openSUSE Security Update : Chromium (openSUSE-SU-2012:1637-1)

critical Nessus Plugin ID 74839

Synopsis

The remote openSUSE host is missing a security update.

Description

Chromium was updated to 25.0.1343

- Security Fixes (bnc#791234 and bnc#792154) :

- CVE-2012-5131: Corrupt rendering in the Apple OSX driver for Intel GPUs

- CVE-2012-5133: Use-after-free in SVG filters.

- CVE-2012-5130: Out-of-bounds read in Skia

- CVE-2012-5132: Browser crash with chunked encoding

- CVE-2012-5134: Buffer underflow in libxml.

- CVE-2012-5135: Use-after-free with printing.

- CVE-2012-5136: Bad cast in input element handling.

- CVE-2012-5138: Incorrect file path handling

- CVE-2012-5137: Use-after-free in media source handling

- Correct build so that proprietary codecs can be used when the chromium-ffmpeg package is installed

- Update to 25.0.1335

- (gtk) Fixed <input> selection renders white text on white background in apps. (Issue: 158422)

- Fixed translate infobar button to show selected language. (Issue: 155350)

- Fixed broken Arabic language. (Issue: 158978)

- Fixed pre-rendering if the preference is disabled at start up. (Issue: 159393)

- Fixed JavaScript rendering issue. (Issue: 159655)

- No further indications in the ChangeLog

- Updated V8 - 3.14.5.0

- Bookmarks are now searched by their title while typing into the omnibox with matching bookmarks being shown in the autocomplete suggestions pop-down list. Matching is done by prefix.

- Fixed chromium issues 155871, 154173, 155133.

- Removed patch chomium-ffmpeg-no-pkgconfig.patch

- Building now internal libffmpegsumo.so based on the standard chromium ffmpeg codecs

- Add a configuration file (/etc/default/chromium) where we can indicate flags for the chromium-browser.

- add explicit buildrequire on libbz2-devel

Solution

Update the affected Chromium packages.

See Also

https://bugzilla.novell.com/show_bug.cgi?id=791234

https://bugzilla.novell.com/show_bug.cgi?id=792154

https://lists.opensuse.org/opensuse-updates/2012-12/msg00024.html

Plugin Details

Severity: Critical

ID: 74839

File Name: openSUSE-2012-845.nasl

Version: 1.7

Type: local

Agent: unix

Published: 6/13/2014

Updated: 1/19/2021

Supported Sensors: Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:chromedriver, p-cpe:/a:novell:opensuse:chromedriver-debuginfo, cpe:/o:novell:opensuse:12.2, p-cpe:/a:novell:opensuse:chromium-debugsource, p-cpe:/a:novell:opensuse:chromium-debuginfo, p-cpe:/a:novell:opensuse:chromium-desktop-kde, p-cpe:/a:novell:opensuse:chromium-ffmpegsumo, p-cpe:/a:novell:opensuse:chromium, p-cpe:/a:novell:opensuse:chromium-suid-helper, p-cpe:/a:novell:opensuse:chromium-suid-helper-debuginfo, p-cpe:/a:novell:opensuse:chromium-desktop-gnome, cpe:/o:novell:opensuse:12.1, p-cpe:/a:novell:opensuse:chromium-ffmpegsumo-debuginfo

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Patch Publication Date: 12/4/2012

Vulnerability Publication Date: 11/28/2012

Reference Information

CVE: CVE-2012-5130, CVE-2012-5131, CVE-2012-5132, CVE-2012-5133, CVE-2012-5134, CVE-2012-5135, CVE-2012-5136, CVE-2012-5137, CVE-2012-5138