'[security-announce] openSUSE-SU-2015:0505-1: important: Security update to Chromium 41.0.2272.76'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       opensuse-security-announce
Subject:    [security-announce] openSUSE-SU-2015:0505-1: important: Security update to Chromium 41.0.2272.76
From:       opensuse-security () opensuse ! org
Date:       2015-03-16 15:05:28
Message-ID: 20150316150528.F355B3238F () maintenance ! suse ! de
[Download RAW message or body]

   openSUSE Security Update: Security update to Chromium 41.0.2272.76
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2015:0505-1
Rating:             important
References:         #920825 
Cross-References:   CVE-2015-1212 CVE-2015-1213 CVE-2015-1214
                    CVE-2015-1215 CVE-2015-1216 CVE-2015-1217
                    CVE-2015-1218 CVE-2015-1219 CVE-2015-1220
                    CVE-2015-1221 CVE-2015-1222 CVE-2015-1223
                    CVE-2015-1224 CVE-2015-1225 CVE-2015-1226
                    CVE-2015-1227 CVE-2015-1228 CVE-2015-1229
                    CVE-2015-1230 CVE-2015-1231
Affected Products:
                    openSUSE 13.2
                    openSUSE 13.1
______________________________________________________________________________

   An update that fixes 20 vulnerabilities is now available.

Description:

   Chromium was updated to 41.0.2272.76 (bnc#920825)

   Security fixes:
   * CVE-2015-1212: Out-of-bounds write in media
   * CVE-2015-1213: Out-of-bounds write in skia filters
   * CVE-2015-1214: Out-of-bounds write in skia filters
   * CVE-2015-1215: Out-of-bounds write in skia filters
   * CVE-2015-1216: Use-after-free in v8 bindings
   * CVE-2015-1217: Type confusion in v8 bindings
   * CVE-2015-1218: Use-after-free in dom
   * CVE-2015-1219: Integer overflow in webgl
   * CVE-2015-1220: Use-after-free in gif decoder
   * CVE-2015-1221: Use-after-free in web databases
   * CVE-2015-1222: Use-after-free in service workers
   * CVE-2015-1223: Use-after-free in dom
   * CVE-2015-1230: Type confusion in v8
   * CVE-2015-1224: Out-of-bounds read in vpxdecoder
   * CVE-2015-1225: Out-of-bounds read in pdfium
   * CVE-2015-1226: Validation issue in debugger
   * CVE-2015-1227: Uninitialized value in blink
   * CVE-2015-1228: Uninitialized value in rendering
   * CVE-2015-1229: Cookie injection via proxies
   * CVE-2015-1231: Various fixes from internal audits
   * Multiple vulnerabilities in V8 fixed at the tip of the 4.1 branch


Patch Instructions:

   To install this openSUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - openSUSE 13.2:

      zypper in -t patch openSUSE-2015-228=1

   - openSUSE 13.1:

      zypper in -t patch openSUSE-2015-228=1

   To bring your system up-to-date, use "zypper patch".


Package List:

   - openSUSE 13.2 (i586 x86_64):

      chromedriver-41.0.2272.76-17.1
      chromedriver-debuginfo-41.0.2272.76-17.1
      chromium-41.0.2272.76-17.1
      chromium-debuginfo-41.0.2272.76-17.1
      chromium-debugsource-41.0.2272.76-17.1
      chromium-desktop-gnome-41.0.2272.76-17.1
      chromium-desktop-kde-41.0.2272.76-17.1
      chromium-ffmpegsumo-41.0.2272.76-17.1
      chromium-ffmpegsumo-debuginfo-41.0.2272.76-17.1

   - openSUSE 13.1 (i586 x86_64):

      chromedriver-41.0.2272.76-72.1
      chromedriver-debuginfo-41.0.2272.76-72.1
      chromium-41.0.2272.76-72.1
      chromium-debuginfo-41.0.2272.76-72.1
      chromium-debugsource-41.0.2272.76-72.1
      chromium-desktop-gnome-41.0.2272.76-72.1
      chromium-desktop-kde-41.0.2272.76-72.1
      chromium-ffmpegsumo-41.0.2272.76-72.1
      chromium-ffmpegsumo-debuginfo-41.0.2272.76-72.1


References:

   http://support.novell.com/security/cve/CVE-2015-1212.html
   http://support.novell.com/security/cve/CVE-2015-1213.html
   http://support.novell.com/security/cve/CVE-2015-1214.html
   http://support.novell.com/security/cve/CVE-2015-1215.html
   http://support.novell.com/security/cve/CVE-2015-1216.html
   http://support.novell.com/security/cve/CVE-2015-1217.html
   http://support.novell.com/security/cve/CVE-2015-1218.html
   http://support.novell.com/security/cve/CVE-2015-1219.html
   http://support.novell.com/security/cve/CVE-2015-1220.html
   http://support.novell.com/security/cve/CVE-2015-1221.html
   http://support.novell.com/security/cve/CVE-2015-1222.html
   http://support.novell.com/security/cve/CVE-2015-1223.html
   http://support.novell.com/security/cve/CVE-2015-1224.html
   http://support.novell.com/security/cve/CVE-2015-1225.html
   http://support.novell.com/security/cve/CVE-2015-1226.html
   http://support.novell.com/security/cve/CVE-2015-1227.html
   http://support.novell.com/security/cve/CVE-2015-1228.html
   http://support.novell.com/security/cve/CVE-2015-1229.html
   http://support.novell.com/security/cve/CVE-2015-1230.html
   http://support.novell.com/security/cve/CVE-2015-1231.html
   https://bugzilla.suse.com/920825

-- 
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic