openSUSE Security Update : chromium (openSUSE-SU-2014:0982-1)

high Nessus Plugin ID 77127

Synopsis

The remote openSUSE host is missing a security update.

Description

Chromium was updated to version 36.0.1985.125. New Functionality :

- Rich Notifications Improvements

- An Updated Incognito / Guest NTP design

- The addition of a Browser crash recovery bubble

- Chrome App Launcher for Linux

- Lots of under the hood changes for stability and performance Security Fixes (bnc#887952,bnc#887955) :

- CVE-2014-3160: Same-Origin-Policy bypass in SVG

- CVE-2014-3162: Various fixes from internal audits, fuzzing and other initiatives and 24 more fixes for which no description was given. Packaging changes :

- Switch to newer method to retrieve toolchain packages.
Dropping the three naclsdk_*tgz files. Everything is now included in the toolchain_linux_x86.tar.bz2 tarball

- Add Courgette.tar.xz as that the build process now requires some files from Courgette in order to build succesfully. This does not mean that Courgette is build/delivered.

Includes also an update to Chromium 35.0.1916.153 Security fixes (bnc#882264,bnc#882264,bnc#882265,bnc#882263) :

- CVE-2014-3154: Use-after-free in filesystem api

- CVE-2014-3155: Out-of-bounds read in SPDY

- CVE-2014-3156: Buffer overflow in clipboard

- CVE-2014-3157: Heap overflow in media

Solution

Update the affected chromium packages.

See Also

https://bugzilla.novell.com/show_bug.cgi?id=882263

https://bugzilla.novell.com/show_bug.cgi?id=882264

https://bugzilla.novell.com/show_bug.cgi?id=882265

https://bugzilla.novell.com/show_bug.cgi?id=887952

https://bugzilla.novell.com/show_bug.cgi?id=887955

https://lists.opensuse.org/opensuse-updates/2014-08/msg00013.html

Plugin Details

Severity: High

ID: 77127

File Name: openSUSE-2014-483.nasl

Version: 1.8

Type: local

Agent: unix

Published: 8/12/2014

Updated: 1/19/2021

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:chromedriver, p-cpe:/a:novell:opensuse:chromedriver-debuginfo, p-cpe:/a:novell:opensuse:chromium, p-cpe:/a:novell:opensuse:chromium-debuginfo, p-cpe:/a:novell:opensuse:chromium-debugsource, p-cpe:/a:novell:opensuse:chromium-desktop-gnome, p-cpe:/a:novell:opensuse:chromium-desktop-kde, p-cpe:/a:novell:opensuse:chromium-ffmpegsumo, p-cpe:/a:novell:opensuse:chromium-ffmpegsumo-debuginfo, p-cpe:/a:novell:opensuse:chromium-suid-helper, p-cpe:/a:novell:opensuse:chromium-suid-helper-debuginfo, cpe:/o:novell:opensuse:12.3, cpe:/o:novell:opensuse:13.1

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 7/28/2014

Reference Information

CVE: CVE-2014-3154, CVE-2014-3155, CVE-2014-3156, CVE-2014-3157, CVE-2014-3160, CVE-2014-3162

BID: 67972, 67977, 67980, 67981, 68677