openSUSE Security Update: chromium: update to 33.0.1750.117 security and bugfix release ______________________________________________________________________________ Announcement ID: openSUSE-SU-2014:0327-1 Rating: moderate References: Cross-References: CVE-2013-6653 CVE-2013-6654 CVE-2013-6655 CVE-2013-6656 CVE-2013-6657 CVE-2013-6658 CVE-2013-6659 CVE-2013-6660 CVE-2013-6661 Affected Products: openSUSE 13.1 openSUSE 12.3 ______________________________________________________________________________ An update that fixes 9 vulnerabilities is now available. Description: Chromium was updated to 33.0.1750.117 Stable channel update: - Security Fixes: * CVE-2013-6653: Use-after-free related to web contents * CVE-2013-6654: Bad cast in SVG * CVE-2013-6655: Use-after-free in layout * CVE-2013-6656: Information leak in XSS auditor * CVE-2013-6657: Information leak in XSS auditor * CVE-2013-6658: Use-after-free in layout * CVE-2013-6659: Issue with certificates validation in TLS handshake * CVE-2013-6660: Information leak in drag and drop * CVE-2013-6661: Various fixes from internal audits, fuzzing and other initiatives. Of these, seven are fixes for issues that could have allowed for sandbox escapes from compromised renderers. - Other: - Google Chrome Frame has been retired Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.1: zypper in -t patch openSUSE-2014-182 - openSUSE 12.3: zypper in -t patch openSUSE-2014-182 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.1 (i586 x86_64): chromedriver-33.0.1750.117-21.2 chromedriver-debuginfo-33.0.1750.117-21.2 chromium-33.0.1750.117-21.2 chromium-debuginfo-33.0.1750.117-21.2 chromium-debugsource-33.0.1750.117-21.2 chromium-desktop-gnome-33.0.1750.117-21.2 chromium-desktop-kde-33.0.1750.117-21.2 chromium-ffmpegsumo-33.0.1750.117-21.2 chromium-ffmpegsumo-debuginfo-33.0.1750.117-21.2 chromium-suid-helper-33.0.1750.117-21.2 chromium-suid-helper-debuginfo-33.0.1750.117-21.2 - openSUSE 12.3 (i586 x86_64): chromedriver-33.0.1750.117-1.29.2 chromedriver-debuginfo-33.0.1750.117-1.29.2 chromium-33.0.1750.117-1.29.2 chromium-debuginfo-33.0.1750.117-1.29.2 chromium-debugsource-33.0.1750.117-1.29.2 chromium-desktop-gnome-33.0.1750.117-1.29.2 chromium-desktop-kde-33.0.1750.117-1.29.2 chromium-ffmpegsumo-33.0.1750.117-1.29.2 chromium-ffmpegsumo-debuginfo-33.0.1750.117-1.29.2 chromium-suid-helper-33.0.1750.117-1.29.2 chromium-suid-helper-debuginfo-33.0.1750.117-1.29.2 References: http://support.novell.com/security/cve/CVE-2013-6653.html http://support.novell.com/security/cve/CVE-2013-6654.html http://support.novell.com/security/cve/CVE-2013-6655.html http://support.novell.com/security/cve/CVE-2013-6656.html http://support.novell.com/security/cve/CVE-2013-6657.html http://support.novell.com/security/cve/CVE-2013-6658.html http://support.novell.com/security/cve/CVE-2013-6659.html http://support.novell.com/security/cve/CVE-2013-6660.html http://support.novell.com/security/cve/CVE-2013-6661.html