openSUSE Security Update: update for chromium ______________________________________________________________________________ Announcement ID: openSUSE-SU-2012:1682-1 Rating: moderate References: #794075 Cross-References: CVE-2012-5139 CVE-2012-5140 CVE-2012-5141 CVE-2012-5142 CVE-2012-5143 CVE-2012-5144 Affected Products: openSUSE 12.2 openSUSE 12.1 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: - Update to 25.0.1362 * Security fixes (bnc#794075): - CVE-2012-5139: Use-after-free with visibility events - CVE-2012-5140: Use-after-free in URL loader - CVE-2012-5141: Limit Chromoting client plug-in instantiation. - CVE-2012-5142: Crash in history navigation. - CVE-2012-5143: Integer overflow in PPAPI image buffers - CVE-2012-5144: Stack corruption in AAC decoding * Fixed garbled header and footer text in print preview. [Issue: 152893] * Fixed extension action badges with long text. [Issue: 160069] * Disable find if constrained window is shown. [Issue: 156969] * Enable fullscreen for apps windows. [Issue: 161246] * Fixed broken profile with system-wide installation and UserDataDir & DiskCacheDir policy. [Issue: 161336] * Fixed stability crashes like 158747, 159437, 149139, 160914, 160401, 161858, 158747, 156878 * Fixed graphical corruption in Dust. [Issue: 155258] * Fixed scrolling issue. [Issue: 163553] Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.2: zypper in -t patch openSUSE-2012-867 - openSUSE 12.1: zypper in -t patch openSUSE-2012-867 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.2 (i586 x86_64): chromedriver-25.0.1362.0-1.27.2 chromedriver-debuginfo-25.0.1362.0-1.27.2 chromium-25.0.1362.0-1.27.2 chromium-debuginfo-25.0.1362.0-1.27.2 chromium-debugsource-25.0.1362.0-1.27.2 chromium-desktop-gnome-25.0.1362.0-1.27.2 chromium-desktop-kde-25.0.1362.0-1.27.2 chromium-ffmpegsumo-25.0.1362.0-1.27.2 chromium-ffmpegsumo-debuginfo-25.0.1362.0-1.27.2 chromium-suid-helper-25.0.1362.0-1.27.2 chromium-suid-helper-debuginfo-25.0.1362.0-1.27.2 - openSUSE 12.1 (i586 x86_64): chromedriver-25.0.1362.0-1.47.1 chromedriver-debuginfo-25.0.1362.0-1.47.1 chromium-25.0.1362.0-1.47.1 chromium-debuginfo-25.0.1362.0-1.47.1 chromium-debugsource-25.0.1362.0-1.47.1 chromium-desktop-gnome-25.0.1362.0-1.47.1 chromium-desktop-kde-25.0.1362.0-1.47.1 chromium-ffmpegsumo-25.0.1362.0-1.47.1 chromium-ffmpegsumo-debuginfo-25.0.1362.0-1.47.1 chromium-suid-helper-25.0.1362.0-1.47.1 chromium-suid-helper-debuginfo-25.0.1362.0-1.47.1 References: http://support.novell.com/security/cve/CVE-2012-5139.html http://support.novell.com/security/cve/CVE-2012-5140.html http://support.novell.com/security/cve/CVE-2012-5141.html http://support.novell.com/security/cve/CVE-2012-5142.html http://support.novell.com/security/cve/CVE-2012-5143.html http://support.novell.com/security/cve/CVE-2012-5144.html https://bugzilla.novell.com/794075