openSUSE Security Update : chromium (openSUSE-SU-2014:1378-1)

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

- Update to Chromium 38.0.2125.101 This update includes
159 security fixes, including 113 relatively minor
fixes. Highlighted securtiy fixes are: CVE-2014-3188: A
combination of V8 and IPC bugs that can lead to remote
code execution outside of the sandbox CVE-2014-3189:
Out-of-bounds read in PDFium CVE-2014-3190:
Use-after-free in Events CVE-2014-3191: Use-after-free
in Rendering CVE-2014-3192: Use-after-free in DOM
CVE-2014-3193: Type confusion in Session Management
CVE-2014-3194: Use-after-free in Web Workers
CVE-2014-3195: Information Leak in V8 CVE-2014-3196:
Permissions bypass in Windows Sandbox CVE-2014-3197:
Information Leak in XSS Auditor CVE-2014-3198:
Out-of-bounds read in PDFium CVE-2014-3199: Release
Assert in V8 bindings CVE-2014-3200: Various fixes from
internal audits, fuzzing and other initiatives

- Drop the build of the Native Client. This is actually
not a build as that prebuild binaries are being shipped.
Also Google no longer provides prebuild binaries for the
NativeClient for 32bit. Chromium as webbrowser is not
affected by this and it bring Chromium inline with the
regulations that prebuild binaries should not be
shipped.

- toolchaing_linux tarball dropped

- Spec-file cleaned for NaCl stuff

- Added patch no-clang-on-packman.diff to prevent the
usage of clang on packman, which is not supported there

See also :

http://lists.opensuse.org/opensuse-updates/2014-11/msg00025.html
https://bugzilla.opensuse.org/show_bug.cgi?id=896106

Solution :

Update the affected chromium packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now