Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 591
Alerts This Week
Warning Icon 1 591

openSUSE 12.1/12.2 Security Advisory: Important Chromium Patch

opensuse
Calendar Grey September 19, 2012
Dist Opensuse Esm H88
openSUSE Patch Release targets 7 vulnerabilities in firefox version 93.0.1 to improve overall security and reliability.
An update that fixes 8 vulnerabilities is now available

Description

Chromium was updated to 21.0.1180.88 to fix various bugs

and security issues. Security fixes and rewards:

Please see the Chromium security

pagefor more detail. Note that the referenced bugs

may be kept private until a majority of our users are up to

date with the fix.

- [$500]

[121347] Medium CVE-2012-2865: Out-of-bounds read in line

breaking. Credit to miaubiz.

- [$1000]

[134897] High CVE-2012-2866: Bad cast with run-ins. Credit

to miaubiz.

- [135485

] Low CVE-2012-2867: Browser crash with SPDY.

- [$500]

[136881] Medium CVE-2012-2868: Race condition with workers and XHR. Credit to miaubiz.

- [137778

] High CVE-2012-2869: Avoid stale buffer in URL loading.

Credit to Fermin Serna of the Google Security Team.

- [138672

] [ 140368

] LowCVE-2012-2870: Lower severity memory management issues

in XPath. Credit to Nicolas Gregoire.

- [$1000]

[138673] High CVE-2012-2871: Bad cast in XSL transforms.

Read the Full Advisory

Patch

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

- openSUSE 12.2:

zypper in -t patch openSUSE-2012-619

- openSUSE 12.1:

zypper in -t patch openSUSE-2012-619

To bring your system up-to-date, use "zypper patch".

Package List

- openSUSE 12.2 (i586 x86_64):

chromedriver-23.0.1255.0-1.14.1

chromedriver-debuginfo-23.0.1255.0-1.14.1

chromium-23.0.1255.0-1.14.1

chromium-debuginfo-23.0.1255.0-1.14.1

chromium-debugsource-23.0.1255.0-1.14.1

chromium-desktop-gnome-23.0.1255.0-1.14.1

chromium-desktop-kde-23.0.1255.0-1.14.1

chromium-suid-helper-23.0.1255.0-1.14.1

chromium-suid-helper-debuginfo-23.0.1255.0-1.14.1

- openSUSE 12.1 (i586 x86_64):

chromedriver-23.0.1255.0-1.34.1

chromedriver-debuginfo-23.0.1255.0-1.34.1

chromium-23.0.1255.0-1.34.1

chromium-debuginfo-23.0.1255.0-1.34.1

chromium-debugsource-23.0.1255.0-1.34.1

chromium-desktop-gnome-23.0.1255.0-1.34.1

chromium-desktop-kde-23.0.1255.0-1.34.1

chromium-suid-helper-23.0.1255.0-1.34.1

chromium-suid-helper-debuginfo-23.0.1255.0-1.34.1

References

https://www.suse.com/security/cve/CVE-2012-2865.html

https://www.suse.com/security/cve/CVE-2012-2866.html

https://www.suse.com/security/cve/CVE-2012-2867.html

https://www.suse.com/security/cve/CVE-2012-2868.html

https://www.suse.com/security/cve/CVE-2012-2869.html

https://www.suse.com/security/cve/CVE-2012-2870.html

https://www.suse.com/security/cve/CVE-2012-2871.html

https://www.suse.com/security/cve/CVE-2012-2872.html

https://login.microfocus.com/nidp/app/login?sid=0

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2012:1215-1
Rating: important
Affected Products: openSUSE 12.2 openSUSE 12.1 .

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.