Security update for chromium SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2017:1993-1 Final 1 1 2017-07-28T12:59:09Z current 2017-07-28T12:59:09Z 2017-07-28T12:59:09Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for chromium This update Chromium to version 60.0.3112.78 fixes security issue and bugs. The following security issues were fixed: * CVE-2017-5091: Use after free in IndexedDB * CVE-2017-5092: Use after free in PPAPI * CVE-2017-5093: UI spoofing in Blink * CVE-2017-5094: Type confusion in extensions * CVE-2017-5095: Out-of-bounds write in PDFium * CVE-2017-5096: User information leak via Android intents * CVE-2017-5097: Out-of-bounds read in Skia * CVE-2017-5098: Use after free in V8 * CVE-2017-5099: Out-of-bounds write in PPAPI * CVE-2017-5100: Use after free in Chrome Apps * CVE-2017-5101: URL spoofing in OmniBox * CVE-2017-5102: Uninitialized use in Skia * CVE-2017-5103: Uninitialized use in Skia * CVE-2017-5104: UI spoofing in browser * CVE-2017-7000: Pointer disclosure in SQLite * CVE-2017-5105: URL spoofing in OmniBox * CVE-2017-5106: URL spoofing in OmniBox * CVE-2017-5107: User information leak via SVG * CVE-2017-5108: Type confusion in PDFium * CVE-2017-5109: UI spoofing in browser * CVE-2017-5110: UI spoofing in payments dialog * Various fixes from internal audits, fuzzing and other initiatives A number of upstream bugfixes are also included in this release. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2017-854 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/VS65OFX6RNZL3MZCZD4LJ6Z5J45F6UIK/#VS65OFX6RNZL3MZCZD4LJ6Z5J45F6UIK E-Mail link for openSUSE-SU-2017:1993-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1050537 SUSE Bug 1050537 https://www.suse.com/security/cve/CVE-2017-5091/ SUSE CVE CVE-2017-5091 page https://www.suse.com/security/cve/CVE-2017-5092/ SUSE CVE CVE-2017-5092 page https://www.suse.com/security/cve/CVE-2017-5093/ SUSE CVE CVE-2017-5093 page https://www.suse.com/security/cve/CVE-2017-5094/ SUSE CVE CVE-2017-5094 page https://www.suse.com/security/cve/CVE-2017-5095/ SUSE CVE CVE-2017-5095 page https://www.suse.com/security/cve/CVE-2017-5096/ SUSE CVE CVE-2017-5096 page https://www.suse.com/security/cve/CVE-2017-5097/ SUSE CVE CVE-2017-5097 page https://www.suse.com/security/cve/CVE-2017-5098/ SUSE CVE CVE-2017-5098 page https://www.suse.com/security/cve/CVE-2017-5099/ SUSE CVE CVE-2017-5099 page https://www.suse.com/security/cve/CVE-2017-5100/ SUSE CVE CVE-2017-5100 page https://www.suse.com/security/cve/CVE-2017-5101/ SUSE CVE CVE-2017-5101 page https://www.suse.com/security/cve/CVE-2017-5102/ SUSE CVE CVE-2017-5102 page https://www.suse.com/security/cve/CVE-2017-5103/ SUSE CVE CVE-2017-5103 page https://www.suse.com/security/cve/CVE-2017-5104/ SUSE CVE CVE-2017-5104 page https://www.suse.com/security/cve/CVE-2017-5105/ SUSE CVE CVE-2017-5105 page https://www.suse.com/security/cve/CVE-2017-5106/ SUSE CVE CVE-2017-5106 page https://www.suse.com/security/cve/CVE-2017-5107/ SUSE CVE CVE-2017-5107 page https://www.suse.com/security/cve/CVE-2017-5108/ SUSE CVE CVE-2017-5108 page https://www.suse.com/security/cve/CVE-2017-5109/ SUSE CVE CVE-2017-5109 page https://www.suse.com/security/cve/CVE-2017-5110/ SUSE CVE CVE-2017-5110 page https://www.suse.com/security/cve/CVE-2017-7000/ SUSE CVE CVE-2017-7000 page SUSE Package Hub 12 SP2 chromedriver-60.0.3112.78-26.1 chromium-60.0.3112.78-26.1 chromedriver-60.0.3112.78-26.1 as a component of SUSE Package Hub 12 SP2 chromium-60.0.3112.78-26.1 as a component of SUSE Package Hub 12 SP2 A use after free in IndexedDB in Google Chrome prior to 60.0.3112.78 for Linux, Android, Windows, and Mac allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. CVE-2017-5091 SUSE Package Hub 12 SP2:chromedriver-60.0.3112.78-26.1 SUSE Package Hub 12 SP2:chromium-60.0.3112.78-26.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/VS65OFX6RNZL3MZCZD4LJ6Z5J45F6UIK/#VS65OFX6RNZL3MZCZD4LJ6Z5J45F6UIK https://www.suse.com/security/cve/CVE-2017-5091.html CVE-2017-5091 https://bugzilla.suse.com/1050537 SUSE Bug 1050537 Insufficient validation of untrusted input in PPAPI Plugins in Google Chrome prior to 60.0.3112.78 for Windows allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. CVE-2017-5092 SUSE Package Hub 12 SP2:chromedriver-60.0.3112.78-26.1 SUSE Package Hub 12 SP2:chromium-60.0.3112.78-26.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/VS65OFX6RNZL3MZCZD4LJ6Z5J45F6UIK/#VS65OFX6RNZL3MZCZD4LJ6Z5J45F6UIK https://www.suse.com/security/cve/CVE-2017-5092.html CVE-2017-5092 https://bugzilla.suse.com/1050537 SUSE Bug 1050537 Inappropriate implementation in modal dialog handling in Blink in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to prevent a full screen warning from being displayed via a crafted HTML page. CVE-2017-5093 SUSE Package Hub 12 SP2:chromedriver-60.0.3112.78-26.1 SUSE Package Hub 12 SP2:chromium-60.0.3112.78-26.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/VS65OFX6RNZL3MZCZD4LJ6Z5J45F6UIK/#VS65OFX6RNZL3MZCZD4LJ6Z5J45F6UIK https://www.suse.com/security/cve/CVE-2017-5093.html CVE-2017-5093 https://bugzilla.suse.com/1050537 SUSE Bug 1050537 Type confusion in extensions JavaScript bindings in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to potentially maliciously modify objects via a crafted HTML page. CVE-2017-5094 SUSE Package Hub 12 SP2:chromedriver-60.0.3112.78-26.1 SUSE Package Hub 12 SP2:chromium-60.0.3112.78-26.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/VS65OFX6RNZL3MZCZD4LJ6Z5J45F6UIK/#VS65OFX6RNZL3MZCZD4LJ6Z5J45F6UIK https://www.suse.com/security/cve/CVE-2017-5094.html CVE-2017-5094 https://bugzilla.suse.com/1050537 SUSE Bug 1050537 Stack overflow in PDFium in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to potentially exploit stack corruption via a crafted PDF file. CVE-2017-5095 SUSE Package Hub 12 SP2:chromedriver-60.0.3112.78-26.1 SUSE Package Hub 12 SP2:chromium-60.0.3112.78-26.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/VS65OFX6RNZL3MZCZD4LJ6Z5J45F6UIK/#VS65OFX6RNZL3MZCZD4LJ6Z5J45F6UIK https://www.suse.com/security/cve/CVE-2017-5095.html CVE-2017-5095 https://bugzilla.suse.com/1050537 SUSE Bug 1050537 Insufficient policy enforcement during navigation between different schemes in Google Chrome prior to 60.0.3112.78 for Android allowed a remote attacker to perform cross origin content download via a crafted HTML page, related to intents. CVE-2017-5096 SUSE Package Hub 12 SP2:chromedriver-60.0.3112.78-26.1 SUSE Package Hub 12 SP2:chromium-60.0.3112.78-26.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/VS65OFX6RNZL3MZCZD4LJ6Z5J45F6UIK/#VS65OFX6RNZL3MZCZD4LJ6Z5J45F6UIK https://www.suse.com/security/cve/CVE-2017-5096.html CVE-2017-5096 https://bugzilla.suse.com/1050537 SUSE Bug 1050537 Insufficient validation of untrusted input in Skia in Google Chrome prior to 60.0.3112.78 for Linux allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. CVE-2017-5097 SUSE Package Hub 12 SP2:chromedriver-60.0.3112.78-26.1 SUSE Package Hub 12 SP2:chromium-60.0.3112.78-26.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/VS65OFX6RNZL3MZCZD4LJ6Z5J45F6UIK/#VS65OFX6RNZL3MZCZD4LJ6Z5J45F6UIK https://www.suse.com/security/cve/CVE-2017-5097.html CVE-2017-5097 https://bugzilla.suse.com/1050537 SUSE Bug 1050537 A use after free in V8 in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. CVE-2017-5098 SUSE Package Hub 12 SP2:chromedriver-60.0.3112.78-26.1 SUSE Package Hub 12 SP2:chromium-60.0.3112.78-26.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/VS65OFX6RNZL3MZCZD4LJ6Z5J45F6UIK/#VS65OFX6RNZL3MZCZD4LJ6Z5J45F6UIK https://www.suse.com/security/cve/CVE-2017-5098.html CVE-2017-5098 https://bugzilla.suse.com/1050537 SUSE Bug 1050537 Insufficient validation of untrusted input in PPAPI Plugins in Google Chrome prior to 60.0.3112.78 for Mac allowed a remote attacker to potentially gain privilege elevation via a crafted HTML page. CVE-2017-5099 SUSE Package Hub 12 SP2:chromedriver-60.0.3112.78-26.1 SUSE Package Hub 12 SP2:chromium-60.0.3112.78-26.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/VS65OFX6RNZL3MZCZD4LJ6Z5J45F6UIK/#VS65OFX6RNZL3MZCZD4LJ6Z5J45F6UIK https://www.suse.com/security/cve/CVE-2017-5099.html CVE-2017-5099 https://bugzilla.suse.com/1050537 SUSE Bug 1050537 A use after free in Apps in Google Chrome prior to 60.0.3112.78 for Windows allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. CVE-2017-5100 SUSE Package Hub 12 SP2:chromedriver-60.0.3112.78-26.1 SUSE Package Hub 12 SP2:chromium-60.0.3112.78-26.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/VS65OFX6RNZL3MZCZD4LJ6Z5J45F6UIK/#VS65OFX6RNZL3MZCZD4LJ6Z5J45F6UIK https://www.suse.com/security/cve/CVE-2017-5100.html CVE-2017-5100 https://bugzilla.suse.com/1050537 SUSE Bug 1050537 Inappropriate implementation in Omnibox in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to spoof the contents of the Omnibox via a crafted HTML page. CVE-2017-5101 SUSE Package Hub 12 SP2:chromedriver-60.0.3112.78-26.1 SUSE Package Hub 12 SP2:chromium-60.0.3112.78-26.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/VS65OFX6RNZL3MZCZD4LJ6Z5J45F6UIK/#VS65OFX6RNZL3MZCZD4LJ6Z5J45F6UIK https://www.suse.com/security/cve/CVE-2017-5101.html CVE-2017-5101 https://bugzilla.suse.com/1050537 SUSE Bug 1050537 Use of an uninitialized value in Skia in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. CVE-2017-5102 SUSE Package Hub 12 SP2:chromedriver-60.0.3112.78-26.1 SUSE Package Hub 12 SP2:chromium-60.0.3112.78-26.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/VS65OFX6RNZL3MZCZD4LJ6Z5J45F6UIK/#VS65OFX6RNZL3MZCZD4LJ6Z5J45F6UIK https://www.suse.com/security/cve/CVE-2017-5102.html CVE-2017-5102 https://bugzilla.suse.com/1050537 SUSE Bug 1050537 Use of an uninitialized value in Skia in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. CVE-2017-5103 SUSE Package Hub 12 SP2:chromedriver-60.0.3112.78-26.1 SUSE Package Hub 12 SP2:chromium-60.0.3112.78-26.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/VS65OFX6RNZL3MZCZD4LJ6Z5J45F6UIK/#VS65OFX6RNZL3MZCZD4LJ6Z5J45F6UIK https://www.suse.com/security/cve/CVE-2017-5103.html CVE-2017-5103 https://bugzilla.suse.com/1050537 SUSE Bug 1050537 Inappropriate implementation in interstitials in Google Chrome prior to 60.0.3112.78 for Mac allowed a remote attacker to spoof the contents of the omnibox via a crafted HTML page. CVE-2017-5104 SUSE Package Hub 12 SP2:chromedriver-60.0.3112.78-26.1 SUSE Package Hub 12 SP2:chromium-60.0.3112.78-26.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/VS65OFX6RNZL3MZCZD4LJ6Z5J45F6UIK/#VS65OFX6RNZL3MZCZD4LJ6Z5J45F6UIK https://www.suse.com/security/cve/CVE-2017-5104.html CVE-2017-5104 https://bugzilla.suse.com/1050537 SUSE Bug 1050537 Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name. CVE-2017-5105 SUSE Package Hub 12 SP2:chromedriver-60.0.3112.78-26.1 SUSE Package Hub 12 SP2:chromium-60.0.3112.78-26.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/VS65OFX6RNZL3MZCZD4LJ6Z5J45F6UIK/#VS65OFX6RNZL3MZCZD4LJ6Z5J45F6UIK https://www.suse.com/security/cve/CVE-2017-5105.html CVE-2017-5105 https://bugzilla.suse.com/1050537 SUSE Bug 1050537 Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name. CVE-2017-5106 SUSE Package Hub 12 SP2:chromedriver-60.0.3112.78-26.1 SUSE Package Hub 12 SP2:chromium-60.0.3112.78-26.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/VS65OFX6RNZL3MZCZD4LJ6Z5J45F6UIK/#VS65OFX6RNZL3MZCZD4LJ6Z5J45F6UIK https://www.suse.com/security/cve/CVE-2017-5106.html CVE-2017-5106 https://bugzilla.suse.com/1050537 SUSE Bug 1050537 A timing attack in SVG rendering in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to extract pixel values from a cross-origin page being iframe'd via a crafted HTML page. CVE-2017-5107 SUSE Package Hub 12 SP2:chromedriver-60.0.3112.78-26.1 SUSE Package Hub 12 SP2:chromium-60.0.3112.78-26.1 important 2.6 AV:N/AC:H/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/VS65OFX6RNZL3MZCZD4LJ6Z5J45F6UIK/#VS65OFX6RNZL3MZCZD4LJ6Z5J45F6UIK https://www.suse.com/security/cve/CVE-2017-5107.html CVE-2017-5107 https://bugzilla.suse.com/1050537 SUSE Bug 1050537 Type confusion in PDFium in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to potentially maliciously modify objects via a crafted PDF file. CVE-2017-5108 SUSE Package Hub 12 SP2:chromedriver-60.0.3112.78-26.1 SUSE Package Hub 12 SP2:chromium-60.0.3112.78-26.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/VS65OFX6RNZL3MZCZD4LJ6Z5J45F6UIK/#VS65OFX6RNZL3MZCZD4LJ6Z5J45F6UIK https://www.suse.com/security/cve/CVE-2017-5108.html CVE-2017-5108 https://bugzilla.suse.com/1050537 SUSE Bug 1050537 Inappropriate implementation of unload handler handling in permission prompts in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to display UI on a non attacker controlled tab via a crafted HTML page. CVE-2017-5109 SUSE Package Hub 12 SP2:chromedriver-60.0.3112.78-26.1 SUSE Package Hub 12 SP2:chromium-60.0.3112.78-26.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/VS65OFX6RNZL3MZCZD4LJ6Z5J45F6UIK/#VS65OFX6RNZL3MZCZD4LJ6Z5J45F6UIK https://www.suse.com/security/cve/CVE-2017-5109.html CVE-2017-5109 https://bugzilla.suse.com/1050537 SUSE Bug 1050537 Inappropriate implementation of the web payments API on blob: and data: schemes in Web Payments in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to spoof the contents of the Omnibox via a crafted HTML page. CVE-2017-5110 SUSE Package Hub 12 SP2:chromedriver-60.0.3112.78-26.1 SUSE Package Hub 12 SP2:chromium-60.0.3112.78-26.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/VS65OFX6RNZL3MZCZD4LJ6Z5J45F6UIK/#VS65OFX6RNZL3MZCZD4LJ6Z5J45F6UIK https://www.suse.com/security/cve/CVE-2017-5110.html CVE-2017-5110 https://bugzilla.suse.com/1050537 SUSE Bug 1050537 An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. CVE-2017-7000 SUSE Package Hub 12 SP2:chromedriver-60.0.3112.78-26.1 SUSE Package Hub 12 SP2:chromium-60.0.3112.78-26.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/VS65OFX6RNZL3MZCZD4LJ6Z5J45F6UIK/#VS65OFX6RNZL3MZCZD4LJ6Z5J45F6UIK https://www.suse.com/security/cve/CVE-2017-7000.html CVE-2017-7000 https://bugzilla.suse.com/1050537 SUSE Bug 1050537