Detections
Analytics

openSUSE Security Update : Chromium (openSUSE-SU-2012:1637-1)

critical Nessus Plugin ID 74839

Language:

Synopsis

The remote openSUSE host is missing a security update.

Description

Chromium was updated to 25.0.1343

 - Security Fixes (bnc#791234 and bnc#792154) :

 - CVE-2012-5131: Corrupt rendering in the Apple OSX driver for Intel GPUs

 - CVE-2012-5133: Use-after-free in SVG filters.

 - CVE-2012-5130: Out-of-bounds read in Skia

 - CVE-2012-5132: Browser crash with chunked encoding

 - CVE-2012-5134: Buffer underflow in libxml.

 - CVE-2012-5135: Use-after-free with printing.

 - CVE-2012-5136: Bad cast in input element handling.

 - CVE-2012-5138: Incorrect file path handling

 - CVE-2012-5137: Use-after-free in media source handling

 - Correct build so that proprietary codecs can be used when the chromium-ffmpeg package is installed

 - Update to 25.0.1335

 - (gtk) Fixed <input> selection renders white text on white background in apps. (Issue: 158422)

 - Fixed translate infobar button to show selected language. (Issue: 155350)

 - Fixed broken Arabic language. (Issue: 158978)

 - Fixed pre-rendering if the preference is disabled at start up. (Issue: 159393)

 - Fixed JavaScript rendering issue. (Issue: 159655)

 - No further indications in the ChangeLog

 - Updated V8 - 3.14.5.0

 - Bookmarks are now searched by their title while typing into the omnibox with matching bookmarks being shown in the autocomplete suggestions pop-down list. Matching is done by prefix.

 - Fixed chromium issues 155871, 154173, 155133.

 - Removed patch chomium-ffmpeg-no-pkgconfig.patch

 - Building now internal libffmpegsumo.so based on the standard chromium ffmpeg codecs

 - Add a configuration file (/etc/default/chromium) where we can indicate flags for the chromium-browser.

 - add explicit buildrequire on libbz2-devel

Solution

Update the affected Chromium packages.

See Also

https://bugzilla.novell.com/show_bug.cgi?id=791234

https://bugzilla.novell.com/show_bug.cgi?id=792154

https://lists.opensuse.org/opensuse-updates/2012-12/msg00024.html

Plugin Details

Severity: Critical

ID: 74839

File Name: openSUSE-2012-845.nasl

Version: 1.7

Type: local

Agent: unix

Published: 6/13/2014

Updated: 1/19/2021

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:chromedriver, p-cpe:/a:novell:opensuse:chromedriver-debuginfo, p-cpe:/a:novell:opensuse:chromium, p-cpe:/a:novell:opensuse:chromium-debuginfo, p-cpe:/a:novell:opensuse:chromium-debugsource, p-cpe:/a:novell:opensuse:chromium-desktop-gnome, p-cpe:/a:novell:opensuse:chromium-desktop-kde, p-cpe:/a:novell:opensuse:chromium-ffmpegsumo, p-cpe:/a:novell:opensuse:chromium-ffmpegsumo-debuginfo, p-cpe:/a:novell:opensuse:chromium-suid-helper, p-cpe:/a:novell:opensuse:chromium-suid-helper-debuginfo, cpe:/o:novell:opensuse:12.1, cpe:/o:novell:opensuse:12.2

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 12/4/2012

Vulnerability Publication Date: 11/28/2012

Reference Information

CVE: CVE-2012-5130, CVE-2012-5131, CVE-2012-5132, CVE-2012-5133, CVE-2012-5134, CVE-2012-5135, CVE-2012-5136, CVE-2012-5137, CVE-2012-5138