[security-announce] openSUSE-SU-2012:0374-1: important: update for chromium, v8

news · March 16, 2012

openSUSE Security Update: update for chromium, v8

______________________________________________________________________________

Announcement ID: openSUSE-SU-2012:0374-1

Rating: important

References: #750407 #751466 #751738

Cross-References: CVE-2011-3031 CVE-2011-3032 CVE-2011-3033

CVE-2011-3034 CVE-2011-3035 CVE-2011-3036

CVE-2011-3037 CVE-2011-3038 CVE-2011-3039

CVE-2011-3040 CVE-2011-3041 CVE-2011-3042

CVE-2011-3043 CVE-2011-3044 CVE-2011-3046

CVE-2011-3047

Affected Products:

openSUSE 12.1

______________________________________________________________________________

An update that fixes 16 vulnerabilities is now available.

Description:

Changes in chromium:

- Update to 19.0.1066

* Fixed Chrome install/update resets Google search

preferences (Issue: 105390)

* Don't trigger accelerated compositing on 3D CSS when

using swiftshader (Issue: 116401)

* Fixed a GPU crash (Issue: 116096)

* More fixes for Back button frequently hangs (Issue:

93427)

* Bastion now works (Issue: 116285)

* Fixed Composited layer sorting irregularity with

accelerated canvas (Issue: 102943)

* Fixed Composited layer sorting irregularity with

accelerated canvas (Issue: 102943)

* Fixed Google Feedback causes render process to use too

much memory (Issue: 114489)

* Fixed after upgrade, some pages are rendered as blank

(Issue: 109888)

* Fixed Pasting text into a single-line text field

shouldn't keep literal newlines (Issue: 106551)

- Security Fixes:

* Critical CVE-2011-3047: Errant plug-in load and GPU

process memory corruption

* Critical CVE-2011-3046: UXSS and bad history navigation.

- Update to 19.0.1060

* Fixed NTP signed in state is missing (Issue: 112676)

* Fixed gmail seems to redraw itself (all white)

occasionally (Issue: 111263)

* Focus "OK" button on Javascript dialogs (Issue: 111015)

* Fixed Back button frequently hangs (Issue: 93427)

* Increase the buffer size to fix muted playback rate

(Issue: 108239)

* Fixed Empty span with line-height renders with non-zero

height (Issue: 109811)

* Marked the Certum Trusted Network CA as an issuer of

extended-validation (EV) certificates.

* Fixed importing of bookmarks, history, etc. from

Firefox 10+.

* Fixed issues - 114001, 110785, 114168, 114598, 111663,

113636, 112676

* Fixed several crashes (Issues: 111376, 108688, 114391)

* Fixed Firefox browser in Import Bookmarks and Settings

drop-down (Issue: 114476)

* Sync: Sessions aren't associating pre-existing tabs

(Issue: 113319)

* Fixed All "Extensions" make an entry under the "NTP

Apps" page (Issue: 113672)

- Security Fixes (bnc#750407):

* High CVE-2011-3031: Use-after-free in v8 element

wrapper.

* High CVE-2011-3032: Use-after-free in SVG value

handling.

* High CVE-2011-3033: Buffer overflow in the Skia

drawing library.

* High CVE-2011-3034: Use-after-free in SVG document

handling.

* High CVE-2011-3035: Use-after-free in SVG use handling.

* High CVE-2011-3036: Bad cast in line box handling.

* High CVE-2011-3037: Bad casts in anonymous block

splitting.

* High CVE-2011-3038: Use-after-free in multi-column

handling.

* High CVE-2011-3039: Use-after-free in quote handling.

* High CVE-2011-3040: Out-of-bounds read in text

handling.

* High CVE-2011-3041: Use-after-free in class attribute

handling.

* High CVE-2011-3042: Use-after-free in table section

handling.

* High CVE-2011-3043: Use-after-free in flexbox with

floats.

* High CVE-2011-3044: Use-after-free with SVG animation

elements.

Changes in v8:

- Update to 3.9.13.0

* Add code kind check before preparing for OSR. (issue

1900, 115073)

* Pass zone explicitly to zone-allocation on x64 and ARM.

(issue 1802)

* Port string construct stub to x64. (issue 849)

* Performance and stability improvements on all platforms.

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

- openSUSE 12.1:

zypper in -t patch openSUSE-2012-165

To bring your system up-to-date, use "zypper patch".

Package List:

- openSUSE 12.1 (i586 x86_64):

chromium-19.0.1066.0-1.11.2

chromium-debuginfo-19.0.1066.0-1.11.2

chromium-debugsource-19.0.1066.0-1.11.2

chromium-desktop-gnome-19.0.1066.0-1.11.2

chromium-desktop-kde-19.0.1066.0-1.11.2

chromium-suid-helper-19.0.1066.0-1.11.2

chromium-suid-helper-debuginfo-19.0.1066.0-1.11.2

libv8-3-3.9.13.0-1.15.1

libv8-3-debuginfo-3.9.13.0-1.15.1

v8-debugsource-3.9.13.0-1.15.1

v8-devel-3.9.13.0-1.15.1

v8-private-headers-devel-3.9.13.0-1.15.1

References:

http://support.novell.com/security/cve/CVE-2011-3031.html

http://support.novell.com/security/cve/CVE-2011-3032.html

http://support.novell.com/security/cve/CVE-2011-3033.html

http://support.novell.com/security/cve/CVE-2011-3034.html

http://support.novell.com/security/cve/CVE-2011-3035.html

http://support.novell.com/security/cve/CVE-2011-3036.html

http://support.novell.com/security/cve/CVE-2011-3037.html

http://support.novell.com/security/cve/CVE-2011-3038.html

http://support.novell.com/security/cve/CVE-2011-3039.html

http://support.novell.com/security/cve/CVE-2011-3040.html

http://support.novell.com/security/cve/CVE-2011-3041.html

http://support.novell.com/security/cve/CVE-2011-3042.html

http://support.novell.com/security/cve/CVE-2011-3043.html

http://support.novell.com/security/cve/CVE-2011-3044.html

http://support.novell.com/security/cve/CVE-2011-3046.html

http://support.novell.com/security/cve/CVE-2011-3047.html

https://bugzilla.novell.com/750407

https://bugzilla.novell.com/751466

https://bugzilla.novell.com/751738

--

To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org

For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org

Sign In

[security-announce] openSUSE-SU-2012:0374-1: important: update for chromium, v8

Recommended Posts

news 28

Share this post

Link to post

Please sign in to comment

Browse

Activity