Upstream has released version 53.0.2785.89 on August 31: http://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html This fixes several new security issues. This is the current version in the stable channel: http://googlechromereleases.blogspot.com/search/label/Stable%20updates
URL: (none) => http://lwn.net/Vulnerabilities/699161/
The Linux release has been re-issued as 53.0.2785.92.
Summary: chromium-browser-stable new security issues fixed in 53.0.2785.89 => chromium-browser-stable new security issues fixed in 53.0.2785.92
Upstream has released version 53.0.2785.101 on September 7: https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop.html This is a bugfix release.
I do not have a working build of chromium 53. When it was marked unstable the build mysteriously failed due to a dependency problem, so I decided to switch from gyp to gn as ninja-file generator. When chromium was finally built that way it turned out eu-strip - used by rpm to create the debug package - crashes on the 4GiB chrome binary, so I had to disable the debug package feature. The resulting chromium (up to 53.0.2785.92 at least) starts and works, but the renderer hangs on https://www.theguardian.com/uk and other pages from the site. Chromium will then ask to kill the hung process or to wait. Building chromium with clang didn't help this time. I'll build a 101 package but if that doesn't work the only thing I can think of is to ignore all the gn stuff and just update the source bundle in the current chromium-browser-stable package.
Packages are available for testing: MGA5 SRPM: chromium-browser-stable-53.0.2785.101-1.mga5.src.rpm RPMS: chromium-browser-stable-53.0.2785.101-1.mga5.i586.rpm chromium-browser-53.0.2785.101-1.mga5.i586.rpm chromium-browser-stable-53.0.2785.101-1.mga5.x86_64.rpm chromium-browser-53.0.2785.101-1.mga5.x86_64.rpm Advisory: Chromium-browser-stable 53.0.2785.101 fixes security issues: Blink, as used in Chromium before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, mishandles deferred page loads, which allows remote attackers to inject arbitrary web script or HTML via a crafted web site, aka "Universal XSS (UXSS)." (CVE-2016-5147) Cross-site scripting (XSS) vulnerability in Blink, as used in Chromium before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to inject arbitrary web script or HTML via vectors related to widget updates, aka "Universal XSS (UXSS)." (CVE-2016-5148) The extensions subsystem in Chromium before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux relies on an IFRAME source URL to identify an associated extension, which allows remote attackers to conduct extension-bindings injection attacks by leveraging script access to a resource that initially has the about:blank URL. (CVE-2016-5149) WebKit/Source/bindings/modules/v8/V8BindingForModules.cpp in Blink, as used in Chromium before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, has an Indexed Database (aka IndexedDB) API implementation that does not properly restrict key-path evaluation, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted JavaScript code that leverages certain side effects. (CVE-2016-5150) PDFium in Chromium before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux mishandles timers, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted PDF document, related to fpdfsdk/javascript/JS_Object.cpp and fpdfsdk/javascript/app.cpp. (CVE-2016-5151) Integer overflow in the opj_tcd_get_decoded_tile_size function in tcd.c in OpenJPEG, as used in PDFium in Chromium before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG 2000 data. (CVE-2016-5152) The Web Animations implementation in Blink, as used in Chromium before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, improperly relies on list iteration, which allows remote attackers to cause a denial of service (use-after-destruction) or possibly have unspecified other impact via a crafted web site. (CVE-2016-5153) Multiple heap-based buffer overflows in PDFium, as used in Chromium before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted JBig2 image. (CVE-2016-5154) Chromium before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly validate access to the initial document, which allows remote attackers to spoof the address bar via a crafted web site. (CVE-2016-5155) extensions/renderer/event_bindings.cc in the event bindings in Chromium before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux attempts to process filtered events after failure to add an event matcher, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via unknown vectors. (CVE-2016-5156) Heap-based buffer overflow in the opj_dwt_interleave_v function in dwt.c in OpenJPEG, as used in PDFium in Chromium before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to execute arbitrary code via crafted coordinate values in JPEG 2000 data. (CVE-2016-5157) Multiple integer overflows in the opj_tcd_init_tile function in tcd.c in OpenJPEG, as used in PDFium in Chromium before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG 2000 data. (CVE-2016-5158) Multiple integer overflows in OpenJPEG, as used in PDFium in Chromium before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG 2000 data that is mishandled during opj_aligned_malloc calls in dwt.c and t1.c. (CVE-2016-5159) The AllowCrossRendererResourceLoad function in extensions/browser/url_request_util.cc in Chromium before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly use an extension's manifest.json web_accessible_resources field for restrictions on IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks, and trick users into changing extension settings, via a crafted web site, a different vulnerability than CVE-2016-5162. (CVE-2016-5160) The EditingStyle::mergeStyle function in WebKit/Source/core/editing/EditingStyle.cpp in Blink, as used in Chromium before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, mishandles custom properties, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted web site that leverages "type confusion" in the StylePropertySerializer class. (CVE-2016-5161) The AllowCrossRendererResourceLoad function in extensions/browser/url_request_util.cc in Chromium before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly use an extension's manifest.json web_accessible_resources field for restrictions on IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks, and trick users into changing extension settings, via a crafted web site, a different vulnerability than CVE-2016-5160. (CVE-2016-5162) The bidirectional-text implementation in Chromium before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not ensure left-to-right (LTR) rendering of URLs, which allows remote attackers to spoof the address bar via crafted right-to-left (RTL) Unicode text, related to omnibox/SuggestionView.java and omnibox/UrlBar.java in Chrome for Android. (CVE-2016-5163) Cross-site scripting (XSS) vulnerability in WebKit/Source/platform/v8_inspector/V8Debugger.cpp in Blink, as used in Chromium before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to inject arbitrary web script or HTML into the Developer Tools (aka DevTools) subsystem via a crafted web site, aka "Universal XSS (UXSS)." (CVE-2016-5164) Cross-site scripting (XSS) vulnerability in the Developer Tools (aka DevTools) subsystem in Chromium before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux allows remote attackers to inject arbitrary web script or HTML via the settings parameter in a chrome-devtools-frontend.appspot.com URL's query string. (CVE-2016-5165) The download implementation in Chromium before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly restrict saving a file:// URL that is referenced by an http:// URL, which makes it easier for user-assisted remote attackers to discover NetNTLM hashes and conduct SMB relay attacks via a crafted web page that is accessed with the "Save page as" menu choice. (CVE-2016-5166) Multiple unspecified vulnerabilities in Chromium before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux allow attackers to cause a denial of service or possibly have other impact via unknown vectors. (CVE-2016-5167) References: https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5147 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5148 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5149 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5150 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5151 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5152 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5153 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5154 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5155 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5156 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5157 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5158 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5159 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5160 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5161 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5162 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5163 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5164 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5165 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5166 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5167
Assignee: cjw => qa-bugs
Version 53.0.2785.113 was just released with more security fixes, we should use that instead of doing two updates.
Status: NEW => ASSIGNEDCC: (none) => cjwAssignee: qa-bugs => cjw
Upstream has released version 53.0.2785.113 on September 13: https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html This fixes several new security issues.
Summary: chromium-browser-stable new security issues fixed in 53.0.2785.92 => chromium-browser-stable new security issues fixed in 53.0.2785.113
Packages for version 53.0.2785.113 are available for testing. MGA5 SRPM: chromium-browser-stable-53.0.2785.113-1.mga5.src.rpm RPMS: chromium-browser-stable-53.0.2785.113-1.mga5.i586.rpm chromium-browser-53.0.2785.113-1.mga5.i586.rpm chromium-browser-stable-53.0.2785.113-1.mga5.x86_64.rpm chromium-browser-53.0.2785.113-1.mga5.x86_64.rpm Advisory: Chromium-browser-stable 53.0.2785.113 fixes security issues: Blink, as used in Chromium before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, mishandles deferred page loads, which allows remote attackers to inject arbitrary web script or HTML via a crafted web site, aka "Universal XSS (UXSS)." (CVE-2016-5147) Cross-site scripting (XSS) vulnerability in Blink, as used in Chromium before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to inject arbitrary web script or HTML via vectors related to widget updates, aka "Universal XSS (UXSS)." (CVE-2016-5148) The extensions subsystem in Chromium before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux relies on an IFRAME source URL to identify an associated extension, which allows remote attackers to conduct extension-bindings injection attacks by leveraging script access to a resource that initially has the about:blank URL. (CVE-2016-5149) WebKit/Source/bindings/modules/v8/V8BindingForModules.cpp in Blink, as used in Chromium before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, has an Indexed Database (aka IndexedDB) API implementation that does not properly restrict key-path evaluation, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted JavaScript code that leverages certain side effects. (CVE-2016-5150) PDFium in Chromium before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux mishandles timers, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted PDF document, related to fpdfsdk/javascript/JS_Object.cpp and fpdfsdk/javascript/app.cpp. (CVE-2016-5151) Integer overflow in the opj_tcd_get_decoded_tile_size function in tcd.c in OpenJPEG, as used in PDFium in Chromium before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG 2000 data. (CVE-2016-5152) The Web Animations implementation in Blink, as used in Chromium before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, improperly relies on list iteration, which allows remote attackers to cause a denial of service (use-after-destruction) or possibly have unspecified other impact via a crafted web site. (CVE-2016-5153) Multiple heap-based buffer overflows in PDFium, as used in Chromium before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted JBig2 image. (CVE-2016-5154) Chromium before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly validate access to the initial document, which allows remote attackers to spoof the address bar via a crafted web site. (CVE-2016-5155) extensions/renderer/event_bindings.cc in the event bindings in Chromium before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux attempts to process filtered events after failure to add an event matcher, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via unknown vectors. (CVE-2016-5156) Heap-based buffer overflow in the opj_dwt_interleave_v function in dwt.c in OpenJPEG, as used in PDFium in Chromium before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to execute arbitrary code via crafted coordinate values in JPEG 2000 data. (CVE-2016-5157) Multiple integer overflows in the opj_tcd_init_tile function in tcd.c in OpenJPEG, as used in PDFium in Chromium before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG 2000 data. (CVE-2016-5158) Multiple integer overflows in OpenJPEG, as used in PDFium in Chromium before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG 2000 data that is mishandled during opj_aligned_malloc calls in dwt.c and t1.c. (CVE-2016-5159) The AllowCrossRendererResourceLoad function in extensions/browser/url_request_util.cc in Chromium before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly use an extension's manifest.json web_accessible_resources field for restrictions on IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks, and trick users into changing extension settings, via a crafted web site, a different vulnerability than CVE-2016-5162. (CVE-2016-5160) The EditingStyle::mergeStyle function in WebKit/Source/core/editing/EditingStyle.cpp in Blink, as used in Chromium before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, mishandles custom properties, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted web site that leverages "type confusion" in the StylePropertySerializer class. (CVE-2016-5161) The AllowCrossRendererResourceLoad function in extensions/browser/url_request_util.cc in Chromium before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly use an extension's manifest.json web_accessible_resources field for restrictions on IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks, and trick users into changing extension settings, via a crafted web site, a different vulnerability than CVE-2016-5160. (CVE-2016-5162) The bidirectional-text implementation in Chromium before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not ensure left-to-right (LTR) rendering of URLs, which allows remote attackers to spoof the address bar via crafted right-to-left (RTL) Unicode text, related to omnibox/SuggestionView.java and omnibox/UrlBar.java in Chrome for Android. (CVE-2016-5163) Cross-site scripting (XSS) vulnerability in WebKit/Source/platform/v8_inspector/V8Debugger.cpp in Blink, as used in Chromium before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to inject arbitrary web script or HTML into the Developer Tools (aka DevTools) subsystem via a crafted web site, aka "Universal XSS (UXSS)." (CVE-2016-5164) Cross-site scripting (XSS) vulnerability in the Developer Tools (aka DevTools) subsystem in Chromium before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux allows remote attackers to inject arbitrary web script or HTML via the settings parameter in a chrome-devtools-frontend.appspot.com URL's query string. (CVE-2016-5165) The download implementation in Chromium before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly restrict saving a file:// URL that is referenced by an http:// URL, which makes it easier for user-assisted remote attackers to discover NetNTLM hashes and conduct SMB relay attacks via a crafted web page that is accessed with the "Save page as" menu choice. (CVE-2016-5166) Multiple unspecified vulnerabilities in Chromium before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux allow attackers to cause a denial of service or possibly have other impact via unknown vectors. (CVE-2016-5167) WebKit/Source/bindings/modules/v8/V8BindingForModules.cpp in Blink, as used in Chromium before 53.0.2785.113, has an Indexed Database (aka IndexedDB) API implementation that inspects properties not owned by the array when converting an array to a key, resulting in side effects and a potential use-after-free problem. (CVE-2016-5170) Blink, as used in Chromium before 53.0.2785.113, allowed its WindowProperties constructor to be called from javascript, resulting in a potential use-after-free problem. (CVE-2016-5171) Chromium before 53.0.2785.113 exhibits three more separate issues: arbitrary Memory Read in v8 (CVE-2016-5172), extension resource access (CVE-2016-5173), and a pop-up event was not correctly suppressed (CVE-2016-5174). Finally, Chromium 53.0.2785.113 contains (as usual) various fixes from upstream's internal audits, fuzzing and other initiatives. (CVE-2016-5175) References: https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop.html https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5147 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5148 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5149 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5150 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5151 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5152 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5153 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5154 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5155 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5156 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5157 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5158 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5159 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5160 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5161 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5162 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5163 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5164 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5165 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5166 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5167 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5170 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5171 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5172 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5173 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5174 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5175
LWN reference for 53.0.2785.113: http://lwn.net/Vulnerabilities/700835/
Tested mga5-64 JetStream for javascript, acid3, general browsing, youtube video all OK.
CC: (none) => wrw105Whiteboard: (none) => has_procedure mga5-64-ok
uname -a Linux localhost 4.4.16-desktop-1.mga5 #1 SMP Tue Jul 26 10:34:04 UTC 2016 i686 i686 i686 GNU/Linux Rpmdrake or one of its priority dependencies needs to be updated first. Rpmdrake will then restart. The following 4 packages are going to be installed: - chromium-browser-stable-53.0.2785.113-1.mga5.i586 - libminizip1-1.2.8-7.mga5.i586 - libwebpdemux1-0.4.3-1.mga5.i586 - meta-task-5-28.1.mga5.noarch 167MB of additional disk space will be used. --------------- installed correctly. Ran Gmail, hangouts, browsed internet/videos - seems to be working as designed.
CC: (none) => brtians1Whiteboard: has_procedure mga5-64-ok => has_procedure mga5-64-ok mga5-32-ok
Keywords: (none) => validated_updateCC: (none) => lewyssmith, sysadmin-bugs
Thanks to rapid testers. Update validated, advisory uploaded.
Whiteboard: has_procedure mga5-64-ok mga5-32-ok => has_procedure mga5-64-ok mga5-32-ok advisory
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2016-0309.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED
53.0.2785.113 also fixed CVE-2016-7549: http://lwn.net/Vulnerabilities/702898/