Mailinglist Archive: opensuse-updates (99 mails)

< Previous Next >
openSUSE-SU-2013:0236-1: moderate: update for chromium
openSUSE Security Update: update for chromium
______________________________________________________________________________

Announcement ID: openSUSE-SU-2013:0236-1
Rating: moderate
References: #795860 #798326
Cross-References: CVE-2012-5145 CVE-2012-5146 CVE-2012-5147
CVE-2012-5148 CVE-2012-5149 CVE-2012-5150
CVE-2012-5152 CVE-2012-5153 CVE-2012-5154
CVE-2013-0830 CVE-2013-0831 CVE-2013-0832
CVE-2013-0833 CVE-2013-0834 CVE-2013-0835
CVE-2013-0836 CVE-2013-0837 CVE-2013-0838

Affected Products:
openSUSE 12.2
openSUSE 12.1
______________________________________________________________________________

An update that fixes 18 vulnerabilities is now available.

Description:



- Update to 26.0.1383
* Security fixes (bnc#798326)
- CVE-2012-5145: Use-after-free in SVG layout
- CVE-2012-5146: Same origin policy bypass with
malformed URL
- CVE-2012-5147: Use-after-free in DOM handling
- CVE-2012-5148: Missing filename sanitization in
hyphenation support
- CVE-2012-5149: Integer overflow in audio IPC handling
- CVE-2012-5150: Use-after-free when seeking video
- CVE-2012-5152: Out-of-bounds read when seeking video
- CVE-2012-5153: Out-of-bounds stack access in v8.
- CVE-2012-5154: Integer overflow in shared memory
allocation
- CVE-2013-0830: Missing NUL termination in IPC.
- CVE-2013-0831: Possible path traversal from extension
process
- CVE-2013-0832: Use-after-free with printing.
- CVE-2013-0833: Out-of-bounds read with printing.
- CVE-2013-0834: Out-of-bounds read with glyph handling
- CVE-2013-0835: Browser crash with geolocation
- CVE-2013-0836: Crash in v8 garbage collection.
- CVE-2013-0837: Crash in extension tab handling.
- CVE-2013-0838: Tighten permissions on shared memory
segments

* Set up Google API keys, see
http://www.chromium.org/developers/how-tos/api-keys . #
Note: these are for openSUSE Chromium builds ONLY!!
(Setup was done based on indication from Pawel Hajdan)

- Change the default setting for password-store to basic.
(bnc#795860)


- Fixes from Update to 25.0.1352
* Fixed garbled header and footer text in print preview.
* Fixed broken profile with system-wide installation and
* Fixed stability crashes like 158747, 159437, 149139,
160914,
- Add a configuration file (/etc/default/chromium) where we
can indicate flags for the chromium-browser.

* {gtk} Fixed <input> selection renders white text on
white
* Fixed translate infobar button to show selected
language.

- Update to 25.0.1329
* No further indications in the ChangeLog

- Update to 25.0.1319
* No further indications in the Changelog

- Update to 24.0.1308
* Updated V8 - 3.14.5.0
* Bookmarks are now searched by their title while typing
into the omnibox with matching bookmarks being shown
in the autocomplete suggestions pop-down list.
Matching is done by prefix.
* Fixed chromium issues 155871, 154173, 155133.

* No further indications in the ChangeLog.

- Update to 24.0.1283


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 12.2:

zypper in -t patch openSUSE-2013-72

- openSUSE 12.1:

zypper in -t patch openSUSE-2013-72

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE 12.2 (i586 x86_64):

chromedriver-26.0.1383.0-1.31.1
chromedriver-debuginfo-26.0.1383.0-1.31.1
chromium-26.0.1383.0-1.31.1
chromium-debuginfo-26.0.1383.0-1.31.1
chromium-debugsource-26.0.1383.0-1.31.1
chromium-desktop-gnome-26.0.1383.0-1.31.1
chromium-desktop-kde-26.0.1383.0-1.31.1
chromium-ffmpegsumo-26.0.1383.0-1.31.1
chromium-ffmpegsumo-debuginfo-26.0.1383.0-1.31.1
chromium-suid-helper-26.0.1383.0-1.31.1
chromium-suid-helper-debuginfo-26.0.1383.0-1.31.1

- openSUSE 12.1 (i586 x86_64):

chromedriver-26.0.1383.0-1.51.1
chromedriver-debuginfo-26.0.1383.0-1.51.1
chromium-26.0.1383.0-1.51.1
chromium-debuginfo-26.0.1383.0-1.51.1
chromium-debugsource-26.0.1383.0-1.51.1
chromium-desktop-gnome-26.0.1383.0-1.51.1
chromium-desktop-kde-26.0.1383.0-1.51.1
chromium-ffmpegsumo-26.0.1383.0-1.51.1
chromium-ffmpegsumo-debuginfo-26.0.1383.0-1.51.1
chromium-suid-helper-26.0.1383.0-1.51.1
chromium-suid-helper-debuginfo-26.0.1383.0-1.51.1


References:

http://support.novell.com/security/cve/CVE-2012-5145.html
http://support.novell.com/security/cve/CVE-2012-5146.html
http://support.novell.com/security/cve/CVE-2012-5147.html
http://support.novell.com/security/cve/CVE-2012-5148.html
http://support.novell.com/security/cve/CVE-2012-5149.html
http://support.novell.com/security/cve/CVE-2012-5150.html
http://support.novell.com/security/cve/CVE-2012-5152.html
http://support.novell.com/security/cve/CVE-2012-5153.html
http://support.novell.com/security/cve/CVE-2012-5154.html
http://support.novell.com/security/cve/CVE-2013-0830.html
http://support.novell.com/security/cve/CVE-2013-0831.html
http://support.novell.com/security/cve/CVE-2013-0832.html
http://support.novell.com/security/cve/CVE-2013-0833.html
http://support.novell.com/security/cve/CVE-2013-0834.html
http://support.novell.com/security/cve/CVE-2013-0835.html
http://support.novell.com/security/cve/CVE-2013-0836.html
http://support.novell.com/security/cve/CVE-2013-0837.html
http://support.novell.com/security/cve/CVE-2013-0838.html
https://bugzilla.novell.com/795860
https://bugzilla.novell.com/798326


< Previous Next >
This Thread
  • No further messages