Bug 967376 (CVE-2016-1629) - VUL-0: CVE-2016-1629: chromium: same-origin bypass in Blink and Sandbox escape in Chrome
Summary: VUL-0: CVE-2016-1629: chromium: same-origin bypass in Blink and Sandbox escap...
Status: RESOLVED FIXED
Alias: CVE-2016-1629
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other openSUSE 42.1
: P5 - None : Critical
Target Milestone: ---
Assignee: Forgotten User sM9JzehKpy
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/162056/
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-02-19 10:35 UTC by Andreas Stieger
Modified: 2016-06-30 14:17 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Stieger 2016-02-19 10:35:18 UTC 
http://googlechromereleases.blogspot.de/2016/02/stable-channel-update_18.html

Fixed in 48.0.2564.116:
Critical CVE-2016-1629: Same-origin bypass in Blink and Sandbox escape in Chrome. 

Already building in network:chromium/chromium as I can see.

References:
http://googlechromereleases.blogspot.de/2016/02/stable-channel-update_18.html
https://bugzilla.redhat.com/show_bug.cgi?id=1309988
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1629
Comment 1 Andreas Stieger 2016-02-19 12:04:23 UTC 
Stole the package and put a build into openSUSE:Maintenance:4719 to get a head start.
Comment 2 Swamp Workflow Management 2016-02-20 12:11:51 UTC 
openSUSE-SU-2016:0520-1: An update that fixes one vulnerability is now available.

Category: security (critical)
Bug References: 967376
CVE References: CVE-2016-1629
Sources used:
SUSE Package Hub for SUSE Linux Enterprise 12 (src):    chromium-48.0.2564.116-52.1
Comment 3 Swamp Workflow Management 2016-02-20 12:13:23 UTC 
openSUSE-SU-2016:0525-1: An update that fixes one vulnerability is now available.

Category: security (critical)
Bug References: 967376
CVE References: CVE-2016-1629
Sources used:
openSUSE Leap 42.1 (src):    chromium-48.0.2564.116-24.1
openSUSE 13.2 (src):    chromium-48.0.2564.116-78.1
Comment 4 Andreas Stieger 2016-02-24 12:09:16 UTC 
All done