openSUSE Security Update: update for chromium, v8 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2012:0813-1 Rating: moderate References: #769181 Cross-References: CVE-2012-2807 CVE-2012-2815 CVE-2012-2816 CVE-2012-2817 CVE-2012-2818 CVE-2012-2819 CVE-2012-2820 CVE-2012-2821 CVE-2012-2823 CVE-2012-2825 CVE-2012-2826 CVE-2012-2829 CVE-2012-2830 CVE-2012-2831 CVE-2012-2834 Affected Products: openSUSE 12.1 ______________________________________________________________________________ An update that fixes 15 vulnerabilities is now available. Description: - Update Chromium to 22.0.1190 * Security Fixes (bnc#769181): * CVE-2012-2815: Leak of iframe fragment id * CVE-2012-2816: Prevent sandboxed processes interfering with each other * CVE-2012-2817: Use-after-free in table section handling * CVE-2012-2818: Use-after-free in counter layout * CVE-2012-2819: Crash in texture handling * CVE-2012-2820: Out-of-bounds read in SVG filter handling * CVE-2012-2821: Autofill display problem * CVE-2012-2823: Use-after-free in SVG resource handling * CVE-2012-2826: Out-of-bounds read in texture conversion * CVE-2012-2829: Use-after-free in first-letter handling * CVE-2012-2830: Wild pointer in array value setting * CVE-2012-2831: Use-after-free in SVG reference handling * CVE-2012-2834: Integer overflow in Matroska container * CVE-2012-2825: Wild read in XSL handling * CVE-2012-2807: Integer overflows in libxml * Fix update-alternatives within the spec-file - Update v8 to 3.12.5.0 * Fixed Chromium issues: 115100, 129628, 131994, 132727, 132741, 132742, 133211 * Fixed V8 issues: 915, 1914, 2034, 2087, 2094, 2134, 2156, 2166, 2172, 2177, 2179, 2185 * Added --extra-code flag to mksnapshot to load JS code into the VM before creating the snapshot. * Support 'restart call frame' command in the debugger. * Fixed lazy sweeping heuristics to prevent old-space expansion. (issue 2194) * Fixed sharing of literal boilerplates for optimized code. (issue 2193) * Removed -fomit-frame-pointer flag from Release builds to make the stack walkable by TCMalloc (Chromium issue 133723). * Expose more detailed memory statistics (issue 2201). * Fixed Harmony Maps and WeakMaps for undefined values (Chromium issue 132744). - Update v8 to 3.11.10.6 * Implemented heap profiler memory usage reporting. * Preserved error message during finally block in try..finally. (Chromium issue 129171) * Fixed EnsureCanContainElements to properly handle double values. (issue 2170) * Improved heuristics to keep objects in fast mode with inherited constructors. * Performance and stability improvements on all platforms. * Implemented ES5-conformant semantics for inherited setters and read-only properties. Currently behind --es5_readonly flag, because it breaks WebKit bindings. * Exposed last seen heap object id via v8 public api. - Update v8 to 3.11.8.0 * Avoid overdeep recursion in regexp where a guarded expression with a minimum repetition count is inside another quantifier. (Chromium issue 129926) * Fixed missing write barrier in store field stub. (issues 2143, 1465, Chromium issue 129355) * Proxies: Fixed receiver for setters inherited from proxies. * Proxies: Fixed ToStringArray function so that it does not reject some keys. (issue 1543) - Update v8 to 3.11.7.0 * Get better function names in stack traces. * Fixed RegExp.prototype.toString for incompatible receivers (issue 1981). * Some cleanup to common.gypi. This fixes some host/target combinations that weren't working in the Make build on Mac. * Handle EINTR in socket functions and continue incomplete sends. (issue 2098) * Fixed python deprecations. (issue 1391) * Made socket send and receive more robust and return 0 on failure. (Chromium issue 15719) * Fixed GCC 4.7 (C++11) compilation. (issue 2136) * Set '-m32' option for host and target platforms * Performance and stability improvements on all platforms. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.1: zypper in -t patch openSUSE-2012-355 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.1 (i586 x86_64): chromedriver-22.0.1190.0-1.26.2 chromedriver-debuginfo-22.0.1190.0-1.26.2 chromium-22.0.1190.0-1.26.2 chromium-debuginfo-22.0.1190.0-1.26.2 chromium-debugsource-22.0.1190.0-1.26.2 chromium-desktop-gnome-22.0.1190.0-1.26.2 chromium-desktop-kde-22.0.1190.0-1.26.2 chromium-suid-helper-22.0.1190.0-1.26.2 chromium-suid-helper-debuginfo-22.0.1190.0-1.26.2 libv8-3-3.12.5.0-1.30.1 libv8-3-debuginfo-3.12.5.0-1.30.1 v8-debugsource-3.12.5.0-1.30.1 v8-devel-3.12.5.0-1.30.1 v8-private-headers-devel-3.12.5.0-1.30.1 References: http://support.novell.com/security/cve/CVE-2012-2807.html http://support.novell.com/security/cve/CVE-2012-2815.html http://support.novell.com/security/cve/CVE-2012-2816.html http://support.novell.com/security/cve/CVE-2012-2817.html http://support.novell.com/security/cve/CVE-2012-2818.html http://support.novell.com/security/cve/CVE-2012-2819.html http://support.novell.com/security/cve/CVE-2012-2820.html http://support.novell.com/security/cve/CVE-2012-2821.html http://support.novell.com/security/cve/CVE-2012-2823.html http://support.novell.com/security/cve/CVE-2012-2825.html http://support.novell.com/security/cve/CVE-2012-2826.html http://support.novell.com/security/cve/CVE-2012-2829.html http://support.novell.com/security/cve/CVE-2012-2830.html http://support.novell.com/security/cve/CVE-2012-2831.html http://support.novell.com/security/cve/CVE-2012-2834.html https://bugzilla.novell.com/769181