openSUSE Security Update: chromium to 33.0.1750.152 stable release ______________________________________________________________________________ Announcement ID: openSUSE-SU-2014:0501-1 Rating: important References: #866959 Cross-References: CVE-2014-1700 CVE-2014-1701 CVE-2014-1702 CVE-2014-1703 CVE-2014-1704 CVE-2014-1705 CVE-2014-1713 CVE-2014-1714 CVE-2014-1715 Affected Products: openSUSE 13.1 openSUSE 12.3 ______________________________________________________________________________ An update that fixes 9 vulnerabilities is now available. Description: Chromium was updated to the 33.0.1750.152 stable channel uodate: - Security fixes: * CVE-2014-1713: Use-after-free in Blink bindings * CVE-2014-1714: Windows clipboard vulnerability * CVE-2014-1705: Memory corruption in V8 * CVE-2014-1715: Directory traversal issue Previous stable channel update 33.0.1750.149: - Security fixes: * CVE-2014-1700: Use-after-free in speech * CVE-2014-1701: UXSS in events * CVE-2014-1702: Use-after-free in web database * CVE-2014-1703: Potential sandbox escape due to a use-after-free in web sockets * CVE-2014-1704: Multiple vulnerabilities in V8 fixed in version 3.23.17.18 Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.1: zypper in -t patch openSUSE-2014-280 - openSUSE 12.3: zypper in -t patch openSUSE-2014-280 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.1 (i586 x86_64): chromedriver-33.0.1750.152-25.2 chromedriver-debuginfo-33.0.1750.152-25.2 chromium-33.0.1750.152-25.2 chromium-debuginfo-33.0.1750.152-25.2 chromium-debugsource-33.0.1750.152-25.2 chromium-desktop-gnome-33.0.1750.152-25.2 chromium-desktop-kde-33.0.1750.152-25.2 chromium-ffmpegsumo-33.0.1750.152-25.2 chromium-ffmpegsumo-debuginfo-33.0.1750.152-25.2 chromium-suid-helper-33.0.1750.152-25.2 chromium-suid-helper-debuginfo-33.0.1750.152-25.2 - openSUSE 12.3 (i586 x86_64): chromedriver-33.0.1750.152-1.33.2 chromedriver-debuginfo-33.0.1750.152-1.33.2 chromium-33.0.1750.152-1.33.2 chromium-debuginfo-33.0.1750.152-1.33.2 chromium-debugsource-33.0.1750.152-1.33.2 chromium-desktop-gnome-33.0.1750.152-1.33.2 chromium-desktop-kde-33.0.1750.152-1.33.2 chromium-ffmpegsumo-33.0.1750.152-1.33.2 chromium-ffmpegsumo-debuginfo-33.0.1750.152-1.33.2 chromium-suid-helper-33.0.1750.152-1.33.2 chromium-suid-helper-debuginfo-33.0.1750.152-1.33.2 References: http://support.novell.com/security/cve/CVE-2014-1700.html http://support.novell.com/security/cve/CVE-2014-1701.html http://support.novell.com/security/cve/CVE-2014-1702.html http://support.novell.com/security/cve/CVE-2014-1703.html http://support.novell.com/security/cve/CVE-2014-1704.html http://support.novell.com/security/cve/CVE-2014-1705.html http://support.novell.com/security/cve/CVE-2014-1713.html http://support.novell.com/security/cve/CVE-2014-1714.html http://support.novell.com/security/cve/CVE-2014-1715.html https://bugzilla.novell.com/866959 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security-announce+help@opensuse.org