openSUSE 13.2: 2014:1626-1 Important Advisory for Chromium Buffer Overflow
opensuse
December 12, 2014
An update that fixes 13 vulnerabilities is now available
Description
chromium was updated to version 39.0.2171.65 to fix 13 security issues.
These security issues were fixed:
- Use-after-free in pepper plugins (CVE-2014-7906).
- Buffer overflow in OpenJPEG before r2911 in PDFium, as used in Google
Chromebefore 39.0.2171.65, al... (CVE-2014-7903).
- Uninitialized memory read in Skia (CVE-2014-7909).
- Unspecified security issues (CVE-2014-7910).
- Integer overflow in media (CVE-2014-7908).
- Integer overflow in the opj_t2_read_packet_data function
infxcodec/fx_libopenjpeg/libopenjpeg20/t2.... (CVE-2014-7901).
- Use-after-free in blink (CVE-2014-7907).
- Address bar spoofing (CVE-2014-7899).
- Buffer overflow in Skia (CVE-2014-7904).
- Use-after-free vulnerability in the CPDF_Parser (CVE-2014-7900).
- Use-after-free vulnerability in PDFium allows DoS (CVE-2014-7902).
- Flaw allowing navigation to intents that do not have the BROWSABLE
category (CVE-2014-7905).
- Double-free in Flash...
Read the Full Advisory
Topics Covered
Patch
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 13.2:
zypper in -t patch openSUSE-2014-764
- openSUSE 13.1:
zypper in -t patch openSUSE-2014-764
To bring your system up-to-date, use "zypper patch".
Package List
- openSUSE 13.2 (i586 x86_64):
chromedriver-39.0.2171.65-4.4
chromedriver-debuginfo-39.0.2171.65-4.4
chromium-39.0.2171.65-4.4
chromium-debuginfo-39.0.2171.65-4.4
chromium-debugsource-39.0.2171.65-4.4
chromium-desktop-gnome-39.0.2171.65-4.4
chromium-desktop-kde-39.0.2171.65-4.4
chromium-ffmpegsumo-39.0.2171.65-4.4
chromium-ffmpegsumo-debuginfo-39.0.2171.65-4.4
- openSUSE 13.1 (i586 x86_64):
chromedriver-39.0.2171.65-58.4
chromedriver-debuginfo-39.0.2171.65-58.4
chromium-39.0.2171.65-58.4
chromium-debuginfo-39.0.2171.65-58.4
chromium-debugsource-39.0.2171.65-58.4
chromium-desktop-gnome-39.0.2171.65-58.4
chromium-desktop-kde-39.0.2171.65-58.4
chromium-ffmpegsumo-39.0.2171.65-58.4
chromium-ffmpegsumo-debuginfo-39.0.2171.65-58.4
References
https://www.suse.com/security/cve/CVE-2014-0574.html
https://www.suse.com/security/cve/CVE-2014-7899.html
https://www.suse.com/security/cve/CVE-2014-7900.html
https://www.suse.com/security/cve/CVE-2014-7901.html
https://www.suse.com/security/cve/CVE-2014-7902.html
https://www.suse.com/security/cve/CVE-2014-7903.html
https://www.suse.com/security/cve/CVE-2014-7904.html
https://www.suse.com/security/cve/CVE-2014-7905.html
https://www.suse.com/security/cve/CVE-2014-7906.html
https://www.suse.com/security/cve/CVE-2014-7907.html
https://www.suse.com/security/cve/CVE-2014-7908.html
https://www.suse.com/security/cve/CVE-2014-7909.html
https://www.suse.com/security/cve/CVE-2014-7910.html
https://bugzilla.suse.com/show_bug.cgi?id=906317
https://bugzilla.suse.com/show_bug.cgi?id=906318
https://bugzilla.suse.com/show_bug.cgi?id=906319
https://bugzilla.suse.com/show_bug.cgi?id=906320
https://bugzilla.suse.com/show_bug.cgi?id=906321
https://bugzilla.suse.com/show_bug.cgi?id=906322
https://bugzilla.suse.com/show_bug.c...
Read the Full Advisory
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: openSUSE-SU-2014:1626-1
Rating: important
Affected Products:
openSUSE 13.2
openSUSE 13.1
.
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!