openSUSE: 2012:0656-1 Important: Chromium And V8 Security Updates
opensuse
May 29, 2012
An update that fixes 18 vulnerabilities is now available
Description
Chromium update to 21.0.1145
* Fixed several issues around audio not playing with
videos
* Crash Fixes
* Improvements to trackpad on Cr-48
* Security Fixes (bnc#762481)
- CVE-2011-3083: Browser crash with video + FTP
- CVE-2011-3084: Load links from internal pages in
their own process.
- CVE-2011-3085: UI corruption with long autofilled
values
- CVE-2011-3086: Use-after-free with style element.
- CVE-2011-3087: Incorrect window navigation
- CVE-2011-3088: Out-of-bounds read in hairline drawing
- CVE-2011-3089: Use-after-free in table handling.
- CVE-2011-3090: Race condition with workers.
- CVE-2011-3091: Use-after-free with indexed DB
- CVE-2011-3092: Invalid write in v8 regex
- CVE-2011-3093: Out-of-bounds read in glyph handling
- CVE-2011-3094: Out-of-bounds read in Tibetan handling
- CVE-2011-3095: Out-of-bounds write in OGG container.
- CVE-2011-3096: Use-after-free in GTK omnibox handling.
- CVE-2011-3098: Bad...
Read the Full Advisory
Topics Covered
Patch
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 12.1:
zypper in -t patch openSUSE-2012-295
To bring your system up-to-date, use "zypper patch".
Package List
- openSUSE 12.1 (i586 x86_64):
chromium-21.0.1145.0-1.23.1
chromium-debuginfo-21.0.1145.0-1.23.1
chromium-debugsource-21.0.1145.0-1.23.1
chromium-desktop-gnome-21.0.1145.0-1.23.1
chromium-desktop-kde-21.0.1145.0-1.23.1
chromium-suid-helper-21.0.1145.0-1.23.1
chromium-suid-helper-debuginfo-21.0.1145.0-1.23.1
libv8-3-3.11.3.0-1.27.1
libv8-3-debuginfo-3.11.3.0-1.27.1
v8-debugsource-3.11.3.0-1.27.1
v8-devel-3.11.3.0-1.27.1
v8-private-headers-devel-3.11.3.0-1.27.1
References
https://www.suse.com/security/cve/CVE-2011-3083.html
https://www.suse.com/security/cve/CVE-2011-3084.html
https://www.suse.com/security/cve/CVE-2011-3085.html
https://www.suse.com/security/cve/CVE-2011-3086.html
https://www.suse.com/security/cve/CVE-2011-3087.html
https://www.suse.com/security/cve/CVE-2011-3088.html
https://www.suse.com/security/cve/CVE-2011-3089.html
https://www.suse.com/security/cve/CVE-2011-3090.html
https://www.suse.com/security/cve/CVE-2011-3091.html
https://www.suse.com/security/cve/CVE-2011-3092.html
https://www.suse.com/security/cve/CVE-2011-3093.html
https://www.suse.com/security/cve/CVE-2011-3094.html
https://www.suse.com/security/cve/CVE-2011-3095.html
https://www.suse.com/security/cve/CVE-2011-3096.html
https://www.suse.com/security/cve/CVE-2011-3098.html
https://www.suse.com/security/cve/CVE-2011-3100.html
https://www.suse.com/security/cve/CVE-2011-3101.html
https://www.suse.com/security/cve/CVE-2011-3102.html
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: openSUSE-SU-2012:0656-1
Rating: important
Affected Products:
openSUSE 12.1
.
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!