979859 – (CVE-2016-1667) VUL-0: CVE-2016-1667, CVE-2016-1668, CVE-2016-1669, CVE-2016-1670, CVE-2016-1671: chromium: multiple vulnerabilities fixed in 50.0.2661.102

Bug 979859 (CVE-2016-1667) - VUL-0: CVE-2016-1667, CVE-2016-1668, CVE-2016-1669, CVE-2016-1670, CVE-2016-1671: chromium: multiple vulnerabilities fixed in 50.0.2661.102

Summary: VUL-0: CVE-2016-1667, CVE-2016-1668, CVE-2016-1669, CVE-2016-1670, CVE-2016-1...

Status:	RESOLVED FIXED

Alias:	CVE-2016-1667

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other openSUSE 42.1

Priority:	P3 - Medium Severity: Major
Target Milestone:	---
Assignee:	Forgotten User sM9JzehKpy
QA Contact:	Security Team bot

URL:	http://googlechromereleases.blogspot....
Whiteboard:	CVSSv2:SUSE:CVE-2014-8183:6.5:(AV:N/A...
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2016-05-13 08:54 UTC by Andreas Stieger
Modified:	2022-02-13 10:47 UTC (History)
CC List:	2 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Andreas Stieger 2016-05-13 08:54:43 UTC

http://googlechromereleases.blogspot.de/2016/05/stable-channel-update.html

High CVE-2016-1667: Same origin bypass in DOM. Credit to Mariusz Mlynski.
High CVE-2016-1668: Same origin bypass in Blink V8 bindings. Credit to Mariusz Mlynski.
High CVE-2016-1669: Buffer overflow in V8. Credit to Choongwoo Han.
Medium CVE-2016-1670: Race condition in loader. Credit to anonymous.
Medium CVE-2016-1671: Directory traversal using the file scheme on Android. Credit to Jann Horn.

https://crbug.com/605766
https://crbug.com/605910 
https://crbug.com/606115 
https://crbug.com/578882
https://crbug.com/586657

Comment 1 Swamp Workflow Management 2016-05-13 22:00:39 UTC

bugbot adjusting priority

Comment 2 Andreas Stieger 2016-05-15 16:42:38 UTC

Ping... submission https://build.opensuse.org/request/show/395140

Comment 3 Swamp Workflow Management 2016-05-16 11:08:02 UTC

openSUSE-SU-2016:1304-1: An update that fixes four vulnerabilities is now available.

Category: security (important)
Bug References: 979859
CVE References: CVE-2016-1667,CVE-2016-1668,CVE-2016-1669,CVE-2016-1670
Sources used:
openSUSE Leap 42.1 (src):    chromium-50.0.2661.102-48.1
openSUSE 13.2 (src):    chromium-50.0.2661.102-100.1

Comment 4 Swamp Workflow Management 2016-05-17 19:07:52 UTC

openSUSE-SU-2016:1319-1: An update that fixes four vulnerabilities is now available.

Category: security (important)
Bug References: 979859
CVE References: CVE-2016-1667,CVE-2016-1668,CVE-2016-1669,CVE-2016-1670
Sources used:
SUSE Package Hub for SUSE Linux Enterprise 12 (src):    chromium-50.0.2661.102-75.1

Comment 5 Andreas Stieger 2016-05-26 17:19:35 UTC

released

Comment 6 Swamp Workflow Management 2016-06-22 13:16:37 UTC

openSUSE-SU-2016:1655-1: An update that fixes 12 vulnerabilities is now available.

Category: security (important)
Bug References: 977830,979859,985397
CVE References: CVE-2016-1660,CVE-2016-1661,CVE-2016-1662,CVE-2016-1663,CVE-2016-1664,CVE-2016-1665,CVE-2016-1666,CVE-2016-1667,CVE-2016-1668,CVE-2016-1669,CVE-2016-1670,CVE-2016-1704
Sources used:
openSUSE 13.1 (src):    chromium-51.0.2704.103-147.1