openSUSE Security Update: update for chromium, v8 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2012:0374-1 Rating: important References: #750407 #751466 #751738 Cross-References: CVE-2011-3031 CVE-2011-3032 CVE-2011-3033 CVE-2011-3034 CVE-2011-3035 CVE-2011-3036 CVE-2011-3037 CVE-2011-3038 CVE-2011-3039 CVE-2011-3040 CVE-2011-3041 CVE-2011-3042 CVE-2011-3043 CVE-2011-3044 CVE-2011-3046 CVE-2011-3047 Affected Products: openSUSE 12.1 ______________________________________________________________________________ An update that fixes 16 vulnerabilities is now available. Description: Changes in chromium: - Update to 19.0.1066 * Fixed Chrome install/update resets Google search preferences (Issue: 105390) * Don't trigger accelerated compositing on 3D CSS when using swiftshader (Issue: 116401) * Fixed a GPU crash (Issue: 116096) * More fixes for Back button frequently hangs (Issue: 93427) * Bastion now works (Issue: 116285) * Fixed Composited layer sorting irregularity with accelerated canvas (Issue: 102943) * Fixed Composited layer sorting irregularity with accelerated canvas (Issue: 102943) * Fixed Google Feedback causes render process to use too much memory (Issue: 114489) * Fixed after upgrade, some pages are rendered as blank (Issue: 109888) * Fixed Pasting text into a single-line text field shouldn't keep literal newlines (Issue: 106551) - Security Fixes: * Critical CVE-2011-3047: Errant plug-in load and GPU process memory corruption * Critical CVE-2011-3046: UXSS and bad history navigation. - Update to 19.0.1060 * Fixed NTP signed in state is missing (Issue: 112676) * Fixed gmail seems to redraw itself (all white) occasionally (Issue: 111263) * Focus "OK" button on Javascript dialogs (Issue: 111015) * Fixed Back button frequently hangs (Issue: 93427) * Increase the buffer size to fix muted playback rate (Issue: 108239) * Fixed Empty span with line-height renders with non-zero height (Issue: 109811) * Marked the Certum Trusted Network CA as an issuer of extended-validation (EV) certificates. * Fixed importing of bookmarks, history, etc. from Firefox 10+. * Fixed issues - 114001, 110785, 114168, 114598, 111663, 113636, 112676 * Fixed several crashes (Issues: 111376, 108688, 114391) * Fixed Firefox browser in Import Bookmarks and Settings drop-down (Issue: 114476) * Sync: Sessions aren't associating pre-existing tabs (Issue: 113319) * Fixed All "Extensions" make an entry under the "NTP Apps" page (Issue: 113672) - Security Fixes (bnc#750407): * High CVE-2011-3031: Use-after-free in v8 element wrapper. * High CVE-2011-3032: Use-after-free in SVG value handling. * High CVE-2011-3033: Buffer overflow in the Skia drawing library. * High CVE-2011-3034: Use-after-free in SVG document handling. * High CVE-2011-3035: Use-after-free in SVG use handling. * High CVE-2011-3036: Bad cast in line box handling. * High CVE-2011-3037: Bad casts in anonymous block splitting. * High CVE-2011-3038: Use-after-free in multi-column handling. * High CVE-2011-3039: Use-after-free in quote handling. * High CVE-2011-3040: Out-of-bounds read in text handling. * High CVE-2011-3041: Use-after-free in class attribute handling. * High CVE-2011-3042: Use-after-free in table section handling. * High CVE-2011-3043: Use-after-free in flexbox with floats. * High CVE-2011-3044: Use-after-free with SVG animation elements. Changes in v8: - Update to 3.9.13.0 * Add code kind check before preparing for OSR. (issue 1900, 115073) * Pass zone explicitly to zone-allocation on x64 and ARM. (issue 1802) * Port string construct stub to x64. (issue 849) * Performance and stability improvements on all platforms. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.1: zypper in -t patch openSUSE-2012-165 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.1 (i586 x86_64): chromium-19.0.1066.0-1.11.2 chromium-debuginfo-19.0.1066.0-1.11.2 chromium-debugsource-19.0.1066.0-1.11.2 chromium-desktop-gnome-19.0.1066.0-1.11.2 chromium-desktop-kde-19.0.1066.0-1.11.2 chromium-suid-helper-19.0.1066.0-1.11.2 chromium-suid-helper-debuginfo-19.0.1066.0-1.11.2 libv8-3-3.9.13.0-1.15.1 libv8-3-debuginfo-3.9.13.0-1.15.1 v8-debugsource-3.9.13.0-1.15.1 v8-devel-3.9.13.0-1.15.1 v8-private-headers-devel-3.9.13.0-1.15.1 References: http://support.novell.com/security/cve/CVE-2011-3031.html http://support.novell.com/security/cve/CVE-2011-3032.html http://support.novell.com/security/cve/CVE-2011-3033.html http://support.novell.com/security/cve/CVE-2011-3034.html http://support.novell.com/security/cve/CVE-2011-3035.html http://support.novell.com/security/cve/CVE-2011-3036.html http://support.novell.com/security/cve/CVE-2011-3037.html http://support.novell.com/security/cve/CVE-2011-3038.html http://support.novell.com/security/cve/CVE-2011-3039.html http://support.novell.com/security/cve/CVE-2011-3040.html http://support.novell.com/security/cve/CVE-2011-3041.html http://support.novell.com/security/cve/CVE-2011-3042.html http://support.novell.com/security/cve/CVE-2011-3043.html http://support.novell.com/security/cve/CVE-2011-3044.html http://support.novell.com/security/cve/CVE-2011-3046.html http://support.novell.com/security/cve/CVE-2011-3047.html https://bugzilla.novell.com/750407 https://bugzilla.novell.com/751466 https://bugzilla.novell.com/751738 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security-announce+help@opensuse.org