openSUSE-SU-2013:0236-1: moderate: update for chromium

openSUSE Security Update: update for chromium ______________________________________________________________________________ Announcement ID: openSUSE-SU-2013:0236-1 Rating: moderate References: #795860 #798326 Cross-References: CVE-2012-5145 CVE-2012-5146 CVE-2012-5147 CVE-2012-5148 CVE-2012-5149 CVE-2012-5150 CVE-2012-5152 CVE-2012-5153 CVE-2012-5154 CVE-2013-0830 CVE-2013-0831 CVE-2013-0832 CVE-2013-0833 CVE-2013-0834 CVE-2013-0835 CVE-2013-0836 CVE-2013-0837 CVE-2013-0838 Affected Products: openSUSE 12.2 openSUSE 12.1 ______________________________________________________________________________ An update that fixes 18 vulnerabilities is now available. Description: - Update to 26.0.1383 * Security fixes (bnc#798326) - CVE-2012-5145: Use-after-free in SVG layout - CVE-2012-5146: Same origin policy bypass with malformed URL - CVE-2012-5147: Use-after-free in DOM handling - CVE-2012-5148: Missing filename sanitization in hyphenation support - CVE-2012-5149: Integer overflow in audio IPC handling - CVE-2012-5150: Use-after-free when seeking video - CVE-2012-5152: Out-of-bounds read when seeking video - CVE-2012-5153: Out-of-bounds stack access in v8. - CVE-2012-5154: Integer overflow in shared memory allocation - CVE-2013-0830: Missing NUL termination in IPC. - CVE-2013-0831: Possible path traversal from extension process - CVE-2013-0832: Use-after-free with printing. - CVE-2013-0833: Out-of-bounds read with printing. - CVE-2013-0834: Out-of-bounds read with glyph handling - CVE-2013-0835: Browser crash with geolocation - CVE-2013-0836: Crash in v8 garbage collection. - CVE-2013-0837: Crash in extension tab handling. - CVE-2013-0838: Tighten permissions on shared memory segments * Set up Google API keys, see http://www.chromium.org/developers/how-tos/api-keys . # Note: these are for openSUSE Chromium builds ONLY!! (Setup was done based on indication from Pawel Hajdan) - Change the default setting for password-store to basic. (bnc#795860) - Fixes from Update to 25.0.1352 * Fixed garbled header and footer text in print preview. * Fixed broken profile with system-wide installation and * Fixed stability crashes like 158747, 159437, 149139, 160914, - Add a configuration file (/etc/default/chromium) where we can indicate flags for the chromium-browser. * {gtk} Fixed <input> selection renders white text on white * Fixed translate infobar button to show selected language. - Update to 25.0.1329 * No further indications in the ChangeLog - Update to 25.0.1319 * No further indications in the Changelog - Update to 24.0.1308 * Updated V8 - 3.14.5.0 * Bookmarks are now searched by their title while typing into the omnibox with matching bookmarks being shown in the autocomplete suggestions pop-down list. Matching is done by prefix. * Fixed chromium issues 155871, 154173, 155133. * No further indications in the ChangeLog. - Update to 24.0.1283 Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.2: zypper in -t patch openSUSE-2013-72 - openSUSE 12.1: zypper in -t patch openSUSE-2013-72 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.2 (i586 x86_64): chromedriver-26.0.1383.0-1.31.1 chromedriver-debuginfo-26.0.1383.0-1.31.1 chromium-26.0.1383.0-1.31.1 chromium-debuginfo-26.0.1383.0-1.31.1 chromium-debugsource-26.0.1383.0-1.31.1 chromium-desktop-gnome-26.0.1383.0-1.31.1 chromium-desktop-kde-26.0.1383.0-1.31.1 chromium-ffmpegsumo-26.0.1383.0-1.31.1 chromium-ffmpegsumo-debuginfo-26.0.1383.0-1.31.1 chromium-suid-helper-26.0.1383.0-1.31.1 chromium-suid-helper-debuginfo-26.0.1383.0-1.31.1 - openSUSE 12.1 (i586 x86_64): chromedriver-26.0.1383.0-1.51.1 chromedriver-debuginfo-26.0.1383.0-1.51.1 chromium-26.0.1383.0-1.51.1 chromium-debuginfo-26.0.1383.0-1.51.1 chromium-debugsource-26.0.1383.0-1.51.1 chromium-desktop-gnome-26.0.1383.0-1.51.1 chromium-desktop-kde-26.0.1383.0-1.51.1 chromium-ffmpegsumo-26.0.1383.0-1.51.1 chromium-ffmpegsumo-debuginfo-26.0.1383.0-1.51.1 chromium-suid-helper-26.0.1383.0-1.51.1 chromium-suid-helper-debuginfo-26.0.1383.0-1.51.1 References: http://support.novell.com/security/cve/CVE-2012-5145.html http://support.novell.com/security/cve/CVE-2012-5146.html http://support.novell.com/security/cve/CVE-2012-5147.html http://support.novell.com/security/cve/CVE-2012-5148.html http://support.novell.com/security/cve/CVE-2012-5149.html http://support.novell.com/security/cve/CVE-2012-5150.html http://support.novell.com/security/cve/CVE-2012-5152.html http://support.novell.com/security/cve/CVE-2012-5153.html http://support.novell.com/security/cve/CVE-2012-5154.html http://support.novell.com/security/cve/CVE-2013-0830.html http://support.novell.com/security/cve/CVE-2013-0831.html http://support.novell.com/security/cve/CVE-2013-0832.html http://support.novell.com/security/cve/CVE-2013-0833.html http://support.novell.com/security/cve/CVE-2013-0834.html http://support.novell.com/security/cve/CVE-2013-0835.html http://support.novell.com/security/cve/CVE-2013-0836.html http://support.novell.com/security/cve/CVE-2013-0837.html http://support.novell.com/security/cve/CVE-2013-0838.html https://bugzilla.novell.com/795860 https://bugzilla.novell.com/798326