You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa Chromium

Sigurnosni nedostaci programskog paketa Chromium

by ncert - 0
  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LSU

openSUSE Security Update: Security update to Chromium 41.0.2272.76
______________________________________________________________________________

Announcement ID: openSUSE-SU-2015:0505-1
Rating: important
References: #920825
Cross-References: CVE-2015-1212 CVE-2015-1213 CVE-2015-1214
CVE-2015-1215 CVE-2015-1216 CVE-2015-1217
CVE-2015-1218 CVE-2015-1219 CVE-2015-1220
CVE-2015-1221 CVE-2015-1222 CVE-2015-1223
CVE-2015-1224 CVE-2015-1225 CVE-2015-1226
CVE-2015-1227 CVE-2015-1228 CVE-2015-1229
CVE-2015-1230 CVE-2015-1231
Affected Products:
openSUSE 13.2
openSUSE 13.1
______________________________________________________________________________

An update that fixes 20 vulnerabilities is now available.

Description:

Chromium was updated to 41.0.2272.76 (bnc#920825)

Security fixes:
* CVE-2015-1212: Out-of-bounds write in media
* CVE-2015-1213: Out-of-bounds write in skia filters
* CVE-2015-1214: Out-of-bounds write in skia filters
* CVE-2015-1215: Out-of-bounds write in skia filters
* CVE-2015-1216: Use-after-free in v8 bindings
* CVE-2015-1217: Type confusion in v8 bindings
* CVE-2015-1218: Use-after-free in dom
* CVE-2015-1219: Integer overflow in webgl
* CVE-2015-1220: Use-after-free in gif decoder
* CVE-2015-1221: Use-after-free in web databases
* CVE-2015-1222: Use-after-free in service workers
* CVE-2015-1223: Use-after-free in dom
* CVE-2015-1230: Type confusion in v8
* CVE-2015-1224: Out-of-bounds read in vpxdecoder
* CVE-2015-1225: Out-of-bounds read in pdfium
* CVE-2015-1226: Validation issue in debugger
* CVE-2015-1227: Uninitialized value in blink
* CVE-2015-1228: Uninitialized value in rendering
* CVE-2015-1229: Cookie injection via proxies
* CVE-2015-1231: Various fixes from internal audits
* Multiple vulnerabilities in V8 fixed at the tip of the 4.1 branch

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– openSUSE 13.2:

zypper in -t patch openSUSE-2015-228=1

– openSUSE 13.1:

zypper in -t patch openSUSE-2015-228=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– openSUSE 13.2 (i586 x86_64):

chromedriver-41.0.2272.76-17.1
chromedriver-debuginfo-41.0.2272.76-17.1
chromium-41.0.2272.76-17.1
chromium-debuginfo-41.0.2272.76-17.1
chromium-debugsource-41.0.2272.76-17.1
chromium-desktop-gnome-41.0.2272.76-17.1
chromium-desktop-kde-41.0.2272.76-17.1
chromium-ffmpegsumo-41.0.2272.76-17.1
chromium-ffmpegsumo-debuginfo-41.0.2272.76-17.1

– openSUSE 13.1 (i586 x86_64):

chromedriver-41.0.2272.76-72.1
chromedriver-debuginfo-41.0.2272.76-72.1
chromium-41.0.2272.76-72.1
chromium-debuginfo-41.0.2272.76-72.1
chromium-debugsource-41.0.2272.76-72.1
chromium-desktop-gnome-41.0.2272.76-72.1
chromium-desktop-kde-41.0.2272.76-72.1
chromium-ffmpegsumo-41.0.2272.76-72.1
chromium-ffmpegsumo-debuginfo-41.0.2272.76-72.1

References:

http://support.novell.com/security/cve/CVE-2015-1212.html
http://support.novell.com/security/cve/CVE-2015-1213.html
http://support.novell.com/security/cve/CVE-2015-1214.html
http://support.novell.com/security/cve/CVE-2015-1215.html
http://support.novell.com/security/cve/CVE-2015-1216.html
http://support.novell.com/security/cve/CVE-2015-1217.html
http://support.novell.com/security/cve/CVE-2015-1218.html
http://support.novell.com/security/cve/CVE-2015-1219.html
http://support.novell.com/security/cve/CVE-2015-1220.html
http://support.novell.com/security/cve/CVE-2015-1221.html
http://support.novell.com/security/cve/CVE-2015-1222.html
http://support.novell.com/security/cve/CVE-2015-1223.html
http://support.novell.com/security/cve/CVE-2015-1224.html
http://support.novell.com/security/cve/CVE-2015-1225.html
http://support.novell.com/security/cve/CVE-2015-1226.html
http://support.novell.com/security/cve/CVE-2015-1227.html
http://support.novell.com/security/cve/CVE-2015-1228.html
http://support.novell.com/security/cve/CVE-2015-1229.html
http://support.novell.com/security/cve/CVE-2015-1230.html
http://support.novell.com/security/cve/CVE-2015-1231.html
https://bugzilla.suse.com/920825


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

AutorMarko Stanec
Cert idNCERT-REF-2015-03-0060-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
Izvorhttp://www.adobe.com/
ncert
Top
More in Preporuke
Sigurnosni nedostaci programskog paketa file

Otkriveni su sigurnosni nedostaci u programskom paketu file za operacijski sustav Gentoo. Otkriveni nedostaci potencijalnim napadačima omogućuju izvođenje napada uskraćivanja...

Close