openSUSE Security Update: update for chromium, v8
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2012:0374-1
Rating:             important
References:         #750407 #751466 #751738 
Cross-References:   CVE-2011-3031 CVE-2011-3032 CVE-2011-3033
                    CVE-2011-3034 CVE-2011-3035 CVE-2011-3036
                    CVE-2011-3037 CVE-2011-3038 CVE-2011-3039
                    CVE-2011-3040 CVE-2011-3041 CVE-2011-3042
                    CVE-2011-3043 CVE-2011-3044 CVE-2011-3046
                    CVE-2011-3047
Affected Products:
                    openSUSE 12.1
______________________________________________________________________________

   An update that fixes 16 vulnerabilities is now available.

Description:

   Changes in chromium:
   - Update to 19.0.1066
   * Fixed Chrome install/update resets Google search
   preferences  (Issue: 105390)
   * Don't trigger accelerated compositing on 3D CSS when
   using  swiftshader (Issue: 116401)
   * Fixed a GPU crash (Issue: 116096)
   * More fixes for Back button frequently hangs (Issue:
   93427)
   * Bastion now works (Issue: 116285)
   * Fixed Composited layer sorting irregularity with
   accelerated canvas (Issue: 102943)
   * Fixed Composited layer sorting irregularity with
   accelerated  canvas (Issue: 102943)
   * Fixed Google Feedback causes render process to use too
   much  memory (Issue: 114489)
   * Fixed after upgrade, some pages are rendered as blank
   (Issue: 109888)
   * Fixed Pasting text into a single-line text field
   shouldn't  keep literal newlines (Issue: 106551)
   - Security Fixes:
   * Critical CVE-2011-3047: Errant plug-in load and GPU
   process  memory corruption
   * Critical CVE-2011-3046: UXSS and bad history navigation.

   - Update to 19.0.1060
   * Fixed NTP signed in state is missing (Issue: 112676)
   * Fixed gmail seems to redraw itself (all white)
   occasionally  (Issue: 111263)
   * Focus "OK" button on Javascript dialogs (Issue: 111015)
   * Fixed Back button frequently hangs (Issue: 93427)
   * Increase the buffer size to fix muted playback rate
   (Issue: 108239)
   * Fixed Empty span with line-height renders with non-zero
   height (Issue: 109811)
   * Marked the Certum Trusted Network CA as an issuer of
   extended-validation (EV) certificates.
   * Fixed importing of bookmarks, history, etc. from
   Firefox 10+.
   * Fixed issues - 114001, 110785, 114168, 114598, 111663,
   113636,  112676
   * Fixed several crashes (Issues: 111376, 108688, 114391)
   * Fixed Firefox browser in Import Bookmarks and Settings
   drop-down (Issue: 114476)
   * Sync: Sessions aren't associating pre-existing tabs
   (Issue: 113319)
   * Fixed All "Extensions" make an entry under the "NTP
   Apps" page (Issue: 113672)
   - Security Fixes (bnc#750407):
   *  High CVE-2011-3031: Use-after-free in v8 element
   wrapper.
   *  High CVE-2011-3032: Use-after-free in SVG value
   handling.
   *  High CVE-2011-3033: Buffer overflow in the Skia
   drawing library.
   *  High CVE-2011-3034: Use-after-free in SVG document
   handling.
   *  High CVE-2011-3035: Use-after-free in SVG use handling.
   *  High CVE-2011-3036: Bad cast in line box handling.
   *  High CVE-2011-3037: Bad casts in anonymous block
   splitting.
   *  High CVE-2011-3038: Use-after-free in multi-column
   handling.
   *  High CVE-2011-3039: Use-after-free in quote handling.
   *  High CVE-2011-3040: Out-of-bounds read in text
   handling.
   *  High CVE-2011-3041: Use-after-free in class attribute
   handling.
   *  High CVE-2011-3042: Use-after-free in table section
   handling.
   *  High CVE-2011-3043: Use-after-free in flexbox with
   floats.
   *  High CVE-2011-3044: Use-after-free with SVG animation
   elements.

   Changes in v8:
   - Update to 3.9.13.0
   * Add code kind check before preparing for OSR. (issue
   1900, 115073)
   * Pass zone explicitly to zone-allocation on x64 and ARM.
   (issue 1802)
   * Port string construct stub to x64. (issue 849)
   * Performance and stability improvements on all platforms.


Patch Instructions:

   To install this openSUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - openSUSE 12.1:

      zypper in -t patch openSUSE-2012-165

   To bring your system up-to-date, use "zypper patch".


Package List:

   - openSUSE 12.1 (i586 x86_64):

      chromium-19.0.1066.0-1.11.2
      chromium-debuginfo-19.0.1066.0-1.11.2
      chromium-debugsource-19.0.1066.0-1.11.2
      chromium-desktop-gnome-19.0.1066.0-1.11.2
      chromium-desktop-kde-19.0.1066.0-1.11.2
      chromium-suid-helper-19.0.1066.0-1.11.2
      chromium-suid-helper-debuginfo-19.0.1066.0-1.11.2
      libv8-3-3.9.13.0-1.15.1
      libv8-3-debuginfo-3.9.13.0-1.15.1
      v8-debugsource-3.9.13.0-1.15.1
      v8-devel-3.9.13.0-1.15.1
      v8-private-headers-devel-3.9.13.0-1.15.1


References:

   https://www.suse.com/security/cve/CVE-2011-3031.html
   https://www.suse.com/security/cve/CVE-2011-3032.html
   https://www.suse.com/security/cve/CVE-2011-3033.html
   https://www.suse.com/security/cve/CVE-2011-3034.html
   https://www.suse.com/security/cve/CVE-2011-3035.html
   https://www.suse.com/security/cve/CVE-2011-3036.html
   https://www.suse.com/security/cve/CVE-2011-3037.html
   https://www.suse.com/security/cve/CVE-2011-3038.html
   https://www.suse.com/security/cve/CVE-2011-3039.html
   https://www.suse.com/security/cve/CVE-2011-3040.html
   https://www.suse.com/security/cve/CVE-2011-3041.html
   https://www.suse.com/security/cve/CVE-2011-3042.html
   https://www.suse.com/security/cve/CVE-2011-3043.html
   https://www.suse.com/security/cve/CVE-2011-3044.html
   https://www.suse.com/security/cve/CVE-2011-3046.html
   https://www.suse.com/security/cve/CVE-2011-3047.html
   https://bugzilla.novell.com/750407
   https://bugzilla.novell.com/751466
   https://bugzilla.novell.com/751738

openSUSE: 2012:0374-1: important: chromium, v8

March 16, 2012
An update that fixes 16 vulnerabilities is now available

Description

Changes in chromium: - Update to 19.0.1066 * Fixed Chrome install/update resets Google search preferences (Issue: 105390) * Don't trigger accelerated compositing on 3D CSS when using swiftshader (Issue: 116401) * Fixed a GPU crash (Issue: 116096) * More fixes for Back button frequently hangs (Issue: 93427) * Bastion now works (Issue: 116285) * Fixed Composited layer sorting irregularity with accelerated canvas (Issue: 102943) * Fixed Composited layer sorting irregularity with accelerated canvas (Issue: 102943) * Fixed Google Feedback causes render process to use too much memory (Issue: 114489) * Fixed after upgrade, some pages are rendered as blank (Issue: 109888) * Fixed Pasting text into a single-line text field shouldn't keep literal newlines (Issue: 106551) - Security Fixes: * Critical CVE-2011-3047: Errant plug-in load and GPU process memory corruption * Critical CVE-2011-3046: UXSS and bad history navigation. - Update to 19.0.1060 * Fixed NTP signed in state is missing (Issue: 112676) * Fixed gmail seems to redraw itself (all white) occasionally (Issue: 111263) * Focus "OK" button on Javascript dialogs (Issue: 111015) * Fixed Back button frequently hangs (Issue: 93427) * Increase the buffer size to fix muted playback rate (Issue: 108239) * Fixed Empty span with line-height renders with non-zero height (Issue: 109811) * Marked the Certum Trusted Network CA as an issuer of extended-validation (EV) certificates. * Fixed importing of bookmarks, history, etc. from Firefox 10+. * Fixed issues - 114001, 110785, 114168, 114598, 111663, 113636, 112676 * Fixed several crashes (Issues: 111376, 108688, 114391) * Fixed Firefox browser in Import Bookmarks and Settings drop-down (Issue: 114476) * Sync: Sessions aren't associating pre-existing tabs (Issue: 113319) * Fixed All "Extensions" make an entry under the "NTP Apps" page (Issue: 113672) - Security Fixes (bnc#750407): * High CVE-2011-3031: Use-after-free in v8 element wrapper. * High CVE-2011-3032: Use-after-free in SVG value handling. * High CVE-2011-3033: Buffer overflow in the Skia drawing library. * High CVE-2011-3034: Use-after-free in SVG document handling. * High CVE-2011-3035: Use-after-free in SVG use handling. * High CVE-2011-3036: Bad cast in line box handling. * High CVE-2011-3037: Bad casts in anonymous block splitting. * High CVE-2011-3038: Use-after-free in multi-column handling. * High CVE-2011-3039: Use-after-free in quote handling. * High CVE-2011-3040: Out-of-bounds read in text handling. * High CVE-2011-3041: Use-after-free in class attribute handling. * High CVE-2011-3042: Use-after-free in table section handling. * High CVE-2011-3043: Use-after-free in flexbox with floats. * High CVE-2011-3044: Use-after-free with SVG animation elements. Changes in v8: - Update to 3.9.13.0 * Add code kind check before preparing for OSR. (issue 1900, 115073) * Pass zone explicitly to zone-allocation on x64 and ARM. (issue 1802) * Port string construct stub to x64. (issue 849) * Performance and stability improvements on all platforms.

 

Patch

Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.1: zypper in -t patch openSUSE-2012-165 To bring your system up-to-date, use "zypper patch".


Package List

- openSUSE 12.1 (i586 x86_64): chromium-19.0.1066.0-1.11.2 chromium-debuginfo-19.0.1066.0-1.11.2 chromium-debugsource-19.0.1066.0-1.11.2 chromium-desktop-gnome-19.0.1066.0-1.11.2 chromium-desktop-kde-19.0.1066.0-1.11.2 chromium-suid-helper-19.0.1066.0-1.11.2 chromium-suid-helper-debuginfo-19.0.1066.0-1.11.2 libv8-3-3.9.13.0-1.15.1 libv8-3-debuginfo-3.9.13.0-1.15.1 v8-debugsource-3.9.13.0-1.15.1 v8-devel-3.9.13.0-1.15.1 v8-private-headers-devel-3.9.13.0-1.15.1


References

https://www.suse.com/security/cve/CVE-2011-3031.html https://www.suse.com/security/cve/CVE-2011-3032.html https://www.suse.com/security/cve/CVE-2011-3033.html https://www.suse.com/security/cve/CVE-2011-3034.html https://www.suse.com/security/cve/CVE-2011-3035.html https://www.suse.com/security/cve/CVE-2011-3036.html https://www.suse.com/security/cve/CVE-2011-3037.html https://www.suse.com/security/cve/CVE-2011-3038.html https://www.suse.com/security/cve/CVE-2011-3039.html https://www.suse.com/security/cve/CVE-2011-3040.html https://www.suse.com/security/cve/CVE-2011-3041.html https://www.suse.com/security/cve/CVE-2011-3042.html https://www.suse.com/security/cve/CVE-2011-3043.html https://www.suse.com/security/cve/CVE-2011-3044.html https://www.suse.com/security/cve/CVE-2011-3046.html https://www.suse.com/security/cve/CVE-2011-3047.html https://bugzilla.novell.com/750407 https://bugzilla.novell.com/751466 https://bugzilla.novell.com/751738


Severity
Announcement ID: openSUSE-SU-2012:0374-1
Rating: important
Affected Products: openSUSE 12.1 .

Related News

28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
8.Locks HexConnections CodeGlobe Esm H320
2 - 3 min read
Canonical has launched Ubuntu Pro for Devices , a comprehensive offering emphasizing security and compliance for IoT device deployments. This
2.Motherboard Esm H320
2 - 3 min read
The recently uncovered "Native Branch History Injection (BHI)" exploit against the Linux kernel marks a significant milestone in the ongoing battle
1.Penguin Landscape Esm H320
1 - 2 min read
There are compelling arguments in favor of Linux over Windows for desktop usage. Let's explore some advantages of choosing Linux over Windows for
4.Lock AbstractDigital Esm H320
2 - 3 min read
Canonical , the company behind Ubuntu , has introduced Netplan 1.0 , a network configuration tool that simplifies networking configuration on Linux

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved