openSUSE-SU-2017:2482-1: important: Security update for chromium

openSUSE Security Update: Security update for chromium

Announcement ID: openSUSE-SU-2017:2482-1
Rating: important
References: #1057364
Cross-References: CVE-2017-5111 CVE-2017-5112 CVE-2017-5113
CVE-2017-5114 CVE-2017-5115 CVE-2017-5116
CVE-2017-5117 CVE-2017-5118 CVE-2017-5119
Affected Products:
SUSE Package Hub for SUSE Linux Enterprise 12

An update that fixes 10 vulnerabilities is now available.


This update for chromium to version 61.0.3163.79 fixes several issues.

These security issues were fixed:

– CVE-2017-5111: Use after free in PDFium (boo#1057364).
– CVE-2017-5112: Heap buffer overflow in WebGL (boo#1057364).
– CVE-2017-5113: Heap buffer overflow in Skia (boo#1057364).
– CVE-2017-5114: Memory lifecycle issue in PDFium (boo#1057364).
– CVE-2017-5115: Type confusion in V8 (boo#1057364).
– CVE-2017-5116: Type confusion in V8 (boo#1057364).
– CVE-2017-5117: Use of uninitialized value in Skia (boo#1057364).
– CVE-2017-5118: Bypass of Content Security Policy in Blink (boo#1057364).
– CVE-2017-5119: Use of uninitialized value in Skia (boo#1057364).
– CVE-2017-5120: Potential HTTPS downgrade during redirect navigation

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– SUSE Package Hub for SUSE Linux Enterprise 12:

zypper in -t patch openSUSE-2017-1047=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– SUSE Package Hub for SUSE Linux Enterprise 12 (x86_64):



To unsubscribe, e-mail:
For additional commands, e-mail: