openSUSE-SU-2014:0601-1: moderate: update for chromium
openSUSE Security Update: update for chromium ______________________________________________________________________________ Announcement ID: openSUSE-SU-2014:0601-1 Rating: moderate References: #872805 Cross-References: CVE-2014-1716 CVE-2014-1717 CVE-2014-1718 CVE-2014-1719 CVE-2014-1720 CVE-2014-1721 CVE-2014-1722 CVE-2014-1723 CVE-2014-1724 CVE-2014-1725 CVE-2014-1726 CVE-2014-1727 CVE-2014-1728 CVE-2014-1729 Affected Products: openSUSE 13.1 openSUSE 12.3 ______________________________________________________________________________ An update that fixes 14 vulnerabilities is now available. Description: This chromium version update fixes the following security and non-security issues: - Add patch chromium-fix-arm-skia-memset.patch to resolve a linking issue on ARM with regards to missing symbols. - Add patch arm_use_gold.patch to use the right gold binaries on ARM. Hopefully this resolves the build issues with running out of memory - bnc#872805: Update to Chromium 34.0.1847.116 * Responsive Images and Unprefixed Web Audio * Import supervised users onto new computers * A number of new apps/extension APIs * Lots of under the hood changes for stability and performance - Security fixes: * CVE-2014-1716: UXSS in V8 * CVE-2014-1717: OOB access in V8 * CVE-2014-1718: Integer overflow in compositor * CVE-2014-1719: Use-after-free in web workers * CVE-2014-1720: Use-after-free in DOM * CVE-2014-1721: Memory corruption in V8 * CVE-2014-1722: Use-after-free in rendering * CVE-2014-1723: Url confusion with RTL characters * CVE-2014-1724: Use-after-free in speech * CVE-2014-1725: OOB read with window property * CVE-2014-1726: Local cross-origin bypass * CVE-2014-1727: Use-after-free in forms * CVE-2014-1728: Various fixes from internal audits, fuzzing and other initiatives * CVE-2014-1729: Multiple vulnerabilities in V8 - No longer build against system libraries as that Chromium works a lot better and crashes less on websites than with system libs - Added package depot_tools.tar.gz as that the chromium build now requires it during the initial build phase. It just contains some utilities and nothing from it is being installed. - If people want to install newer versions of the ffmpeg library then let them. This is what they want. - Remove the buildscript from the sources Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.1: zypper in -t patch openSUSE-2014-330 - openSUSE 12.3: zypper in -t patch openSUSE-2014-330 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.1 (i586 x86_64): chromedriver-34.0.1847.116-29.3 chromedriver-debuginfo-34.0.1847.116-29.3 chromium-34.0.1847.116-29.3 chromium-debuginfo-34.0.1847.116-29.3 chromium-debugsource-34.0.1847.116-29.3 chromium-desktop-gnome-34.0.1847.116-29.3 chromium-desktop-kde-34.0.1847.116-29.3 chromium-ffmpegsumo-34.0.1847.116-29.3 chromium-ffmpegsumo-debuginfo-34.0.1847.116-29.3 chromium-suid-helper-34.0.1847.116-29.3 chromium-suid-helper-debuginfo-34.0.1847.116-29.3 - openSUSE 12.3 (i586 x86_64): chromedriver-34.0.1847.116-1.37.2 chromedriver-debuginfo-34.0.1847.116-1.37.2 chromium-34.0.1847.116-1.37.2 chromium-debuginfo-34.0.1847.116-1.37.2 chromium-debugsource-34.0.1847.116-1.37.2 chromium-desktop-gnome-34.0.1847.116-1.37.2 chromium-desktop-kde-34.0.1847.116-1.37.2 chromium-ffmpegsumo-34.0.1847.116-1.37.2 chromium-ffmpegsumo-debuginfo-34.0.1847.116-1.37.2 chromium-suid-helper-34.0.1847.116-1.37.2 chromium-suid-helper-debuginfo-34.0.1847.116-1.37.2 References: http://support.novell.com/security/cve/CVE-2014-1716.html http://support.novell.com/security/cve/CVE-2014-1717.html http://support.novell.com/security/cve/CVE-2014-1718.html http://support.novell.com/security/cve/CVE-2014-1719.html http://support.novell.com/security/cve/CVE-2014-1720.html http://support.novell.com/security/cve/CVE-2014-1721.html http://support.novell.com/security/cve/CVE-2014-1722.html http://support.novell.com/security/cve/CVE-2014-1723.html http://support.novell.com/security/cve/CVE-2014-1724.html http://support.novell.com/security/cve/CVE-2014-1725.html http://support.novell.com/security/cve/CVE-2014-1726.html http://support.novell.com/security/cve/CVE-2014-1727.html http://support.novell.com/security/cve/CVE-2014-1728.html http://support.novell.com/security/cve/CVE-2014-1729.html https://bugzilla.novell.com/872805
participants (1)
-
opensuse-security@opensuse.org