Mailinglist Archive: opensuse-updates (86 mails)

< Previous Next >
openSUSE-SU-2014:0601-1: moderate: update for chromium
openSUSE Security Update: update for chromium
______________________________________________________________________________

Announcement ID: openSUSE-SU-2014:0601-1
Rating: moderate
References: #872805
Cross-References: CVE-2014-1716 CVE-2014-1717 CVE-2014-1718
CVE-2014-1719 CVE-2014-1720 CVE-2014-1721
CVE-2014-1722 CVE-2014-1723 CVE-2014-1724
CVE-2014-1725 CVE-2014-1726 CVE-2014-1727
CVE-2014-1728 CVE-2014-1729
Affected Products:
openSUSE 13.1
openSUSE 12.3
______________________________________________________________________________

An update that fixes 14 vulnerabilities is now available.

Description:


This chromium version update fixes the following security
and non-security issues:

- Add patch chromium-fix-arm-skia-memset.patch to resolve a
linking issue on ARM with regards to missing symbols.
- Add patch arm_use_gold.patch to use the right gold
binaries on ARM. Hopefully this resolves the build
issues with running out of memory
- bnc#872805: Update to Chromium 34.0.1847.116
* Responsive Images and Unprefixed Web Audio
* Import supervised users onto new computers
* A number of new apps/extension APIs
* Lots of under the hood changes for stability and
performance
- Security fixes:
* CVE-2014-1716: UXSS in V8
* CVE-2014-1717: OOB access in V8
* CVE-2014-1718: Integer overflow in compositor
* CVE-2014-1719: Use-after-free in web workers
* CVE-2014-1720: Use-after-free in DOM
* CVE-2014-1721: Memory corruption in V8
* CVE-2014-1722: Use-after-free in rendering
* CVE-2014-1723: Url confusion with RTL characters
* CVE-2014-1724: Use-after-free in speech
* CVE-2014-1725: OOB read with window property
* CVE-2014-1726: Local cross-origin bypass
* CVE-2014-1727: Use-after-free in forms
* CVE-2014-1728: Various fixes from internal audits,
fuzzing and other initiatives
* CVE-2014-1729: Multiple vulnerabilities in V8
- No longer build against system libraries as that Chromium
works a lot better and crashes less on websites than with
system libs
- Added package depot_tools.tar.gz as that the chromium
build now requires it during the initial build phase. It
just contains some utilities and nothing from it is being
installed.
- If people want to install newer versions of the ffmpeg
library then let them. This is what they want.
- Remove the buildscript from the sources


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 13.1:

zypper in -t patch openSUSE-2014-330

- openSUSE 12.3:

zypper in -t patch openSUSE-2014-330

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE 13.1 (i586 x86_64):

chromedriver-34.0.1847.116-29.3
chromedriver-debuginfo-34.0.1847.116-29.3
chromium-34.0.1847.116-29.3
chromium-debuginfo-34.0.1847.116-29.3
chromium-debugsource-34.0.1847.116-29.3
chromium-desktop-gnome-34.0.1847.116-29.3
chromium-desktop-kde-34.0.1847.116-29.3
chromium-ffmpegsumo-34.0.1847.116-29.3
chromium-ffmpegsumo-debuginfo-34.0.1847.116-29.3
chromium-suid-helper-34.0.1847.116-29.3
chromium-suid-helper-debuginfo-34.0.1847.116-29.3

- openSUSE 12.3 (i586 x86_64):

chromedriver-34.0.1847.116-1.37.2
chromedriver-debuginfo-34.0.1847.116-1.37.2
chromium-34.0.1847.116-1.37.2
chromium-debuginfo-34.0.1847.116-1.37.2
chromium-debugsource-34.0.1847.116-1.37.2
chromium-desktop-gnome-34.0.1847.116-1.37.2
chromium-desktop-kde-34.0.1847.116-1.37.2
chromium-ffmpegsumo-34.0.1847.116-1.37.2
chromium-ffmpegsumo-debuginfo-34.0.1847.116-1.37.2
chromium-suid-helper-34.0.1847.116-1.37.2
chromium-suid-helper-debuginfo-34.0.1847.116-1.37.2


References:

http://support.novell.com/security/cve/CVE-2014-1716.html
http://support.novell.com/security/cve/CVE-2014-1717.html
http://support.novell.com/security/cve/CVE-2014-1718.html
http://support.novell.com/security/cve/CVE-2014-1719.html
http://support.novell.com/security/cve/CVE-2014-1720.html
http://support.novell.com/security/cve/CVE-2014-1721.html
http://support.novell.com/security/cve/CVE-2014-1722.html
http://support.novell.com/security/cve/CVE-2014-1723.html
http://support.novell.com/security/cve/CVE-2014-1724.html
http://support.novell.com/security/cve/CVE-2014-1725.html
http://support.novell.com/security/cve/CVE-2014-1726.html
http://support.novell.com/security/cve/CVE-2014-1727.html
http://support.novell.com/security/cve/CVE-2014-1728.html
http://support.novell.com/security/cve/CVE-2014-1729.html
https://bugzilla.novell.com/872805


< Previous Next >
This Thread
  • No further messages