Mailinglist Archive: opensuse-security-announce (37 mails)

< Previous Next >
[security-announce] openSUSE-SU-2012:1215-1: important: chromium: update to 21.0.1180.88
openSUSE Security Update: chromium: update to 21.0.1180.88
______________________________________________________________________________

Announcement ID: openSUSE-SU-2012:1215-1
Rating: important
References: #778005
Cross-References: CVE-2012-2865 CVE-2012-2866 CVE-2012-2867
CVE-2012-2868 CVE-2012-2869 CVE-2012-2870
CVE-2012-2871 CVE-2012-2872
Affected Products:
openSUSE 12.2
openSUSE 12.1
______________________________________________________________________________

An update that fixes 8 vulnerabilities is now available.

Description:

Chromium was updated to 21.0.1180.88 to fix various bugs
and security issues. Security fixes and rewards:

Please see the Chromium security
page<http://sites.google.com/a/chromium.org/dev/Home/chromiu
m-security>for more detail. Note that the referenced bugs
may be kept private until a majority of our users are up to
date with the fix.


- [$500]
[121347<https://code.google.com/p/chromium/issues/detail?id=
121347>] Medium CVE-2012-2865: Out-of-bounds read in line
breaking. Credit to miaubiz.
- [$1000]
[134897<https://code.google.com/p/chromium/issues/detail?id=
134897>] High CVE-2012-2866: Bad cast with run-ins. Credit
to miaubiz.
- [135485
<https://code.google.com/p/chromium/issues/detail?id=135485>
] Low CVE-2012-2867: Browser crash with SPDY.
- [$500]
[136881<https://code.google.com/p/chromium/issues/detail?id=
136881>] Medium CVE-2012-2868: Race condition with workers
and XHR. Credit to miaubiz.
- [137778
<https://code.google.com/p/chromium/issues/detail?id=137778>
] High CVE-2012-2869: Avoid stale buffer in URL loading.
Credit to Fermin Serna of the Google Security Team.
- [138672
<https://code.google.com/p/chromium/issues/detail?id=138672>
] [ 140368
<https://code.google.com/p/chromium/issues/detail?id=140368>
] LowCVE-2012-2870: Lower severity memory management issues
in XPath. Credit to Nicolas Gregoire.
- [$1000]
[138673<https://code.google.com/p/chromium/issues/detail?id=
138673>] High CVE-2012-2871: Bad cast in XSL transforms.
Credit to Nicolas Gregoire.
- [$500]
[142956<https://code.google.com/p/chromium/issues/detail?id=
142956>] Medium CVE-2012-2872: XSS in SSL interstitial.
Credit to Emmanuel Bronshtein.


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 12.2:

zypper in -t patch openSUSE-2012-619

- openSUSE 12.1:

zypper in -t patch openSUSE-2012-619

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE 12.2 (i586 x86_64):

chromedriver-23.0.1255.0-1.14.1
chromedriver-debuginfo-23.0.1255.0-1.14.1
chromium-23.0.1255.0-1.14.1
chromium-debuginfo-23.0.1255.0-1.14.1
chromium-debugsource-23.0.1255.0-1.14.1
chromium-desktop-gnome-23.0.1255.0-1.14.1
chromium-desktop-kde-23.0.1255.0-1.14.1
chromium-suid-helper-23.0.1255.0-1.14.1
chromium-suid-helper-debuginfo-23.0.1255.0-1.14.1

- openSUSE 12.1 (i586 x86_64):

chromedriver-23.0.1255.0-1.34.1
chromedriver-debuginfo-23.0.1255.0-1.34.1
chromium-23.0.1255.0-1.34.1
chromium-debuginfo-23.0.1255.0-1.34.1
chromium-debugsource-23.0.1255.0-1.34.1
chromium-desktop-gnome-23.0.1255.0-1.34.1
chromium-desktop-kde-23.0.1255.0-1.34.1
chromium-suid-helper-23.0.1255.0-1.34.1
chromium-suid-helper-debuginfo-23.0.1255.0-1.34.1


References:

http://support.novell.com/security/cve/CVE-2012-2865.html
http://support.novell.com/security/cve/CVE-2012-2866.html
http://support.novell.com/security/cve/CVE-2012-2867.html
http://support.novell.com/security/cve/CVE-2012-2868.html
http://support.novell.com/security/cve/CVE-2012-2869.html
http://support.novell.com/security/cve/CVE-2012-2870.html
http://support.novell.com/security/cve/CVE-2012-2871.html
http://support.novell.com/security/cve/CVE-2012-2872.html
https://bugzilla.novell.com/778005

--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-security-announce+help@xxxxxxxxxxxx

< Previous Next >
This Thread
  • No further messages