openSUSE Security Update: Security update for Chromium ______________________________________________________________________________ Announcement ID: openSUSE-SU-2015:1877-1 Rating: moderate References: #931659 #931660 #931661 #931663 #931664 #931665 #931666 #931667 #931668 #931669 #931670 #931671 #931672 #931673 #931674 Cross-References: CVE-2015-1251 CVE-2015-1252 CVE-2015-1253 CVE-2015-1254 CVE-2015-1255 CVE-2015-1256 CVE-2015-1257 CVE-2015-1258 CVE-2015-1259 CVE-2015-1260 CVE-2015-1261 CVE-2015-1262 CVE-2015-1263 CVE-2015-1264 CVE-2015-1265 Affected Products: SUSE Package Hub for SUSE Linux Enterprise 12 ______________________________________________________________________________ An update that fixes 15 vulnerabilities is now available. Description: Chromium was updated to 43.0.2357.65 to fix security issues and bugs. The following vulnerabilities were fixed: - CVE-2015-1251: Use-after-free in Speech (boo#931659) - CVE-2015-1252: Sandbox escape in Chrome (boo#931671) - CVE-2015-1253: Cross-origin bypass in DOM (boo#931670) - CVE-2015-1254: Cross-origin bypass in Editing (boo#931669) - CVE-2015-1255: Use-after-free in WebAudio (boo#931674) - CVE-2015-1256: Use-after-free in SVG (boo#931664) - CVE-2015-1257: Container-overflow in SVG (boo#931665) - CVE-2015-1258: Negative-size parameter in Libvpx (boo#931666) - CVE-2015-1259: Uninitialized value in PDFium (boo#931667) - CVE-2015-1260: Use-after-free in WebRTC (boo#931668) - CVE-2015-1261: URL bar spoofing (boo#931673) - CVE-2015-1262: Uninitialized value in Blink (boo#931672) - CVE-2015-1263: Insecure download of spellcheck dictionary (boo#931663) - CVE-2015-1264: Cross-site scripting in bookmarks (boo#931661) - CVE-2015-1265: Various fixes from internal audits, fuzzing and other initiatives (boo#931660) - Multiple vulnerabilities in V8 fixed at the tip of the 4.3 branch (currently 4.3.61.21) Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Package Hub for SUSE Linux Enterprise 12: zypper in -t patch openSUSE-2015-390=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Package Hub for SUSE Linux Enterprise 12 (x86_64): chromedriver-43.0.2357.65-8.1 chromedriver-debuginfo-43.0.2357.65-8.1 chromium-43.0.2357.65-8.1 chromium-debuginfo-43.0.2357.65-8.1 chromium-debugsource-43.0.2357.65-8.1 chromium-desktop-gnome-43.0.2357.65-8.1 chromium-desktop-kde-43.0.2357.65-8.1 chromium-ffmpegsumo-43.0.2357.65-8.1 chromium-ffmpegsumo-debuginfo-43.0.2357.65-8.1 References: https://www.suse.com/security/cve/CVE-2015-1251.html https://www.suse.com/security/cve/CVE-2015-1252.html https://www.suse.com/security/cve/CVE-2015-1253.html https://www.suse.com/security/cve/CVE-2015-1254.html https://www.suse.com/security/cve/CVE-2015-1255.html https://www.suse.com/security/cve/CVE-2015-1256.html https://www.suse.com/security/cve/CVE-2015-1257.html https://www.suse.com/security/cve/CVE-2015-1258.html https://www.suse.com/security/cve/CVE-2015-1259.html https://www.suse.com/security/cve/CVE-2015-1260.html https://www.suse.com/security/cve/CVE-2015-1261.html https://www.suse.com/security/cve/CVE-2015-1262.html https://www.suse.com/security/cve/CVE-2015-1263.html https://www.suse.com/security/cve/CVE-2015-1264.html https://www.suse.com/security/cve/CVE-2015-1265.html https://bugzilla.suse.com/931659 https://bugzilla.suse.com/931660 https://bugzilla.suse.com/931661 https://bugzilla.suse.com/931663 https://bugzilla.suse.com/931664 https://bugzilla.suse.com/931665 https://bugzilla.suse.com/931666 https://bugzilla.suse.com/931667 https://bugzilla.suse.com/931668 https://bugzilla.suse.com/931669 https://bugzilla.suse.com/931670 https://bugzilla.suse.com/931671 https://bugzilla.suse.com/931672 https://bugzilla.suse.com/931673 https://bugzilla.suse.com/931674