Mailinglist Archive: opensuse-updates (56 mails)

< Previous Next >
openSUSE-SU-2012:0813-1: moderate: update for chromium, v8
openSUSE Security Update: update for chromium, v8
______________________________________________________________________________

Announcement ID: openSUSE-SU-2012:0813-1
Rating: moderate
References: #769181
Cross-References: CVE-2012-2807 CVE-2012-2815 CVE-2012-2816
CVE-2012-2817 CVE-2012-2818 CVE-2012-2819
CVE-2012-2820 CVE-2012-2821 CVE-2012-2823
CVE-2012-2825 CVE-2012-2826 CVE-2012-2829
CVE-2012-2830 CVE-2012-2831 CVE-2012-2834

Affected Products:
openSUSE 12.1
______________________________________________________________________________

An update that fixes 15 vulnerabilities is now available.

Description:


- Update Chromium to 22.0.1190
* Security Fixes (bnc#769181):
* CVE-2012-2815: Leak of iframe fragment id
* CVE-2012-2816: Prevent sandboxed processes
interfering with each other
* CVE-2012-2817: Use-after-free in table section
handling
* CVE-2012-2818: Use-after-free in counter layout
* CVE-2012-2819: Crash in texture handling
* CVE-2012-2820: Out-of-bounds read in SVG filter
handling
* CVE-2012-2821: Autofill display problem
* CVE-2012-2823: Use-after-free in SVG resource
handling
* CVE-2012-2826: Out-of-bounds read in texture
conversion
* CVE-2012-2829: Use-after-free in first-letter
handling
* CVE-2012-2830: Wild pointer in array value setting
* CVE-2012-2831: Use-after-free in SVG reference
handling
* CVE-2012-2834: Integer overflow in Matroska container
* CVE-2012-2825: Wild read in XSL handling
* CVE-2012-2807: Integer overflows in libxml
* Fix update-alternatives within the spec-file

- Update v8 to 3.12.5.0
* Fixed Chromium issues: 115100, 129628, 131994, 132727,
132741, 132742, 133211
* Fixed V8 issues: 915, 1914, 2034, 2087, 2094, 2134,
2156, 2166, 2172, 2177, 2179, 2185
* Added --extra-code flag to mksnapshot to load JS code
into the VM before creating the snapshot.
* Support 'restart call frame' command in the debugger.
* Fixed lazy sweeping heuristics to prevent old-space
expansion. (issue 2194)
* Fixed sharing of literal boilerplates for optimized
code. (issue 2193)
* Removed -fomit-frame-pointer flag from Release builds
to make the stack walkable by TCMalloc (Chromium issue
133723).
* Expose more detailed memory statistics (issue 2201).
* Fixed Harmony Maps and WeakMaps for undefined values
(Chromium issue 132744).

- Update v8 to 3.11.10.6
* Implemented heap profiler memory usage reporting.
* Preserved error message during finally block in
try..finally. (Chromium issue 129171)
* Fixed EnsureCanContainElements to properly handle
double values. (issue 2170)
* Improved heuristics to keep objects in fast mode with
inherited constructors.
* Performance and stability improvements on all platforms.
* Implemented ES5-conformant semantics for inherited
setters and read-only properties. Currently behind
--es5_readonly flag, because it breaks WebKit bindings.
* Exposed last seen heap object id via v8 public api.

- Update v8 to 3.11.8.0
* Avoid overdeep recursion in regexp where a guarded
expression with a minimum repetition count is inside
another quantifier. (Chromium issue 129926)
* Fixed missing write barrier in store field stub.
(issues 2143, 1465, Chromium issue 129355)
* Proxies: Fixed receiver for setters inherited from
proxies.
* Proxies: Fixed ToStringArray function so that it does
not reject some keys. (issue 1543)

- Update v8 to 3.11.7.0
* Get better function names in stack traces.
* Fixed RegExp.prototype.toString for incompatible
receivers (issue 1981).
* Some cleanup to common.gypi. This fixes some
host/target combinations that weren't working in the
Make build on Mac.
* Handle EINTR in socket functions and continue
incomplete sends. (issue 2098)
* Fixed python deprecations. (issue 1391)
* Made socket send and receive more robust and return 0
on failure. (Chromium issue 15719)
* Fixed GCC 4.7 (C++11) compilation. (issue 2136)
* Set '-m32' option for host and target platforms
* Performance and stability improvements on all platforms.


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 12.1:

zypper in -t patch openSUSE-2012-355

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE 12.1 (i586 x86_64):

chromedriver-22.0.1190.0-1.26.2
chromedriver-debuginfo-22.0.1190.0-1.26.2
chromium-22.0.1190.0-1.26.2
chromium-debuginfo-22.0.1190.0-1.26.2
chromium-debugsource-22.0.1190.0-1.26.2
chromium-desktop-gnome-22.0.1190.0-1.26.2
chromium-desktop-kde-22.0.1190.0-1.26.2
chromium-suid-helper-22.0.1190.0-1.26.2
chromium-suid-helper-debuginfo-22.0.1190.0-1.26.2
libv8-3-3.12.5.0-1.30.1
libv8-3-debuginfo-3.12.5.0-1.30.1
v8-debugsource-3.12.5.0-1.30.1
v8-devel-3.12.5.0-1.30.1
v8-private-headers-devel-3.12.5.0-1.30.1


References:

http://support.novell.com/security/cve/CVE-2012-2807.html
http://support.novell.com/security/cve/CVE-2012-2815.html
http://support.novell.com/security/cve/CVE-2012-2816.html
http://support.novell.com/security/cve/CVE-2012-2817.html
http://support.novell.com/security/cve/CVE-2012-2818.html
http://support.novell.com/security/cve/CVE-2012-2819.html
http://support.novell.com/security/cve/CVE-2012-2820.html
http://support.novell.com/security/cve/CVE-2012-2821.html
http://support.novell.com/security/cve/CVE-2012-2823.html
http://support.novell.com/security/cve/CVE-2012-2825.html
http://support.novell.com/security/cve/CVE-2012-2826.html
http://support.novell.com/security/cve/CVE-2012-2829.html
http://support.novell.com/security/cve/CVE-2012-2830.html
http://support.novell.com/security/cve/CVE-2012-2831.html
http://support.novell.com/security/cve/CVE-2012-2834.html
https://bugzilla.novell.com/769181


< Previous Next >
This Thread
  • No further messages