SUSE Security Update: Security update for flash-player
______________________________________________________________________________
Announcement ID: SUSE-SU-2014:0290-1
Rating: critical
References: #865021
Cross-References: CVE-2014-0498 CVE-2014-0499 CVE-2014-0502
Affected Products:
SUSE Linux Enterprise Desktop 11 SP3
______________________________________________________________________________
An update that fixes three vulnerabilities is now
available. It includes one version update.
Description:
This update of Adobe Flash Player fixes the following
issues:
* A stack overflow vulnerability that could have
resulted in arbitrary code execution. (CVE-2014-0498)
* A memory leak vulnerability that could have been used
to defeat memory address layout randomization.
(CVE-2014-0499)
* A double free vulnerability that could have resulted
in arbitrary code execution. (CVE-2014-0502)
Security Issue references:
* CVE-2014-0498
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0498
>
* CVE-2014-0499
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0499
>
* CVE-2014-0502
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0502
>
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Desktop 11 SP3:
zypper in -t patch sledsp3-flash-player-8922
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 11.2.202.341]:
flash-player-11.2.202.341-0.3.1
flash-player-gnome-11.2.202.341-0.3.1
flash-player-kde4-11.2.202.341-0.3.1
References:
http://support.novell.com/security/cve/CVE-2014-0498.htmlhttp://support.novell.com/security/cve/CVE-2014-0499.htmlhttp://support.novell.com/security/cve/CVE-2014-0502.htmlhttps://bugzilla.novell.com/865021http://download.novell.com/patch/finder/?keywords=6003a7ba1dd825daf2236b543…
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
openSUSE Security Update: flash-player: update to 11.2.202.341 security release
______________________________________________________________________________
Announcement ID: openSUSE-SU-2014:0278-1
Rating: critical
References: #865021
Cross-References: CVE-2014-0498 CVE-2014-0499 CVE-2014-0502
Affected Products:
openSUSE 11.4
______________________________________________________________________________
An update that fixes three vulnerabilities is now available.
Description:
Adobe Flash Player was updated to 11.2.202.341: (bnc#865021)
* APSB14-07, CVE-2014-0498 CVE-2014-0499 CVE-2014-0502
- Contents of flashplayer_11_sa.i386.tar.gz changed back:
spec file updated, supplementary script (update.sh)
updated.
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 11.4:
zypper in -t patch 2014-22
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 11.4 (i586 x86_64):
flash-player-11.2.202.341-95.1
flash-player-gnome-11.2.202.341-95.1
flash-player-kde4-11.2.202.341-95.1
References:
http://support.novell.com/security/cve/CVE-2014-0498.htmlhttp://support.novell.com/security/cve/CVE-2014-0499.htmlhttp://support.novell.com/security/cve/CVE-2014-0502.htmlhttps://bugzilla.novell.com/865021
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
openSUSE Security Update: chromium to 32.0.1700.102
______________________________________________________________________________
Announcement ID: openSUSE-SU-2014:0243-1
Rating: important
References: #861013
Cross-References: CVE-2013-6641 CVE-2013-6643 CVE-2013-6644
CVE-2013-6645 CVE-2013-6646 CVE-2013-6649
CVE-2013-6650
Affected Products:
openSUSE 13.1
openSUSE 12.3
______________________________________________________________________________
An update that fixes 7 vulnerabilities is now available.
Description:
Chromium was updated to version 32.0.1700.102: Stable
channel update:
- Security Fixes:
* CVE-2013-6649: Use-after-free in SVG images
* CVE-2013-6650: Memory corruption in V8
* and 12 other fixes
- Other:
* Mouse Pointer disappears after exiting full-screen
mode
* Drag and drop files into Chromium may not work
properly
* Quicktime Plugin crashes in Chromium
* Chromium becomes unresponsive
* Trackpad users may not be able to scroll horizontally
* Scrolling does not work in combo box
* Chromium does not work with all CSS minifiers such
as whitespace around a media query's `and` keyword
- Update to Chromium 32.0.1700.77 Stable channel update:
- Security fixes:
* CVE-2013-6646: Use-after-free in web workers
* CVE-2013-6641: Use-after-free related to forms
* CVE-2013-6643: Unprompted sync with an attacker’s
Google account
* CVE-2013-6645: Use-after-free related to speech
input elements
* CVE-2013-6644: Various fixes from internal audits,
fuzzing and other initiatives
- Other:
* Tab indicators for sound, webcam and casting
* Automatically blocking malware files
* Lots of under the hood changes for stability and
performance
- Remove patch chromium-fix-chromedriver-build.diff as
that chromedriver is fixed upstream
- Updated ExcludeArch to exclude aarch64, ppc, ppc64 and
ppc64le. This is based on missing build requires
(valgrind, v8, etc)
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 13.1:
zypper in -t patch openSUSE-2014-135
- openSUSE 12.3:
zypper in -t patch openSUSE-2014-135
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 13.1 (i586 x86_64):
chromedriver-32.0.1700.102-17.2
chromedriver-debuginfo-32.0.1700.102-17.2
chromium-32.0.1700.102-17.2
chromium-debuginfo-32.0.1700.102-17.2
chromium-debugsource-32.0.1700.102-17.2
chromium-desktop-gnome-32.0.1700.102-17.2
chromium-desktop-kde-32.0.1700.102-17.2
chromium-ffmpegsumo-32.0.1700.102-17.2
chromium-ffmpegsumo-debuginfo-32.0.1700.102-17.2
chromium-suid-helper-32.0.1700.102-17.2
chromium-suid-helper-debuginfo-32.0.1700.102-17.2
- openSUSE 12.3 (i586 x86_64):
chromedriver-32.0.1700.102-1.25.2
chromedriver-debuginfo-32.0.1700.102-1.25.2
chromium-32.0.1700.102-1.25.2
chromium-debuginfo-32.0.1700.102-1.25.2
chromium-debugsource-32.0.1700.102-1.25.2
chromium-desktop-gnome-32.0.1700.102-1.25.2
chromium-desktop-kde-32.0.1700.102-1.25.2
chromium-ffmpegsumo-32.0.1700.102-1.25.2
chromium-ffmpegsumo-debuginfo-32.0.1700.102-1.25.2
chromium-suid-helper-32.0.1700.102-1.25.2
chromium-suid-helper-debuginfo-32.0.1700.102-1.25.2
References:
http://support.novell.com/security/cve/CVE-2013-6641.htmlhttp://support.novell.com/security/cve/CVE-2013-6643.htmlhttp://support.novell.com/security/cve/CVE-2013-6644.htmlhttp://support.novell.com/security/cve/CVE-2013-6645.htmlhttp://support.novell.com/security/cve/CVE-2013-6646.htmlhttp://support.novell.com/security/cve/CVE-2013-6649.htmlhttp://support.novell.com/security/cve/CVE-2013-6650.htmlhttps://bugzilla.novell.com/861013
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org