Mailinglist Archive: opensuse-updates (174 mails)

< Previous Next >
openSUSE-SU-2015:1877-1: moderate: Security update for Chromium
openSUSE Security Update: Security update for Chromium
______________________________________________________________________________

Announcement ID: openSUSE-SU-2015:1877-1
Rating: moderate
References: #931659 #931660 #931661 #931663 #931664 #931665
#931666 #931667 #931668 #931669 #931670 #931671
#931672 #931673 #931674
Cross-References: CVE-2015-1251 CVE-2015-1252 CVE-2015-1253
CVE-2015-1254 CVE-2015-1255 CVE-2015-1256
CVE-2015-1257 CVE-2015-1258 CVE-2015-1259
CVE-2015-1260 CVE-2015-1261 CVE-2015-1262
CVE-2015-1263 CVE-2015-1264 CVE-2015-1265

Affected Products:
SUSE Package Hub for SUSE Linux Enterprise 12
______________________________________________________________________________

An update that fixes 15 vulnerabilities is now available.

Description:

Chromium was updated to 43.0.2357.65 to fix security issues and bugs.

The following vulnerabilities were fixed:

- CVE-2015-1251: Use-after-free in Speech (boo#931659)
- CVE-2015-1252: Sandbox escape in Chrome (boo#931671)
- CVE-2015-1253: Cross-origin bypass in DOM (boo#931670)
- CVE-2015-1254: Cross-origin bypass in Editing (boo#931669)
- CVE-2015-1255: Use-after-free in WebAudio (boo#931674)
- CVE-2015-1256: Use-after-free in SVG (boo#931664)
- CVE-2015-1257: Container-overflow in SVG (boo#931665)
- CVE-2015-1258: Negative-size parameter in Libvpx (boo#931666)
- CVE-2015-1259: Uninitialized value in PDFium (boo#931667)
- CVE-2015-1260: Use-after-free in WebRTC (boo#931668)
- CVE-2015-1261: URL bar spoofing (boo#931673)
- CVE-2015-1262: Uninitialized value in Blink (boo#931672)
- CVE-2015-1263: Insecure download of spellcheck dictionary (boo#931663)
- CVE-2015-1264: Cross-site scripting in bookmarks (boo#931661)
- CVE-2015-1265: Various fixes from internal audits, fuzzing and other
initiatives (boo#931660)
- Multiple vulnerabilities in V8 fixed at the tip of the 4.3 branch
(currently 4.3.61.21)


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- SUSE Package Hub for SUSE Linux Enterprise 12:

zypper in -t patch openSUSE-2015-390=1

To bring your system up-to-date, use "zypper patch".


Package List:

- SUSE Package Hub for SUSE Linux Enterprise 12 (x86_64):

chromedriver-43.0.2357.65-8.1
chromedriver-debuginfo-43.0.2357.65-8.1
chromium-43.0.2357.65-8.1
chromium-debuginfo-43.0.2357.65-8.1
chromium-debugsource-43.0.2357.65-8.1
chromium-desktop-gnome-43.0.2357.65-8.1
chromium-desktop-kde-43.0.2357.65-8.1
chromium-ffmpegsumo-43.0.2357.65-8.1
chromium-ffmpegsumo-debuginfo-43.0.2357.65-8.1


References:

https://www.suse.com/security/cve/CVE-2015-1251.html
https://www.suse.com/security/cve/CVE-2015-1252.html
https://www.suse.com/security/cve/CVE-2015-1253.html
https://www.suse.com/security/cve/CVE-2015-1254.html
https://www.suse.com/security/cve/CVE-2015-1255.html
https://www.suse.com/security/cve/CVE-2015-1256.html
https://www.suse.com/security/cve/CVE-2015-1257.html
https://www.suse.com/security/cve/CVE-2015-1258.html
https://www.suse.com/security/cve/CVE-2015-1259.html
https://www.suse.com/security/cve/CVE-2015-1260.html
https://www.suse.com/security/cve/CVE-2015-1261.html
https://www.suse.com/security/cve/CVE-2015-1262.html
https://www.suse.com/security/cve/CVE-2015-1263.html
https://www.suse.com/security/cve/CVE-2015-1264.html
https://www.suse.com/security/cve/CVE-2015-1265.html
https://bugzilla.suse.com/931659
https://bugzilla.suse.com/931660
https://bugzilla.suse.com/931661
https://bugzilla.suse.com/931663
https://bugzilla.suse.com/931664
https://bugzilla.suse.com/931665
https://bugzilla.suse.com/931666
https://bugzilla.suse.com/931667
https://bugzilla.suse.com/931668
https://bugzilla.suse.com/931669
https://bugzilla.suse.com/931670
https://bugzilla.suse.com/931671
https://bugzilla.suse.com/931672
https://bugzilla.suse.com/931673
https://bugzilla.suse.com/931674


< Previous Next >
This Thread
  • No further messages