openSUSE Security Update: chromium to 32.0.1700.102
______________________________________________________________________________
Announcement ID: openSUSE-SU-2014:0243-1
Rating: important
References: #861013
Cross-References: CVE-2013-6641 CVE-2013-6643 CVE-2013-6644
CVE-2013-6645 CVE-2013-6646 CVE-2013-6649
CVE-2013-6650
Affected Products:
openSUSE 13.1
openSUSE 12.3
______________________________________________________________________________
An update that fixes 7 vulnerabilities is now available.
Description:
Chromium was updated to version 32.0.1700.102: Stable
channel update:
– Security Fixes:
* CVE-2013-6649: Use-after-free in SVG images
* CVE-2013-6650: Memory corruption in V8
* and 12 other fixes
– Other:
* Mouse Pointer disappears after exiting full-screen
mode
* Drag and drop files into Chromium may not work
properly
* Quicktime Plugin crashes in Chromium
* Chromium becomes unresponsive
* Trackpad users may not be able to scroll horizontally
* Scrolling does not work in combo box
* Chromium does not work with all CSS minifiers such
as whitespace around a media query’s `and` keyword
– Update to Chromium 32.0.1700.77 Stable channel update:
– Security fixes:
* CVE-2013-6646: Use-after-free in web workers
* CVE-2013-6641: Use-after-free related to forms
* CVE-2013-6643: Unprompted sync with an attacker’s
Google account
* CVE-2013-6645: Use-after-free related to speech
input elements
* CVE-2013-6644: Various fixes from internal audits,
fuzzing and other initiatives
– Other:
* Tab indicators for sound, webcam and casting
* Automatically blocking malware files
* Lots of under the hood changes for stability and
performance
– Remove patch chromium-fix-chromedriver-build.diff as
that chromedriver is fixed upstream
– Updated ExcludeArch to exclude aarch64, ppc, ppc64 and
ppc64le. This is based on missing build requires
(valgrind, v8, etc)
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
– openSUSE 13.1:
zypper in -t patch openSUSE-2014-135
– openSUSE 12.3:
zypper in -t patch openSUSE-2014-135
To bring your system up-to-date, use “zypper patch”.
Package List:
– openSUSE 13.1 (i586 x86_64):
chromedriver-32.0.1700.102-17.2
chromedriver-debuginfo-32.0.1700.102-17.2
chromium-32.0.1700.102-17.2
chromium-debuginfo-32.0.1700.102-17.2
chromium-debugsource-32.0.1700.102-17.2
chromium-desktop-gnome-32.0.1700.102-17.2
chromium-desktop-kde-32.0.1700.102-17.2
chromium-ffmpegsumo-32.0.1700.102-17.2
chromium-ffmpegsumo-debuginfo-32.0.1700.102-17.2
chromium-suid-helper-32.0.1700.102-17.2
chromium-suid-helper-debuginfo-32.0.1700.102-17.2
– openSUSE 12.3 (i586 x86_64):
chromedriver-32.0.1700.102-1.25.2
chromedriver-debuginfo-32.0.1700.102-1.25.2
chromium-32.0.1700.102-1.25.2
chromium-debuginfo-32.0.1700.102-1.25.2
chromium-debugsource-32.0.1700.102-1.25.2
chromium-desktop-gnome-32.0.1700.102-1.25.2
chromium-desktop-kde-32.0.1700.102-1.25.2
chromium-ffmpegsumo-32.0.1700.102-1.25.2
chromium-ffmpegsumo-debuginfo-32.0.1700.102-1.25.2
chromium-suid-helper-32.0.1700.102-1.25.2
chromium-suid-helper-debuginfo-32.0.1700.102-1.25.2
References:
http://support.novell.com/security/cve/CVE-2013-6641.html
http://support.novell.com/security/cve/CVE-2013-6643.html
http://support.novell.com/security/cve/CVE-2013-6644.html
http://support.novell.com/security/cve/CVE-2013-6645.html
http://support.novell.com/security/cve/CVE-2013-6646.html
http://support.novell.com/security/cve/CVE-2013-6649.html
http://support.novell.com/security/cve/CVE-2013-6650.html
https://bugzilla.novell.com/861013
—
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org