Mailinglist Archive: opensuse-updates (119 mails)

< Previous Next >
openSUSE-SU-2013:0454-1: moderate: chromium: updated to 27.0.1425
openSUSE Security Update: chromium: updated to 27.0.1425
______________________________________________________________________________

Announcement ID: openSUSE-SU-2013:0454-1
Rating: moderate
References: #804986
Cross-References: CVE-2013-0879 CVE-2013-0880 CVE-2013-0881
CVE-2013-0882 CVE-2013-0883 CVE-2013-0884
CVE-2013-0885 CVE-2013-0886 CVE-2013-0887
CVE-2013-0888 CVE-2013-0889 CVE-2013-0890
CVE-2013-0891 CVE-2013-0892 CVE-2013-0893
CVE-2013-0894 CVE-2013-0895 CVE-2013-0896
CVE-2013-0897 CVE-2013-0898 CVE-2013-0899
CVE-2013-0900
Affected Products:
openSUSE 12.2
openSUSE 12.1
______________________________________________________________________________

An update that fixes 22 vulnerabilities is now available.

Description:

chromium was updated to version 27.0.1425 having both
stability and security fixes:

* Bug and stability fixes:
- Fixed crash after clicking through malware warning.
(Issue: 173986)
- Fixed broken command line to create extensions with
locale info (Issue: 176187)
- Hosted apps in Chrome will always be opened from app
launcher. (Issue: 176267)
- Added modal confirmation dialog to the enterprise
profile sign-in flow. (Issue: 171236)
- Fixed a crash with autofill. (Issues: 175454, 176576)
- Fixed issues with sign-in. (Issues: 175672, 175819,
175541, 176190)
- Fixed spurious profile shortcuts created with a
system-level install. (Issue: 177047)
- Fixed the background tab flashing with certain
themes. (Issue: 175426)
* Security Fixes: (bnc#804986)
- High CVE-2013-0879: Memory corruption with web audio
node
- High CVE-2013-0880: Use-after-free in database
handling
- Medium CVE-2013-0881: Bad read in Matroska handling
- High CVE-2013-0882: Bad memory access with excessive
SVG parameters.
- Medium CVE-2013-0883: Bad read in Skia.
- Low CVE-2013-0884: Inappropriate load of NaCl.
- Medium CVE-2013-0885: Too many API permissions
granted to web store
- Medium CVE-2013-0886: Incorrect NaCl signal handling.
- Low CVE-2013-0887: Developer tools process has too
many permissions and places too much trust in the
connected server
- Medium CVE-2013-0888: Out-of-bounds read in Skia
- Low CVE-2013-0889: Tighten user gesture check for
dangerous file downloads.
- High CVE-2013-0890: Memory safety issues across the
IPC layer.
- High CVE-2013-0891: Integer overflow in blob handling.
- Medium CVE-2013-0892: Lower severity issues across
the IPC layer
- Medium CVE-2013-0893: Race condition in media
handling.
- High CVE-2013-0894: Buffer overflow in vorbis
decoding.
- High CVE-2013-0895: Incorrect path handling in file
copying.
- High CVE-2013-0896: Memory management issues in
plug-in message handling
- Low CVE-2013-0897: Off-by-one read in PDF
- High CVE-2013-0898: Use-after-free in URL handling
- Low CVE-2013-0899: Integer overflow in Opus handling
- Medium CVE-2013-0900: Race condition in ICU
* Make adjustment for autodetecting of the PepperFlash
library. The package with the PepperFlash hopefully
will be soon available through packman

- Update to 26.0.1411
* Bug and stability fixes

- Update to 26.0.1403
* Bug and stability fixes

- Using system libxml2 requires system libxslt.
- Using system MESA does not work in i586 for some reason.

- Also use system MESA, factory version seems adecuate now.
- Always use system libxml2.

- Restrict the usage of system libraries instead of the
bundled ones to new products, too much hassle otherwise.

- Also link kerberos and libgps directly, do not dlopen
them.

- Avoid using dlopen on system libraries, rpm or the
package Manager do not handle this at all. tested for a
few weeks and implemented with a macro so it can be
easily disabled if problems arise.
- Use SOME system libraries instead of the bundled ones,
tested for several weeks and implemented with a macro
for easy enable/Disable in case of trouble.

- Update to 26.0.1393
* Bug and stability fixes

* Security fixes
- Update to 26.0.1375
* Bug and stability fixes

- Update to 26.0.1371
* Bug and stability fixes

- Update to 26.0.1367
* Bug and stability fixes


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 12.2:

zypper in -t patch openSUSE-2013-203

- openSUSE 12.1:

zypper in -t patch openSUSE-2013-203

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE 12.2 (i586 x86_64):

chromedriver-27.0.1425.0-1.35.1
chromedriver-debuginfo-27.0.1425.0-1.35.1
chromium-27.0.1425.0-1.35.1
chromium-debuginfo-27.0.1425.0-1.35.1
chromium-debugsource-27.0.1425.0-1.35.1
chromium-desktop-gnome-27.0.1425.0-1.35.1
chromium-desktop-kde-27.0.1425.0-1.35.1
chromium-ffmpegsumo-27.0.1425.0-1.35.1
chromium-ffmpegsumo-debuginfo-27.0.1425.0-1.35.1
chromium-suid-helper-27.0.1425.0-1.35.1
chromium-suid-helper-debuginfo-27.0.1425.0-1.35.1

- openSUSE 12.1 (i586 x86_64):

chromedriver-27.0.1425.0-1.55.1
chromedriver-debuginfo-27.0.1425.0-1.55.1
chromium-27.0.1425.0-1.55.1
chromium-debuginfo-27.0.1425.0-1.55.1
chromium-debugsource-27.0.1425.0-1.55.1
chromium-desktop-gnome-27.0.1425.0-1.55.1
chromium-desktop-kde-27.0.1425.0-1.55.1
chromium-ffmpegsumo-27.0.1425.0-1.55.1
chromium-ffmpegsumo-debuginfo-27.0.1425.0-1.55.1
chromium-suid-helper-27.0.1425.0-1.55.1
chromium-suid-helper-debuginfo-27.0.1425.0-1.55.1


References:

http://support.novell.com/security/cve/CVE-2013-0879.html
http://support.novell.com/security/cve/CVE-2013-0880.html
http://support.novell.com/security/cve/CVE-2013-0881.html
http://support.novell.com/security/cve/CVE-2013-0882.html
http://support.novell.com/security/cve/CVE-2013-0883.html
http://support.novell.com/security/cve/CVE-2013-0884.html
http://support.novell.com/security/cve/CVE-2013-0885.html
http://support.novell.com/security/cve/CVE-2013-0886.html
http://support.novell.com/security/cve/CVE-2013-0887.html
http://support.novell.com/security/cve/CVE-2013-0888.html
http://support.novell.com/security/cve/CVE-2013-0889.html
http://support.novell.com/security/cve/CVE-2013-0890.html
http://support.novell.com/security/cve/CVE-2013-0891.html
http://support.novell.com/security/cve/CVE-2013-0892.html
http://support.novell.com/security/cve/CVE-2013-0893.html
http://support.novell.com/security/cve/CVE-2013-0894.html
http://support.novell.com/security/cve/CVE-2013-0895.html
http://support.novell.com/security/cve/CVE-2013-0896.html
http://support.novell.com/security/cve/CVE-2013-0897.html
http://support.novell.com/security/cve/CVE-2013-0898.html
http://support.novell.com/security/cve/CVE-2013-0899.html
http://support.novell.com/security/cve/CVE-2013-0900.html
https://bugzilla.novell.com/804986


< Previous Next >
This Thread
  • No further messages