Mailinglist Archive: opensuse-updates (114 mails)

< Previous Next >
openSUSE-SU-2014:1378-1: moderate: update for chromium
openSUSE Security Update: update for chromium
______________________________________________________________________________

Announcement ID: openSUSE-SU-2014:1378-1
Rating: moderate
References: #896106
Cross-References: CVE-2014-3178 CVE-2014-3188 CVE-2014-3189
CVE-2014-3190 CVE-2014-3191 CVE-2014-3192
CVE-2014-3193 CVE-2014-3194 CVE-2014-3195
CVE-2014-3196 CVE-2014-3197 CVE-2014-3198
CVE-2014-3199 CVE-2014-3200
Affected Products:
openSUSE 13.1
______________________________________________________________________________

An update that fixes 14 vulnerabilities is now available.

Description:


- Update to Chromium 38.0.2125.101 This update includes 159 security
fixes, including 113 relatively minor fixes. Highlighted securtiy fixes
are: CVE-2014-3188: A combination of V8 and IPC bugs that can lead to
remote code execution outside of the sandbox CVE-2014-3189:
Out-of-bounds read in PDFium CVE-2014-3190: Use-after-free in Events
CVE-2014-3191: Use-after-free in Rendering CVE-2014-3192: Use-after-free
in DOM CVE-2014-3193: Type confusion in Session Management
CVE-2014-3194: Use-after-free in Web Workers CVE-2014-3195: Information
Leak in V8 CVE-2014-3196: Permissions bypass in Windows Sandbox
CVE-2014-3197: Information Leak in XSS Auditor CVE-2014-3198:
Out-of-bounds read in PDFium CVE-2014-3199: Release Assert in V8
bindings CVE-2014-3200: Various fixes from internal audits, fuzzing and
other initiatives
- Drop the build of the Native Client. This is actually not a build as
that prebuild binaries are being shipped. Also Google no longer provides
prebuild binaries for the NativeClient for 32bit. Chromium as webbrowser
is not affected by this and it bring Chromium inline with the
regulations that prebuild binaries should not be shipped.
* toolchaing_linux tarball dropped
* Spec-file cleaned for NaCl stuff
- Added patch no-clang-on-packman.diff to prevent the usage of clang on
packman, which is not supported there


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 13.1:

zypper in -t patch openSUSE-2014-634

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE 13.1 (i586 x86_64):

chromedriver-38.0.2125.104-54.4
chromedriver-debuginfo-38.0.2125.104-54.4
chromium-38.0.2125.104-54.4
chromium-debuginfo-38.0.2125.104-54.4
chromium-debugsource-38.0.2125.104-54.4
chromium-desktop-gnome-38.0.2125.104-54.4
chromium-desktop-kde-38.0.2125.104-54.4
chromium-ffmpegsumo-38.0.2125.104-54.4
chromium-ffmpegsumo-debuginfo-38.0.2125.104-54.4


References:

http://support.novell.com/security/cve/CVE-2014-3178.html
http://support.novell.com/security/cve/CVE-2014-3188.html
http://support.novell.com/security/cve/CVE-2014-3189.html
http://support.novell.com/security/cve/CVE-2014-3190.html
http://support.novell.com/security/cve/CVE-2014-3191.html
http://support.novell.com/security/cve/CVE-2014-3192.html
http://support.novell.com/security/cve/CVE-2014-3193.html
http://support.novell.com/security/cve/CVE-2014-3194.html
http://support.novell.com/security/cve/CVE-2014-3195.html
http://support.novell.com/security/cve/CVE-2014-3196.html
http://support.novell.com/security/cve/CVE-2014-3197.html
http://support.novell.com/security/cve/CVE-2014-3198.html
http://support.novell.com/security/cve/CVE-2014-3199.html
http://support.novell.com/security/cve/CVE-2014-3200.html
https://bugzilla.suse.com/show_bug.cgi?id=896106


< Previous Next >
This Thread
  • No further messages