openSUSE Security Update: Chromium to 25.0.1343 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2012:1637-1 Rating: important References: #791234 #792154 Cross-References: CVE-2012-5130 CVE-2012-5131 CVE-2012-5132 CVE-2012-5133 CVE-2012-5134 CVE-2012-5135 CVE-2012-5136 CVE-2012-5137 CVE-2012-5138 Affected Products: openSUSE 12.2 openSUSE 12.1 ______________________________________________________________________________ An update that fixes 9 vulnerabilities is now available. Description: Chromium was updated to 25.0.1343 * Security Fixes (bnc#791234 and bnc#792154): - CVE-2012-5131: Corrupt rendering in the Apple OSX driver for Intel GPUs - CVE-2012-5133: Use-after-free in SVG filters. - CVE-2012-5130: Out-of-bounds read in Skia - CVE-2012-5132: Browser crash with chunked encoding - CVE-2012-5134: Buffer underflow in libxml. - CVE-2012-5135: Use-after-free with printing. - CVE-2012-5136: Bad cast in input element handling. - CVE-2012-5138: Incorrect file path handling - CVE-2012-5137: Use-after-free in media source handling - Correct build so that proprietary codecs can be used when the chromium-ffmpeg package is installed - Update to 25.0.1335 * {gtk} Fixed <input> selection renders white text on white background in apps. (Issue: 158422) * Fixed translate infobar button to show selected language. (Issue: 155350) * Fixed broken Arabic language. (Issue: 158978) * Fixed pre-rendering if the preference is disabled at start up. (Issue: 159393) * Fixed JavaScript rendering issue. (Issue: 159655) * No further indications in the ChangeLog * Updated V8 - 3.14.5.0 * Bookmarks are now searched by their title while typing into the omnibox with matching bookmarks being shown in the autocomplete suggestions pop-down list. Matching is done by prefix. * Fixed chromium issues 155871, 154173, 155133. - Removed patch chomium-ffmpeg-no-pkgconfig.patch - Building now internal libffmpegsumo.so based on the standard chromium ffmpeg codecs - Add a configuration file (/etc/default/chromium) where we can indicate flags for the chromium-browser. - add explicit buildrequire on libbz2-devel Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.2: zypper in -t patch openSUSE-2012-845 - openSUSE 12.1: zypper in -t patch openSUSE-2012-845 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.2 (i586 x86_64): chromedriver-25.0.1343.0-1.23.1 chromedriver-debuginfo-25.0.1343.0-1.23.1 chromium-25.0.1343.0-1.23.1 chromium-debuginfo-25.0.1343.0-1.23.1 chromium-debugsource-25.0.1343.0-1.23.1 chromium-desktop-gnome-25.0.1343.0-1.23.1 chromium-desktop-kde-25.0.1343.0-1.23.1 chromium-ffmpegsumo-25.0.1343.0-1.23.1 chromium-ffmpegsumo-debuginfo-25.0.1343.0-1.23.1 chromium-suid-helper-25.0.1343.0-1.23.1 chromium-suid-helper-debuginfo-25.0.1343.0-1.23.1 - openSUSE 12.1 (i586 x86_64): chromedriver-25.0.1343.0-1.43.1 chromedriver-debuginfo-25.0.1343.0-1.43.1 chromium-25.0.1343.0-1.43.1 chromium-debuginfo-25.0.1343.0-1.43.1 chromium-debugsource-25.0.1343.0-1.43.1 chromium-desktop-gnome-25.0.1343.0-1.43.1 chromium-desktop-kde-25.0.1343.0-1.43.1 chromium-ffmpegsumo-25.0.1343.0-1.43.1 chromium-ffmpegsumo-debuginfo-25.0.1343.0-1.43.1 chromium-suid-helper-25.0.1343.0-1.43.1 chromium-suid-helper-debuginfo-25.0.1343.0-1.43.1 References: http://support.novell.com/security/cve/CVE-2012-5130.html http://support.novell.com/security/cve/CVE-2012-5131.html http://support.novell.com/security/cve/CVE-2012-5132.html http://support.novell.com/security/cve/CVE-2012-5133.html http://support.novell.com/security/cve/CVE-2012-5134.html http://support.novell.com/security/cve/CVE-2012-5135.html http://support.novell.com/security/cve/CVE-2012-5136.html http://support.novell.com/security/cve/CVE-2012-5137.html http://support.novell.com/security/cve/CVE-2012-5138.html https://bugzilla.novell.com/791234 https://bugzilla.novell.com/792154