Detections
Analytics

openSUSE Security Update : chromium / v8 (openSUSE-SU-2012:0813-1)

high Nessus Plugin ID 74660

Language:

Synopsis

The remote openSUSE host is missing a security update.

Description

- Update Chromium to 22.0.1190

 - Security Fixes (bnc#769181) :

 - CVE-2012-2815: Leak of iframe fragment id

 - CVE-2012-2816: Prevent sandboxed processes interfering with each other

 - CVE-2012-2817: Use-after-free in table section handling

 - CVE-2012-2818: Use-after-free in counter layout

 - CVE-2012-2819: Crash in texture handling

 - CVE-2012-2820: Out-of-bounds read in SVG filter handling

 - CVE-2012-2821: Autofill display problem

 - CVE-2012-2823: Use-after-free in SVG resource handling

 - CVE-2012-2826: Out-of-bounds read in texture conversion

 - CVE-2012-2829: Use-after-free in first-letter handling

 - CVE-2012-2830: Wild pointer in array value setting

 - CVE-2012-2831: Use-after-free in SVG reference handling

 - CVE-2012-2834: Integer overflow in Matroska container

 - CVE-2012-2825: Wild read in XSL handling

 - CVE-2012-2807: Integer overflows in libxml

 - Fix update-alternatives within the spec-file

 - Update v8 to 3.12.5.0

 - Fixed Chromium issues: 115100, 129628, 131994, 132727, 132741, 132742, 133211

 - Fixed V8 issues: 915, 1914, 2034, 2087, 2094, 2134, 2156, 2166, 2172, 2177, 2179, 2185

 - Added --extra-code flag to mksnapshot to load JS code into the VM before creating the snapshot.

 - Support 'restart call frame' command in the debugger.

 - Fixed lazy sweeping heuristics to prevent old-space expansion. (issue 2194)

 - Fixed sharing of literal boilerplates for optimized code. (issue 2193)

 - Removed -fomit-frame-pointer flag from Release builds to make the stack walkable by TCMalloc (Chromium issue 133723).

 - Expose more detailed memory statistics (issue 2201).

 - Fixed Harmony Maps and WeakMaps for undefined values (Chromium issue 132744).

 - Update v8 to 3.11.10.6

 - Implemented heap profiler memory usage reporting.

 - Preserved error message during finally block in try..finally. (Chromium issue 129171)

 - Fixed EnsureCanContainElements to properly handle double values. (issue 2170)

 - Improved heuristics to keep objects in fast mode with inherited constructors.

 - Performance and stability improvements on all platforms.

 - Implemented ES5-conformant semantics for inherited setters and read-only properties. Currently behind
 --es5_readonly flag, because it breaks WebKit bindings.

 - Exposed last seen heap object id via v8 public api.

 - Update v8 to 3.11.8.0

 - Avoid overdeep recursion in regexp where a guarded expression with a minimum repetition count is inside another quantifier. (Chromium issue 129926)

 - Fixed missing write barrier in store field stub. (issues 2143, 1465, Chromium issue 129355)

 - Proxies: Fixed receiver for setters inherited from proxies.

 - Proxies: Fixed ToStringArray function so that it does not reject some keys. (issue 1543)

 - Update v8 to 3.11.7.0

 - Get better function names in stack traces.

 - Fixed RegExp.prototype.toString for incompatible receivers (issue 1981).

 - Some cleanup to common.gypi. This fixes some host/target combinations that weren't working in the Make build on Mac.

 - Handle EINTR in socket functions and continue incomplete sends. (issue 2098)

 - Fixed python deprecations. (issue 1391)

 - Made socket send and receive more robust and return 0 on failure. (Chromium issue 15719)

 - Fixed GCC 4.7 (C++11) compilation. (issue 2136)

 - Set '-m32' option for host and target platforms

 - Performance and stability improvements on all platforms.

Solution

Update the affected chromium / v8 packages.

See Also

https://bugzilla.novell.com/show_bug.cgi?id=769181

https://lists.opensuse.org/opensuse-updates/2012-07/msg00003.html

Plugin Details

Severity: High

ID: 74660

File Name: openSUSE-2012-355.nasl

Version: 1.7

Type: local

Agent: unix

Published: 6/13/2014

Updated: 1/19/2021

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:chromedriver, p-cpe:/a:novell:opensuse:chromedriver-debuginfo, p-cpe:/a:novell:opensuse:chromium, p-cpe:/a:novell:opensuse:chromium-debuginfo, p-cpe:/a:novell:opensuse:chromium-debugsource, p-cpe:/a:novell:opensuse:chromium-desktop-gnome, p-cpe:/a:novell:opensuse:chromium-desktop-kde, p-cpe:/a:novell:opensuse:chromium-suid-helper, p-cpe:/a:novell:opensuse:chromium-suid-helper-debuginfo, p-cpe:/a:novell:opensuse:libv8-3, p-cpe:/a:novell:opensuse:libv8-3-debuginfo, p-cpe:/a:novell:opensuse:v8-debugsource, p-cpe:/a:novell:opensuse:v8-devel, p-cpe:/a:novell:opensuse:v8-private-headers-devel, cpe:/o:novell:opensuse:12.1

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 7/2/2012

Reference Information

CVE: CVE-2012-2807, CVE-2012-2815, CVE-2012-2816, CVE-2012-2817, CVE-2012-2818, CVE-2012-2819, CVE-2012-2820, CVE-2012-2821, CVE-2012-2823, CVE-2012-2825, CVE-2012-2826, CVE-2012-2829, CVE-2012-2830, CVE-2012-2831, CVE-2012-2834