openSUSE Security Update : chromium / v8 (openSUSE-SU-2012:0656-1)

This script is Copyright (C) 2014-2016 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

Chromium update to 21.0.1145

- Fixed several issues around audio not playing with
videos

- Crash Fixes

- Improvements to trackpad on Cr-48

- Security Fixes (bnc#762481)

- CVE-2011-3083: Browser crash with video + FTP

- CVE-2011-3084: Load links from internal pages in their
own process.

- CVE-2011-3085: UI corruption with long autofilled values

- CVE-2011-3086: Use-after-free with style element.

- CVE-2011-3087: Incorrect window navigation

- CVE-2011-3088: Out-of-bounds read in hairline drawing

- CVE-2011-3089: Use-after-free in table handling.

- CVE-2011-3090: Race condition with workers.

- CVE-2011-3091: Use-after-free with indexed DB

- CVE-2011-3092: Invalid write in v8 regex

- CVE-2011-3093: Out-of-bounds read in glyph handling

- CVE-2011-3094: Out-of-bounds read in Tibetan handling

- CVE-2011-3095: Out-of-bounds write in OGG container.

- CVE-2011-3096: Use-after-free in GTK omnibox handling.

- CVE-2011-3098: Bad search path for Windows Media Player
plug-in

- CVE-2011-3100: Out-of-bounds read drawing dash paths.

- CVE-2011-3101: Work around Linux Nvidia driver bug

- CVE-2011-3102: Off-by-one out-of-bounds write in libxml.

See also :

http://lists.opensuse.org/opensuse-updates/2012-05/msg00040.html
https://bugzilla.novell.com/show_bug.cgi?id=762481

Solution :

Update the affected chromium / v8 packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.8
(CVSS2#E:POC/RL:OF/RC:ND)
Public Exploit Available : true

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now