openSUSE 13.1/12.3: 2014:1151-1 Important: Remote Code Execution
opensuse
September 22, 2014
An update that fixes 9 vulnerabilities is now available.
Description
Chromium was updated to 37.0.2062.94 containing security Fixes
(bnc#893720).
A full list of changes is available in the log:
.
0?pretty=full
This update includes 50 security fixes. Below, we highlight fixes that
were either contributed by external researchers or particularly
interesting. Please see the Chromium security page for more information.
Critical CVE-2014-3176, CVE-2014-3177: A special reward to lokihardt@asrt
for a combination of bugs in V8, IPC, sync, and extensions that can lead
to remote code execution outside of the sandbox.
High CVE-2014-3168: Use-after-free in SVG. Credit to cloudfuzzer. High
CVE-2014-3169: Use-after-free in DOM. Credit to Andrzej Dyjak. High
CVE-2014-3170: Extension permission dialog spoofing. Credit to Rob Wu.
High CVE-2014-3171: Use-after-free in bindings. Credit to cloudfuzzer.
Medium CVE-2014-3172: Issue related to extension debugging. Credit to Eli
Grey. Medium CVE-2014-3173: Uninitialized...
Read the Full Advisory
Patch
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 13.1:
zypper in -t patch openSUSE-2014-550
- openSUSE 12.3:
zypper in -t patch openSUSE-2014-550
To bring your system up-to-date, use "zypper patch".
Package List
- openSUSE 13.1 (i586 x86_64):
chromedriver-37.0.2062.94-50.1
chromedriver-debuginfo-37.0.2062.94-50.1
chromium-37.0.2062.94-50.1
chromium-debuginfo-37.0.2062.94-50.1
chromium-debugsource-37.0.2062.94-50.1
chromium-desktop-gnome-37.0.2062.94-50.1
chromium-desktop-kde-37.0.2062.94-50.1
chromium-ffmpegsumo-37.0.2062.94-50.1
chromium-ffmpegsumo-debuginfo-37.0.2062.94-50.1
- openSUSE 12.3 (i586 x86_64):
chromedriver-37.0.2062.94-1.55.3
chromedriver-debuginfo-37.0.2062.94-1.55.3
chromium-37.0.2062.94-1.55.3
chromium-debuginfo-37.0.2062.94-1.55.3
chromium-debugsource-37.0.2062.94-1.55.3
chromium-desktop-gnome-37.0.2062.94-1.55.3
chromium-desktop-kde-37.0.2062.94-1.55.3
chromium-ffmpegsumo-37.0.2062.94-1.55.3
chromium-ffmpegsumo-debuginfo-37.0.2062.94-1.55.3
References
https://www.suse.com/security/cve/CVE-2014-3168.html
https://www.suse.com/security/cve/CVE-2014-3169.html
https://www.suse.com/security/cve/CVE-2014-3170.html
https://www.suse.com/security/cve/CVE-2014-3171.html
https://www.suse.com/security/cve/CVE-2014-3172.html
https://www.suse.com/security/cve/CVE-2014-3173.html
https://www.suse.com/security/cve/CVE-2014-3174.html
https://www.suse.com/security/cve/CVE-2014-3176.html
https://www.suse.com/security/cve/CVE-2014-3177.html
--
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: openSUSE-SU-2014:1151-1
Rating: important
Affected Products:
openSUSE 13.1
openSUSE 12.3
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!