openSUSE-SU-2014:0601-1: moderate: update for chromium

2 May 2014

      openSUSE Security Update: update for chromium
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2014:0601-1
Rating:             moderate
References:         #872805 
Cross-References:   CVE-2014-1716 CVE-2014-1717 CVE-2014-1718
                    CVE-2014-1719 CVE-2014-1720 CVE-2014-1721
                    CVE-2014-1722 CVE-2014-1723 CVE-2014-1724
                    CVE-2014-1725 CVE-2014-1726 CVE-2014-1727
                    CVE-2014-1728 CVE-2014-1729
Affected Products:
                    openSUSE 13.1
                    openSUSE 12.3
______________________________________________________________________________

   An update that fixes 14 vulnerabilities is now available.

Description:

   This chromium version update fixes the following security
   and  non-security issues:

   - Add patch chromium-fix-arm-skia-memset.patch to resolve a
   linking issue on ARM with regards to missing symbols.
   - Add patch arm_use_gold.patch to use the right gold
   binaries on  ARM. Hopefully this resolves the build
   issues with running out of  memory
   - bnc#872805: Update to Chromium 34.0.1847.116
   * Responsive Images and Unprefixed Web Audio
   * Import supervised users onto new computers
   * A number of new apps/extension APIs
   * Lots of under the hood changes for stability and
   performance
   - Security fixes:
   * CVE-2014-1716: UXSS in V8
   * CVE-2014-1717: OOB access in V8
   * CVE-2014-1718: Integer overflow in compositor
   * CVE-2014-1719: Use-after-free in web workers
   * CVE-2014-1720: Use-after-free in DOM
   * CVE-2014-1721: Memory corruption in V8
   * CVE-2014-1722: Use-after-free in rendering
   * CVE-2014-1723: Url confusion with RTL characters
   * CVE-2014-1724: Use-after-free in speech
   * CVE-2014-1725: OOB read with window property
   * CVE-2014-1726: Local cross-origin bypass
   * CVE-2014-1727: Use-after-free in forms
   * CVE-2014-1728: Various fixes from internal audits,
   fuzzing and other initiatives
   * CVE-2014-1729: Multiple vulnerabilities in V8
   - No longer build against system libraries as that Chromium
   works a lot better and crashes less on websites than with
   system libs
   - Added package depot_tools.tar.gz as that the chromium
   build now  requires it during the initial build phase. It
   just contains some utilities and nothing from it is being
   installed.
   - If people want to install newer versions of the ffmpeg
   library then let them. This is what they want.
   - Remove the buildscript from the sources

Patch Instructions:

   To install this openSUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - openSUSE 13.1:

      zypper in -t patch openSUSE-2014-330

   - openSUSE 12.3:

      zypper in -t patch openSUSE-2014-330

   To bring your system up-to-date, use "zypper patch".

Package List:

   - openSUSE 13.1 (i586 x86_64):

      chromedriver-34.0.1847.116-29.3
      chromedriver-debuginfo-34.0.1847.116-29.3
      chromium-34.0.1847.116-29.3
      chromium-debuginfo-34.0.1847.116-29.3
      chromium-debugsource-34.0.1847.116-29.3
      chromium-desktop-gnome-34.0.1847.116-29.3
      chromium-desktop-kde-34.0.1847.116-29.3
      chromium-ffmpegsumo-34.0.1847.116-29.3
      chromium-ffmpegsumo-debuginfo-34.0.1847.116-29.3
      chromium-suid-helper-34.0.1847.116-29.3
      chromium-suid-helper-debuginfo-34.0.1847.116-29.3

   - openSUSE 12.3 (i586 x86_64):

      chromedriver-34.0.1847.116-1.37.2
      chromedriver-debuginfo-34.0.1847.116-1.37.2
      chromium-34.0.1847.116-1.37.2
      chromium-debuginfo-34.0.1847.116-1.37.2
      chromium-debugsource-34.0.1847.116-1.37.2
      chromium-desktop-gnome-34.0.1847.116-1.37.2
      chromium-desktop-kde-34.0.1847.116-1.37.2
      chromium-ffmpegsumo-34.0.1847.116-1.37.2
      chromium-ffmpegsumo-debuginfo-34.0.1847.116-1.37.2
      chromium-suid-helper-34.0.1847.116-1.37.2
      chromium-suid-helper-debuginfo-34.0.1847.116-1.37.2

References:

   http://support.novell.com/security/cve/CVE-2014-1716.html
   http://support.novell.com/security/cve/CVE-2014-1717.html
   http://support.novell.com/security/cve/CVE-2014-1718.html
   http://support.novell.com/security/cve/CVE-2014-1719.html
   http://support.novell.com/security/cve/CVE-2014-1720.html
   http://support.novell.com/security/cve/CVE-2014-1721.html
   http://support.novell.com/security/cve/CVE-2014-1722.html
   http://support.novell.com/security/cve/CVE-2014-1723.html
   http://support.novell.com/security/cve/CVE-2014-1724.html
   http://support.novell.com/security/cve/CVE-2014-1725.html
   http://support.novell.com/security/cve/CVE-2014-1726.html
   http://support.novell.com/security/cve/CVE-2014-1727.html
   http://support.novell.com/security/cve/CVE-2014-1728.html
   http://support.novell.com/security/cve/CVE-2014-1729.html
   https://bugzilla.novell.com/872805

openSUSE-SU-2014:0601-1: moderate: update for chromium

opensuse-security＠opensuse.org