openSUSE Security Update: chromium: update to 21.0.1180.88 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2012:1215-1 Rating: important References: #778005 Cross-References: CVE-2012-2865 CVE-2012-2866 CVE-2012-2867 CVE-2012-2868 CVE-2012-2869 CVE-2012-2870 CVE-2012-2871 CVE-2012-2872 Affected Products: openSUSE 12.2 openSUSE 12.1 ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: Chromium was updated to 21.0.1180.88 to fix various bugs and security issues. Security fixes and rewards: Please see the Chromium security page<http://sites.google.com/a/chromium.org/dev/Home/chromiu m-security>for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix. - [$500] [121347<https://code.google.com/p/chromium/issues/detail?id= 121347>] Medium CVE-2012-2865: Out-of-bounds read in line breaking. Credit to miaubiz. - [$1000] [134897<https://code.google.com/p/chromium/issues/detail?id= 134897>] High CVE-2012-2866: Bad cast with run-ins. Credit to miaubiz. - [135485 <https://code.google.com/p/chromium/issues/detail?id=135485> ] Low CVE-2012-2867: Browser crash with SPDY. - [$500] [136881<https://code.google.com/p/chromium/issues/detail?id= 136881>] Medium CVE-2012-2868: Race condition with workers and XHR. Credit to miaubiz. - [137778 <https://code.google.com/p/chromium/issues/detail?id=137778> ] High CVE-2012-2869: Avoid stale buffer in URL loading. Credit to Fermin Serna of the Google Security Team. - [138672 <https://code.google.com/p/chromium/issues/detail?id=138672> ] [ 140368 <https://code.google.com/p/chromium/issues/detail?id=140368> ] LowCVE-2012-2870: Lower severity memory management issues in XPath. Credit to Nicolas Gregoire. - [$1000] [138673<https://code.google.com/p/chromium/issues/detail?id= 138673>] High CVE-2012-2871: Bad cast in XSL transforms. Credit to Nicolas Gregoire. - [$500] [142956<https://code.google.com/p/chromium/issues/detail?id= 142956>] Medium CVE-2012-2872: XSS in SSL interstitial. Credit to Emmanuel Bronshtein. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.2: zypper in -t patch openSUSE-2012-619 - openSUSE 12.1: zypper in -t patch openSUSE-2012-619 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.2 (i586 x86_64): chromedriver-23.0.1255.0-1.14.1 chromedriver-debuginfo-23.0.1255.0-1.14.1 chromium-23.0.1255.0-1.14.1 chromium-debuginfo-23.0.1255.0-1.14.1 chromium-debugsource-23.0.1255.0-1.14.1 chromium-desktop-gnome-23.0.1255.0-1.14.1 chromium-desktop-kde-23.0.1255.0-1.14.1 chromium-suid-helper-23.0.1255.0-1.14.1 chromium-suid-helper-debuginfo-23.0.1255.0-1.14.1 - openSUSE 12.1 (i586 x86_64): chromedriver-23.0.1255.0-1.34.1 chromedriver-debuginfo-23.0.1255.0-1.34.1 chromium-23.0.1255.0-1.34.1 chromium-debuginfo-23.0.1255.0-1.34.1 chromium-debugsource-23.0.1255.0-1.34.1 chromium-desktop-gnome-23.0.1255.0-1.34.1 chromium-desktop-kde-23.0.1255.0-1.34.1 chromium-suid-helper-23.0.1255.0-1.34.1 chromium-suid-helper-debuginfo-23.0.1255.0-1.34.1 References: http://support.novell.com/security/cve/CVE-2012-2865.html http://support.novell.com/security/cve/CVE-2012-2866.html http://support.novell.com/security/cve/CVE-2012-2867.html http://support.novell.com/security/cve/CVE-2012-2868.html http://support.novell.com/security/cve/CVE-2012-2869.html http://support.novell.com/security/cve/CVE-2012-2870.html http://support.novell.com/security/cve/CVE-2012-2871.html http://support.novell.com/security/cve/CVE-2012-2872.html https://bugzilla.novell.com/778005