openSUSE Security Update: chromium to 32.0.1700.102
______________________________________________________________________________

Announcement ID: openSUSE-SU-2014:0243-1
Rating: important
References: #861013
Cross-References: CVE-2013-6641 CVE-2013-6643 CVE-2013-6644
CVE-2013-6645 CVE-2013-6646 CVE-2013-6649
CVE-2013-6650
Affected Products:
openSUSE 13.1
openSUSE 12.3
______________________________________________________________________________

An update that fixes 7 vulnerabilities is now available.

Description:

Chromium was updated to version 32.0.1700.102: Stable
channel update:
– Security Fixes:
* CVE-2013-6649: Use-after-free in SVG images
* CVE-2013-6650: Memory corruption in V8
* and 12 other fixes
– Other:
* Mouse Pointer disappears after exiting full-screen
mode
* Drag and drop files into Chromium may not work
properly
* Quicktime Plugin crashes in Chromium
* Chromium becomes unresponsive
* Trackpad users may not be able to scroll horizontally
* Scrolling does not work in combo box
* Chromium does not work with all CSS minifiers such
as whitespace around a media query’s `and` keyword

– Update to Chromium 32.0.1700.77 Stable channel update:
– Security fixes:
* CVE-2013-6646: Use-after-free in web workers
* CVE-2013-6641: Use-after-free related to forms
* CVE-2013-6643: Unprompted sync with an attacker’s
Google account
* CVE-2013-6645: Use-after-free related to speech
input elements
* CVE-2013-6644: Various fixes from internal audits,
fuzzing and other initiatives
– Other:
* Tab indicators for sound, webcam and casting
* Automatically blocking malware files
* Lots of under the hood changes for stability and
performance
– Remove patch chromium-fix-chromedriver-build.diff as
that chromedriver is fixed upstream

– Updated ExcludeArch to exclude aarch64, ppc, ppc64 and
ppc64le. This is based on missing build requires
(valgrind, v8, etc)

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– openSUSE 13.1:

zypper in -t patch openSUSE-2014-135

– openSUSE 12.3:

zypper in -t patch openSUSE-2014-135

To bring your system up-to-date, use “zypper patch”.

Package List:

– openSUSE 13.1 (i586 x86_64):

chromedriver-32.0.1700.102-17.2
chromedriver-debuginfo-32.0.1700.102-17.2
chromium-32.0.1700.102-17.2
chromium-debuginfo-32.0.1700.102-17.2
chromium-debugsource-32.0.1700.102-17.2
chromium-desktop-gnome-32.0.1700.102-17.2
chromium-desktop-kde-32.0.1700.102-17.2
chromium-ffmpegsumo-32.0.1700.102-17.2
chromium-ffmpegsumo-debuginfo-32.0.1700.102-17.2
chromium-suid-helper-32.0.1700.102-17.2
chromium-suid-helper-debuginfo-32.0.1700.102-17.2

– openSUSE 12.3 (i586 x86_64):

chromedriver-32.0.1700.102-1.25.2
chromedriver-debuginfo-32.0.1700.102-1.25.2
chromium-32.0.1700.102-1.25.2
chromium-debuginfo-32.0.1700.102-1.25.2
chromium-debugsource-32.0.1700.102-1.25.2
chromium-desktop-gnome-32.0.1700.102-1.25.2
chromium-desktop-kde-32.0.1700.102-1.25.2
chromium-ffmpegsumo-32.0.1700.102-1.25.2
chromium-ffmpegsumo-debuginfo-32.0.1700.102-1.25.2
chromium-suid-helper-32.0.1700.102-1.25.2
chromium-suid-helper-debuginfo-32.0.1700.102-1.25.2

References:

http://support.novell.com/security/cve/CVE-2013-6641.html
http://support.novell.com/security/cve/CVE-2013-6643.html
http://support.novell.com/security/cve/CVE-2013-6644.html
http://support.novell.com/security/cve/CVE-2013-6645.html
http://support.novell.com/security/cve/CVE-2013-6646.html
http://support.novell.com/security/cve/CVE-2013-6649.html
http://support.novell.com/security/cve/CVE-2013-6650.html
https://bugzilla.novell.com/861013

—
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org