openSUSE Security Update: Security update for chromium ______________________________________________________________________________ Announcement ID: openSUSE-SU-2015:1887-1 Rating: moderate References: Cross-References: CVE-2015-1233 CVE-2015-1234 CVE-2015-1235 CVE-2015-1236 CVE-2015-1237 CVE-2015-1238 CVE-2015-1240 CVE-2015-1241 CVE-2015-1242 CVE-2015-1244 CVE-2015-1245 CVE-2015-1246 CVE-2015-1247 CVE-2015-1248 CVE-2015-1249 Affected Products: SUSE Package Hub for SUSE Linux Enterprise 12 ______________________________________________________________________________ An update that fixes 15 vulnerabilities is now available. Description: - Update to Chromium 42.0.2311.90 * A number of new apps, extension and Web Platform APIs (including the Push API!) * Lots of under the hood changes for stability and performance * Security fixes, including: - CVE-2015-1235: Cross-origin-bypass in HTML parser - CVE-2015-1236: Cross-origin-bypass in Blink - CVE-2015-1237: Use-after-free in IPC - CVE-2015-1238: Out-of-bounds write in Skia - CVE-2015-1240: Out-of-bounds read in WebGL - CVE-2015-1241: Tap-Jacking - CVE-2015-1242: Type confusion in V8 - CVE-2015-1244: HSTS bypass in WebSockets - CVE-2015-1245: Use-after-free in PDFium - CVE-2015-1246: Out-of-bounds read in Blink - CVE-2015-1247: Scheme issues in OpenSearch - CVE-2015-1248: SafeBrowsing bypass - CVE-2015-1249: Various fixes from internal audits, fuzzing and other initiatives - Multiple vulnerabilities in V8 fixed - Update to Chromium 41.0.2272.118 Security fixes: * CVE-2015-1233: A combination of V8, Gamepad and IPC bugs that can lead to remote code execution outside of the sandbox * CVE-2015-1234: Buffer overflow via race condition in GPU Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Package Hub for SUSE Linux Enterprise 12: zypper in -t patch openSUSE-2015-351=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Package Hub for SUSE Linux Enterprise 12 (x86_64): chromedriver-42.0.2311.135-5.1 chromium-42.0.2311.135-5.1 chromium-desktop-gnome-42.0.2311.135-5.1 chromium-desktop-kde-42.0.2311.135-5.1 chromium-ffmpegsumo-42.0.2311.135-5.1 References: https://www.suse.com/security/cve/CVE-2015-1233.html https://www.suse.com/security/cve/CVE-2015-1234.html https://www.suse.com/security/cve/CVE-2015-1235.html https://www.suse.com/security/cve/CVE-2015-1236.html https://www.suse.com/security/cve/CVE-2015-1237.html https://www.suse.com/security/cve/CVE-2015-1238.html https://www.suse.com/security/cve/CVE-2015-1240.html https://www.suse.com/security/cve/CVE-2015-1241.html https://www.suse.com/security/cve/CVE-2015-1242.html https://www.suse.com/security/cve/CVE-2015-1244.html https://www.suse.com/security/cve/CVE-2015-1245.html https://www.suse.com/security/cve/CVE-2015-1246.html https://www.suse.com/security/cve/CVE-2015-1247.html https://www.suse.com/security/cve/CVE-2015-1248.html https://www.suse.com/security/cve/CVE-2015-1249.html