openSUSE Security Update : chromium / v8 (openSUSE-SU-2012:0813-1)

This script is Copyright (C) 2014-2016 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

- Update Chromium to 22.0.1190

- Security Fixes (bnc#769181) :

- CVE-2012-2815: Leak of iframe fragment id

- CVE-2012-2816: Prevent sandboxed processes interfering
with each other

- CVE-2012-2817: Use-after-free in table section handling

- CVE-2012-2818: Use-after-free in counter layout

- CVE-2012-2819: Crash in texture handling

- CVE-2012-2820: Out-of-bounds read in SVG filter handling

- CVE-2012-2821: Autofill display problem

- CVE-2012-2823: Use-after-free in SVG resource handling

- CVE-2012-2826: Out-of-bounds read in texture conversion

- CVE-2012-2829: Use-after-free in first-letter handling

- CVE-2012-2830: Wild pointer in array value setting

- CVE-2012-2831: Use-after-free in SVG reference handling

- CVE-2012-2834: Integer overflow in Matroska container

- CVE-2012-2825: Wild read in XSL handling

- CVE-2012-2807: Integer overflows in libxml

- Fix update-alternatives within the spec-file

- Update v8 to 3.12.5.0

- Fixed Chromium issues: 115100, 129628, 131994, 132727,
132741, 132742, 133211

- Fixed V8 issues: 915, 1914, 2034, 2087, 2094, 2134,
2156, 2166, 2172, 2177, 2179, 2185

- Added --extra-code flag to mksnapshot to load JS code
into the VM before creating the snapshot.

- Support 'restart call frame' command in the debugger.

- Fixed lazy sweeping heuristics to prevent old-space
expansion. (issue 2194)

- Fixed sharing of literal boilerplates for optimized
code. (issue 2193)

- Removed -fomit-frame-pointer flag from Release builds to
make the stack walkable by TCMalloc (Chromium issue
133723).

- Expose more detailed memory statistics (issue 2201).

- Fixed Harmony Maps and WeakMaps for undefined values
(Chromium issue 132744).

- Update v8 to 3.11.10.6

- Implemented heap profiler memory usage reporting.

- Preserved error message during finally block in
try..finally. (Chromium issue 129171)

- Fixed EnsureCanContainElements to properly handle double
values. (issue 2170)

- Improved heuristics to keep objects in fast mode with
inherited constructors.

- Performance and stability improvements on all platforms.

- Implemented ES5-conformant semantics for inherited
setters and read-only properties. Currently behind
--es5_readonly flag, because it breaks WebKit bindings.

- Exposed last seen heap object id via v8 public api.

- Update v8 to 3.11.8.0

- Avoid overdeep recursion in regexp where a guarded
expression with a minimum repetition count is inside
another quantifier. (Chromium issue 129926)

- Fixed missing write barrier in store field stub. (issues
2143, 1465, Chromium issue 129355)

- Proxies: Fixed receiver for setters inherited from
proxies.

- Proxies: Fixed ToStringArray function so that it does
not reject some keys. (issue 1543)

- Update v8 to 3.11.7.0

- Get better function names in stack traces.

- Fixed RegExp.prototype.toString for incompatible
receivers (issue 1981).

- Some cleanup to common.gypi. This fixes some host/target
combinations that weren't working in the Make build on
Mac.

- Handle EINTR in socket functions and continue incomplete
sends. (issue 2098)

- Fixed python deprecations. (issue 1391)

- Made socket send and receive more robust and return 0 on
failure. (Chromium issue 15719)

- Fixed GCC 4.7 (C++11) compilation. (issue 2136)

- Set '-m32' option for host and target platforms

- Performance and stability improvements on all platforms.

See also :

http://lists.opensuse.org/opensuse-updates/2012-07/msg00003.html
https://bugzilla.novell.com/show_bug.cgi?id=769181

Solution :

Update the affected chromium / v8 packages.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.3
(CVSS2#E:POC/RL:OF/RC:ND)
Public Exploit Available : true

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now