product_id: "chromedriver-57.0.2987.98-8.1.x86_64", }, }, { category: "product_version", name: "chromium-57.0.2987.98-8.1.x86_64", product: { name: "chromium-57.0.2987.98-8.1.x86_64", product_id: "chromium-57.0.2987.98-8.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Package Hub 12 SP2", product: { name: "SUSE Package Hub 12 SP2", product_id: "SUSE Package Hub 12 SP2", product_identification_helper: { cpe: "cpe:/o:suse:packagehub:12:sp2", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "chromedriver-57.0.2987.98-8.1.x86_64 as component of SUSE Package Hub 12 SP2", product_id: "SUSE Package Hub 12 SP2:chromedriver-57.0.2987.98-8.1.x86_64", }, product_reference: "chromedriver-57.0.2987.98-8.1.x86_64", relates_to_product_reference: "SUSE Package Hub 12 SP2", }, { category: "default_component_of", full_product_name: { name: "chromium-57.0.2987.98-8.1.x86_64 as component of SUSE Package Hub 12 SP2", product_id: "SUSE Package Hub 12 SP2:chromium-57.0.2987.98-8.1.x86_64", }, product_reference: "chromium-57.0.2987.98-8.1.x86_64", relates_to_product_reference: "SUSE Package Hub 12 SP2", }, ], }, vulnerabilities: [ { cve: "CVE-2017-5029", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-5029", }, ], notes: [ { category: "general", text: "The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 12 SP2:chromedriver-57.0.2987.98-8.1.x86_64", "SUSE Package Hub 12 SP2:chromium-57.0.2987.98-8.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-5029", url: "https://www.suse.com/security/cve/CVE-2017-5029", }, { category: "external", summary: "SUSE Bug 1028848 for CVE-2017-5029", url: "https://bugzilla.suse.com/1028848", }, { category: "external", summary: "SUSE Bug 1028875 for CVE-2017-5029", url: "https://bugzilla.suse.com/1028875", }, { category: "external", summary: "SUSE Bug 1035905 for CVE-2017-5029", url: "https://bugzilla.suse.com/1035905", }, { category: "external", summary: "SUSE Bug 1123130 for CVE-2017-5029", url: "https://bugzilla.suse.com/1123130", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 12 SP2:chromedriver-57.0.2987.98-8.1.x86_64", "SUSE Package Hub 12 SP2:chromium-57.0.2987.98-8.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Package Hub 12 SP2:chromedriver-57.0.2987.98-8.1.x86_64", "SUSE Package Hub 12 SP2:chromium-57.0.2987.98-8.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2017-03-17T20:07:47Z", details: "low", }, ], title: "CVE-2017-5029", }, { cve: "CVE-2017-5030", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-5030", }, ], notes: [ { category: "general", text: "Incorrect handling of complex species in V8 in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac and 57.0.2987.108 for Android allowed a remote attacker to execute arbitrary code via a crafted HTML page.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 12 SP2:chromedriver-57.0.2987.98-8.1.x86_64", "SUSE Package Hub 12 SP2:chromium-57.0.2987.98-8.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-5030", url: "https://www.suse.com/security/cve/CVE-2017-5030", }, { category: "external", summary: "SUSE Bug 1028848 for CVE-2017-5030", url: "https://bugzilla.suse.com/1028848", }, { category: "external", summary: "SUSE Bug 1028875 for CVE-2017-5030", url: "https://bugzilla.suse.com/1028875", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 12 SP2:chromedriver-57.0.2987.98-8.1.x86_64", "SUSE Package Hub 12 SP2:chromium-57.0.2987.98-8.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Package Hub 12 SP2:chromedriver-57.0.2987.98-8.1.x86_64", "SUSE Package Hub 12 SP2:chromium-57.0.2987.98-8.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2017-03-17T20:07:47Z", details: "important", }, ], title: "CVE-2017-5030", }, { cve: "CVE-2017-5031", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-5031", }, ], notes: [ { category: "general", text: "A use after free in ANGLE in Google Chrome prior to 57.0.2987.98 for Windows allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 12 SP2:chromedriver-57.0.2987.98-8.1.x86_64", "SUSE Package Hub 12 SP2:chromium-57.0.2987.98-8.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-5031", url: "https://www.suse.com/security/cve/CVE-2017-5031", }, { category: "external", summary: "SUSE Bug 1028848 for CVE-2017-5031", url: "https://bugzilla.suse.com/1028848", }, { category: "external", summary: "SUSE Bug 1028875 for CVE-2017-5031", url: "https://bugzilla.suse.com/1028875", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 12 SP2:chromedriver-57.0.2987.98-8.1.x86_64", "SUSE Package Hub 12 SP2:chromium-57.0.2987.98-8.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "SUSE Package Hub 12 SP2:chromedriver-57.0.2987.98-8.1.x86_64", "SUSE Package Hub 12 SP2:chromium-57.0.2987.98-8.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2017-03-17T20:07:47Z", details: "important", }, ], title: "CVE-2017-5031", }, { cve: "CVE-2017-5032", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-5032", }, ], notes: [ { category: "general", text: "PDFium in Google Chrome prior to 57.0.2987.98 for Windows could be made to increment off the end of a buffer, which allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 12 SP2:chromedriver-57.0.2987.98-8.1.x86_64", "SUSE Package Hub 12 SP2:chromium-57.0.2987.98-8.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-5032", url: "https://www.suse.com/security/cve/CVE-2017-5032", }, { category: "external", summary: "SUSE Bug 1028848 for CVE-2017-5032", url: "https://bugzilla.suse.com/1028848", }, { category: "external", summary: "SUSE Bug 1028875 for CVE-2017-5032", url: "https://bugzilla.suse.com/1028875", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 12 SP2:chromedriver-57.0.2987.98-8.1.x86_64", "SUSE Package Hub 12 SP2:chromium-57.0.2987.98-8.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "SUSE Package Hub 12 SP2:chromedriver-57.0.2987.98-8.1.x86_64", "SUSE Package Hub 12 SP2:chromium-57.0.2987.98-8.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2017-03-17T20:07:47Z", details: "important", }, ], title: "CVE-2017-5032", }, { cve: "CVE-2017-5033", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-5033", }, ], notes: [ { category: "general", text: "Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android failed to correctly propagate CSP restrictions to local scheme pages, which allowed a remote attacker to bypass content security policy via a crafted HTML page, related to the unsafe-inline keyword.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 12 SP2:chromedriver-57.0.2987.98-8.1.x86_64", "SUSE Package Hub 12 SP2:chromium-57.0.2987.98-8.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-5033", url: "https://www.suse.com/security/cve/CVE-2017-5033", }, { category: "external", summary: "SUSE Bug 1028848 for CVE-2017-5033", url: "https://bugzilla.suse.com/1028848", }, { category: "external", summary: "SUSE Bug 1028875 for CVE-2017-5033", url: "https://bugzilla.suse.com/1028875", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 12 SP2:chromedriver-57.0.2987.98-8.1.x86_64", "SUSE Package Hub 12 SP2:chromium-57.0.2987.98-8.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "SUSE Package Hub 12 SP2:chromedriver-57.0.2987.98-8.1.x86_64", "SUSE Package Hub 12 SP2:chromium-57.0.2987.98-8.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2017-03-17T20:07:47Z", details: "moderate", }, ], title: "CVE-2017-5033", }, { cve: "CVE-2017-5034", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-5034", }, ], notes: [ { category: "general", text: "A use after free in PDFium in Google Chrome prior to 57.0.2987.98 for Linux and Windows allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 12 SP2:chromedriver-57.0.2987.98-8.1.x86_64", "SUSE Package Hub 12 SP2:chromium-57.0.2987.98-8.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-5034", url: "https://www.suse.com/security/cve/CVE-2017-5034", }, { category: "external", summary: "SUSE Bug 1028848 for CVE-2017-5034", url: "https://bugzilla.suse.com/1028848", }, { category: "external", summary: "SUSE Bug 1028875 for CVE-2017-5034", url: "https://bugzilla.suse.com/1028875", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 12 SP2:chromedriver-57.0.2987.98-8.1.x86_64", "SUSE Package Hub 12 SP2:chromium-57.0.2987.98-8.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "SUSE Package Hub 12 SP2:chromedriver-57.0.2987.98-8.1.x86_64", "SUSE Package Hub 12 SP2:chromium-57.0.2987.98-8.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2017-03-17T20:07:47Z", details: "important", }, ], title: "CVE-2017-5034", }, { cve: "CVE-2017-5035", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-5035", }, ], notes: [ { category: "general", text: "Google Chrome prior to 57.0.2987.98 for Windows and Mac had a race condition, which could cause Chrome to display incorrect certificate information for a site.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 12 SP2:chromedriver-57.0.2987.98-8.1.x86_64", "SUSE Package Hub 12 SP2:chromium-57.0.2987.98-8.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-5035", url: "https://www.suse.com/security/cve/CVE-2017-5035", }, { category: "external", summary: "SUSE Bug 1028848 for CVE-2017-5035", url: "https://bugzilla.suse.com/1028848", }, { category: "external", summary: "SUSE Bug 1028875 for CVE-2017-5035", url: "https://bugzilla.suse.com/1028875", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 12 SP2:chromedriver-57.0.2987.98-8.1.x86_64", "SUSE Package Hub 12 SP2:chromium-57.0.2987.98-8.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Package Hub 12 SP2:chromedriver-57.0.2987.98-8.1.x86_64", "SUSE Package Hub 12 SP2:chromium-57.0.2987.98-8.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2017-03-17T20:07:47Z", details: "important", }, ], title: "CVE-2017-5035", }, { cve: "CVE-2017-5036", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-5036", }, ], notes: [ { category: "general", text: "A use after free in PDFium in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to have an unspecified impact via a crafted PDF file.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 12 SP2:chromedriver-57.0.2987.98-8.1.x86_64", "SUSE Package Hub 12 SP2:chromium-57.0.2987.98-8.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-5036", url: "https://www.suse.com/security/cve/CVE-2017-5036", }, { category: "external", summary: "SUSE Bug 1028848 for CVE-2017-5036", url: "https://bugzilla.suse.com/1028848", }, { category: "external", summary: "SUSE Bug 1028875 for CVE-2017-5036", url: "https://bugzilla.suse.com/1028875", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 12 SP2:chromedriver-57.0.2987.98-8.1.x86_64", "SUSE Package Hub 12 SP2:chromium-57.0.2987.98-8.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Package Hub 12 SP2:chromedriver-57.0.2987.98-8.1.x86_64", "SUSE Package Hub 12 SP2:chromium-57.0.2987.98-8.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2017-03-17T20:07:47Z", details: "important", }, ], title: "CVE-2017-5036", }, { cve: "CVE-2017-5037", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-5037", }, ], notes: [ { category: "general", text: "An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a crafted video file, related to ChunkDemuxer.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 12 SP2:chromedriver-57.0.2987.98-8.1.x86_64", "SUSE Package Hub 12 SP2:chromium-57.0.2987.98-8.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-5037", url: "https://www.suse.com/security/cve/CVE-2017-5037", }, { category: "external", summary: "SUSE Bug 1028848 for CVE-2017-5037", url: "https://bugzilla.suse.com/1028848", }, { category: "external", summary: "SUSE Bug 1028875 for CVE-2017-5037", url: "https://bugzilla.suse.com/1028875", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 12 SP2:chromedriver-57.0.2987.98-8.1.x86_64", "SUSE Package Hub 12 SP2:chromium-57.0.2987.98-8.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Package Hub 12 SP2:chromedriver-57.0.2987.98-8.1.x86_64", "SUSE Package Hub 12 SP2:chromium-57.0.2987.98-8.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2017-03-17T20:07:47Z", details: "important", }, ], title: "CVE-2017-5037", }, { cve: "CVE-2017-5038", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-5038", }, ], notes: [ { category: "general", text: "Chrome Apps in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac had a use after free bug in GuestView, which allowed a remote attacker to perform an out of bounds memory read via a crafted Chrome extension.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 12 SP2:chromedriver-57.0.2987.98-8.1.x86_64", "SUSE Package Hub 12 SP2:chromium-57.0.2987.98-8.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-5038", url: "https://www.suse.com/security/cve/CVE-2017-5038", }, { category: "external", summary: "SUSE Bug 1028848 for CVE-2017-5038", url: "https://bugzilla.suse.com/1028848", }, { category: "external", summary: "SUSE Bug 1028875 for CVE-2017-5038", url: "https://bugzilla.suse.com/1028875", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 12 SP2:chromedriver-57.0.2987.98-8.1.x86_64", "SUSE Package Hub 12 SP2:chromium-57.0.2987.98-8.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "SUSE Package Hub 12 SP2:chromedriver-57.0.2987.98-8.1.x86_64", "SUSE Package Hub 12 SP2:chromium-57.0.2987.98-8.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2017-03-17T20:07:47Z", details: "important", }, ], title: "CVE-2017-5038", }, { cve: "CVE-2017-5039", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-5039", }, ], notes: [ { category: "general", text: "A use after free in PDFium in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 12 SP2:chromedriver-57.0.2987.98-8.1.x86_64", "SUSE Package Hub 12 SP2:chromium-57.0.2987.98-8.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-5039", url: "https://www.suse.com/security/cve/CVE-2017-5039", }, { category: "external", summary: "SUSE Bug 1028848 for CVE-2017-5039", url: "https://bugzilla.suse.com/1028848", }, { category: "external", summary: "SUSE Bug 1028875 for CVE-2017-5039", url: "https://bugzilla.suse.com/1028875", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 12 SP2:chromedriver-57.0.2987.98-8.1.x86_64", "SUSE Package Hub 12 SP2:chromium-57.0.2987.98-8.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Package Hub 12 SP2:chromedriver-57.0.2987.98-8.1.x86_64", "SUSE Package Hub 12 SP2:chromium-57.0.2987.98-8.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2017-03-17T20:07:47Z", details: "important", }, ], title: "CVE-2017-5039", }, { cve: "CVE-2017-5040", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-5040", }, ], notes: [ { category: "general", text: "V8 in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android was missing a neutering check, which allowed a remote attacker to read values in memory via a crafted HTML page.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 12 SP2:chromedriver-57.0.2987.98-8.1.x86_64", "SUSE Package Hub 12 SP2:chromium-57.0.2987.98-8.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-5040", url: "https://www.suse.com/security/cve/CVE-2017-5040", }, { category: "external", summary: "SUSE Bug 1028848 for CVE-2017-5040", url: "https://bugzilla.suse.com/1028848", }, { category: "external", summary: "SUSE Bug 1028875 for CVE-2017-5040", url: "https://bugzilla.suse.com/1028875", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 12 SP2:chromedriver-57.0.2987.98-8.1.x86_64", "SUSE Package Hub 12 SP2:chromium-57.0.2987.98-8.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "SUSE Package Hub 12 SP2:chromedriver-57.0.2987.98-8.1.x86_64", "SUSE Package Hub 12 SP2:chromium-57.0.2987.98-8.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2017-03-17T20:07:47Z", details: "moderate", }, ], title: "CVE-2017-5040", }, { cve: "CVE-2017-5041", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-5041", }, ], notes: [ { category: "general", text: "Google Chrome prior to 57.0.2987.100 incorrectly handled back-forward navigation, which allowed a remote attacker to display incorrect information for a site via a crafted HTML page.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 12 SP2:chromedriver-57.0.2987.98-8.1.x86_64", "SUSE Package Hub 12 SP2:chromium-57.0.2987.98-8.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-5041", url: "https://www.suse.com/security/cve/CVE-2017-5041", }, { category: "external", summary: "SUSE Bug 1028848 for CVE-2017-5041", url: "https://bugzilla.suse.com/1028848", }, { category: "external", summary: "SUSE Bug 1028875 for CVE-2017-5041", url: "https://bugzilla.suse.com/1028875", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 12 SP2:chromedriver-57.0.2987.98-8.1.x86_64", "SUSE Package Hub 12 SP2:chromium-57.0.2987.98-8.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", version: "3.0", }, products: [ "SUSE Package Hub 12 SP2:chromedriver-57.0.2987.98-8.1.x86_64", "SUSE Package Hub 12 SP2:chromium-57.0.2987.98-8.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2017-03-17T20:07:47Z", details: "moderate", }, ], title: "CVE-2017-5041", }, { cve: "CVE-2017-5042", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-5042", }, ], notes: [ { category: "general", text: "Cast in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android sent cookies to sites discovered via SSDP, which allowed an attacker on the local network segment to initiate connections to arbitrary URLs and observe any plaintext cookies sent.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 12 SP2:chromedriver-57.0.2987.98-8.1.x86_64", "SUSE Package Hub 12 SP2:chromium-57.0.2987.98-8.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-5042", url: "https://www.suse.com/security/cve/CVE-2017-5042", }, { category: "external", summary: "SUSE Bug 1028848 for CVE-2017-5042", url: "https://bugzilla.suse.com/1028848", }, { category: "external", summary: "SUSE Bug 1028875 for CVE-2017-5042", url: "https://bugzilla.suse.com/1028875", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 12 SP2:chromedriver-57.0.2987.98-8.1.x86_64", "SUSE Package Hub 12 SP2:chromium-57.0.2987.98-8.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.7, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "SUSE Package Hub 12 SP2:chromedriver-57.0.2987.98-8.1.x86_64", "SUSE Package Hub 12 SP2:chromium-57.0.2987.98-8.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2017-03-17T20:07:47Z", details: "moderate", }, ], title: "CVE-2017-5042", }, { cve: "CVE-2017-5043", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-5043", }, ], notes: [ { category: "general", text: "Chrome Apps in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac had a use after free bug in GuestView, which allowed a remote attacker to perform an out of bounds memory read via a crafted Chrome extension.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 12 SP2:chromedriver-57.0.2987.98-8.1.x86_64", "SUSE Package Hub 12 SP2:chromium-57.0.2987.98-8.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-5043", url: "https://www.suse.com/security/cve/CVE-2017-5043", }, { category: "external", summary: "SUSE Bug 1028848 for CVE-2017-5043", url: "https://bugzilla.suse.com/1028848", }, { category: "external", summary: "SUSE Bug 1028875 for CVE-2017-5043", url: "https://bugzilla.suse.com/1028875", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 12 SP2:chromedriver-57.0.2987.98-8.1.x86_64", "SUSE Package Hub 12 SP2:chromium-57.0.2987.98-8.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Package Hub 12 SP2:chromedriver-57.0.2987.98-8.1.x86_64", "SUSE Package Hub 12 SP2:chromium-57.0.2987.98-8.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2017-03-17T20:07:47Z", details: "important", }, ], title: "CVE-2017-5043", }, { cve: "CVE-2017-5044", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-5044", }, ], notes: [ { category: "general", text: "Heap buffer overflow in filter processing in Skia in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 12 SP2:chromedriver-57.0.2987.98-8.1.x86_64", "SUSE Package Hub 12 SP2:chromium-57.0.2987.98-8.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-5044", url: "https://www.suse.com/security/cve/CVE-2017-5044", }, { category: "external", summary: "SUSE Bug 1028848 for CVE-2017-5044", url: "https://bugzilla.suse.com/1028848", }, { category: "external", summary: "SUSE Bug 1028875 for CVE-2017-5044", url: "https://bugzilla.suse.com/1028875", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 12 SP2:chromedriver-57.0.2987.98-8.1.x86_64", "SUSE Package Hub 12 SP2:chromium-57.0.2987.98-8.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "SUSE Package Hub 12 SP2:chromedriver-57.0.2987.98-8.1.x86_64", "SUSE Package Hub 12 SP2:chromium-57.0.2987.98-8.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2017-03-17T20:07:47Z", details: "important", }, ], title: "CVE-2017-5044", }, { cve: "CVE-2017-5045", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-5045", }, ], notes: [ { category: "general", text: "XSS Auditor in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed detection of a blocked iframe load, which allowed a remote attacker to brute force JavaScript variables via a crafted HTML page.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 12 SP2:chromedriver-57.0.2987.98-8.1.x86_64", "SUSE Package Hub 12 SP2:chromium-57.0.2987.98-8.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-5045", url: "https://www.suse.com/security/cve/CVE-2017-5045", }, { category: "external", summary: "SUSE Bug 1028848 for CVE-2017-5045", url: "https://bugzilla.suse.com/1028848", }, { category: "external", summary: "SUSE Bug 1028875 for CVE-2017-5045", url: "https://bugzilla.suse.com/1028875", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 12 SP2:chromedriver-57.0.2987.98-8.1.x86_64", "SUSE Package Hub 12 SP2:chromium-57.0.2987.98-8.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.1, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "SUSE Package Hub 12 SP2:chromedriver-57.0.2987.98-8.1.x86_64", "SUSE Package Hub 12 SP2:chromium-57.0.2987.98-8.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2017-03-17T20:07:47Z", details: "moderate", }, ], title: "CVE-2017-5045", }, { cve: "CVE-2017-5046", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-5046", }, ], notes: [ { category: "general", text: "V8 in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android had insufficient policy enforcement, which allowed a remote attacker to spoof the location object via a crafted HTML page, related to Blink information disclosure.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 12 SP2:chromedriver-57.0.2987.98-8.1.x86_64", "SUSE Package Hub 12 SP2:chromium-57.0.2987.98-8.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-5046", url: "https://www.suse.com/security/cve/CVE-2017-5046", }, { category: "external", summary: "SUSE Bug 1028848 for CVE-2017-5046", url: "https://bugzilla.suse.com/1028848", }, { category: "external", summary: "SUSE Bug 1028875 for CVE-2017-5046", url: "https://bugzilla.suse.com/1028875", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 12 SP2:chromedriver-57.0.2987.98-8.1.x86_64", "SUSE Package Hub 12 SP2:chromium-57.0.2987.98-8.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "SUSE Package Hub 12 SP2:chromedriver-57.0.2987.98-8.1.x86_64", "SUSE Package Hub 12 SP2:chromium-57.0.2987.98-8.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2017-03-17T20:07:47Z", details: "moderate", }, ], title: "CVE-2017-5046", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.