openSUSE Security Update: Security update to Chromium 41.0.2272.76 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2015:0505-1 Rating: important References: #920825 Cross-References: CVE-2015-1212 CVE-2015-1213 CVE-2015-1214 CVE-2015-1215 CVE-2015-1216 CVE-2015-1217 CVE-2015-1218 CVE-2015-1219 CVE-2015-1220 CVE-2015-1221 CVE-2015-1222 CVE-2015-1223 CVE-2015-1224 CVE-2015-1225 CVE-2015-1226 CVE-2015-1227 CVE-2015-1228 CVE-2015-1229 CVE-2015-1230 CVE-2015-1231 Affected Products: openSUSE 13.2 openSUSE 13.1 ______________________________________________________________________________ An update that fixes 20 vulnerabilities is now available. Description: Chromium was updated to 41.0.2272.76 (bnc#920825) Security fixes: * CVE-2015-1212: Out-of-bounds write in media * CVE-2015-1213: Out-of-bounds write in skia filters * CVE-2015-1214: Out-of-bounds write in skia filters * CVE-2015-1215: Out-of-bounds write in skia filters * CVE-2015-1216: Use-after-free in v8 bindings * CVE-2015-1217: Type confusion in v8 bindings * CVE-2015-1218: Use-after-free in dom * CVE-2015-1219: Integer overflow in webgl * CVE-2015-1220: Use-after-free in gif decoder * CVE-2015-1221: Use-after-free in web databases * CVE-2015-1222: Use-after-free in service workers * CVE-2015-1223: Use-after-free in dom * CVE-2015-1230: Type confusion in v8 * CVE-2015-1224: Out-of-bounds read in vpxdecoder * CVE-2015-1225: Out-of-bounds read in pdfium * CVE-2015-1226: Validation issue in debugger * CVE-2015-1227: Uninitialized value in blink * CVE-2015-1228: Uninitialized value in rendering * CVE-2015-1229: Cookie injection via proxies * CVE-2015-1231: Various fixes from internal audits * Multiple vulnerabilities in V8 fixed at the tip of the 4.1 branch Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.2: zypper in -t patch openSUSE-2015-228=1 - openSUSE 13.1: zypper in -t patch openSUSE-2015-228=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.2 (i586 x86_64): chromedriver-41.0.2272.76-17.1 chromedriver-debuginfo-41.0.2272.76-17.1 chromium-41.0.2272.76-17.1 chromium-debuginfo-41.0.2272.76-17.1 chromium-debugsource-41.0.2272.76-17.1 chromium-desktop-gnome-41.0.2272.76-17.1 chromium-desktop-kde-41.0.2272.76-17.1 chromium-ffmpegsumo-41.0.2272.76-17.1 chromium-ffmpegsumo-debuginfo-41.0.2272.76-17.1 - openSUSE 13.1 (i586 x86_64): chromedriver-41.0.2272.76-72.1 chromedriver-debuginfo-41.0.2272.76-72.1 chromium-41.0.2272.76-72.1 chromium-debuginfo-41.0.2272.76-72.1 chromium-debugsource-41.0.2272.76-72.1 chromium-desktop-gnome-41.0.2272.76-72.1 chromium-desktop-kde-41.0.2272.76-72.1 chromium-ffmpegsumo-41.0.2272.76-72.1 chromium-ffmpegsumo-debuginfo-41.0.2272.76-72.1 References: http://support.novell.com/security/cve/CVE-2015-1212.html http://support.novell.com/security/cve/CVE-2015-1213.html http://support.novell.com/security/cve/CVE-2015-1214.html http://support.novell.com/security/cve/CVE-2015-1215.html http://support.novell.com/security/cve/CVE-2015-1216.html http://support.novell.com/security/cve/CVE-2015-1217.html http://support.novell.com/security/cve/CVE-2015-1218.html http://support.novell.com/security/cve/CVE-2015-1219.html http://support.novell.com/security/cve/CVE-2015-1220.html http://support.novell.com/security/cve/CVE-2015-1221.html http://support.novell.com/security/cve/CVE-2015-1222.html http://support.novell.com/security/cve/CVE-2015-1223.html http://support.novell.com/security/cve/CVE-2015-1224.html http://support.novell.com/security/cve/CVE-2015-1225.html http://support.novell.com/security/cve/CVE-2015-1226.html http://support.novell.com/security/cve/CVE-2015-1227.html http://support.novell.com/security/cve/CVE-2015-1228.html http://support.novell.com/security/cve/CVE-2015-1229.html http://support.novell.com/security/cve/CVE-2015-1230.html http://support.novell.com/security/cve/CVE-2015-1231.html https://bugzilla.suse.com/920825 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security-announce+help@opensuse.org