Mailinglist Archive: opensuse-security-announce (7 mails)

< Previous Next >
[security-announce] openSUSE-SU-2012:1637-1: important: Chromium to 25.0.1343
openSUSE Security Update: Chromium to 25.0.1343
______________________________________________________________________________

Announcement ID: openSUSE-SU-2012:1637-1
Rating: important
References: #791234 #792154
Cross-References: CVE-2012-5130 CVE-2012-5131 CVE-2012-5132
CVE-2012-5133 CVE-2012-5134 CVE-2012-5135
CVE-2012-5136 CVE-2012-5137 CVE-2012-5138

Affected Products:
openSUSE 12.2
openSUSE 12.1
______________________________________________________________________________

An update that fixes 9 vulnerabilities is now available.

Description:

Chromium was updated to 25.0.1343

* Security Fixes (bnc#791234 and bnc#792154):
- CVE-2012-5131: Corrupt rendering in the Apple OSX
driver for Intel GPUs
- CVE-2012-5133: Use-after-free in SVG filters.
- CVE-2012-5130: Out-of-bounds read in Skia
- CVE-2012-5132: Browser crash with chunked encoding
- CVE-2012-5134: Buffer underflow in libxml.
- CVE-2012-5135: Use-after-free with printing.
- CVE-2012-5136: Bad cast in input element handling.
- CVE-2012-5138: Incorrect file path handling
- CVE-2012-5137: Use-after-free in media source handling

- Correct build so that proprietary codecs can be used when
the chromium-ffmpeg package is installed

- Update to 25.0.1335
* {gtk} Fixed <input> selection renders white text on
white background in apps. (Issue: 158422)
* Fixed translate infobar button to show selected
language. (Issue: 155350)
* Fixed broken Arabic language. (Issue: 158978)
* Fixed pre-rendering if the preference is disabled at
start up. (Issue: 159393)
* Fixed JavaScript rendering issue. (Issue: 159655)
* No further indications in the ChangeLog
* Updated V8 - 3.14.5.0
* Bookmarks are now searched by their title while typing
into the omnibox with matching bookmarks being shown in
the autocomplete suggestions pop-down list. Matching is
done by prefix.
* Fixed chromium issues 155871, 154173, 155133.

- Removed patch chomium-ffmpeg-no-pkgconfig.patch
- Building now internal libffmpegsumo.so based on the
standard chromium ffmpeg codecs
- Add a configuration file (/etc/default/chromium) where we
can indicate flags for the chromium-browser.
- add explicit buildrequire on libbz2-devel


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 12.2:

zypper in -t patch openSUSE-2012-845

- openSUSE 12.1:

zypper in -t patch openSUSE-2012-845

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE 12.2 (i586 x86_64):

chromedriver-25.0.1343.0-1.23.1
chromedriver-debuginfo-25.0.1343.0-1.23.1
chromium-25.0.1343.0-1.23.1
chromium-debuginfo-25.0.1343.0-1.23.1
chromium-debugsource-25.0.1343.0-1.23.1
chromium-desktop-gnome-25.0.1343.0-1.23.1
chromium-desktop-kde-25.0.1343.0-1.23.1
chromium-ffmpegsumo-25.0.1343.0-1.23.1
chromium-ffmpegsumo-debuginfo-25.0.1343.0-1.23.1
chromium-suid-helper-25.0.1343.0-1.23.1
chromium-suid-helper-debuginfo-25.0.1343.0-1.23.1

- openSUSE 12.1 (i586 x86_64):

chromedriver-25.0.1343.0-1.43.1
chromedriver-debuginfo-25.0.1343.0-1.43.1
chromium-25.0.1343.0-1.43.1
chromium-debuginfo-25.0.1343.0-1.43.1
chromium-debugsource-25.0.1343.0-1.43.1
chromium-desktop-gnome-25.0.1343.0-1.43.1
chromium-desktop-kde-25.0.1343.0-1.43.1
chromium-ffmpegsumo-25.0.1343.0-1.43.1
chromium-ffmpegsumo-debuginfo-25.0.1343.0-1.43.1
chromium-suid-helper-25.0.1343.0-1.43.1
chromium-suid-helper-debuginfo-25.0.1343.0-1.43.1


References:

http://support.novell.com/security/cve/CVE-2012-5130.html
http://support.novell.com/security/cve/CVE-2012-5131.html
http://support.novell.com/security/cve/CVE-2012-5132.html
http://support.novell.com/security/cve/CVE-2012-5133.html
http://support.novell.com/security/cve/CVE-2012-5134.html
http://support.novell.com/security/cve/CVE-2012-5135.html
http://support.novell.com/security/cve/CVE-2012-5136.html
http://support.novell.com/security/cve/CVE-2012-5137.html
http://support.novell.com/security/cve/CVE-2012-5138.html
https://bugzilla.novell.com/791234
https://bugzilla.novell.com/792154

--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-security-announce+help@xxxxxxxxxxxx

< Previous Next >
This Thread
  • No further messages