openSUSE Security Update : chromium / v8 (openSUSE-SU-2012:0813-1)

High Nessus Plugin ID 74660

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 5.9

Synopsis

The remote openSUSE host is missing a security update.

Description

- Update Chromium to 22.0.1190

- Security Fixes (bnc#769181) :

- CVE-2012-2815: Leak of iframe fragment id

- CVE-2012-2816: Prevent sandboxed processes interfering with each other

- CVE-2012-2817: Use-after-free in table section handling

- CVE-2012-2818: Use-after-free in counter layout

- CVE-2012-2819: Crash in texture handling

- CVE-2012-2820: Out-of-bounds read in SVG filter handling

- CVE-2012-2821: Autofill display problem

- CVE-2012-2823: Use-after-free in SVG resource handling

- CVE-2012-2826: Out-of-bounds read in texture conversion

- CVE-2012-2829: Use-after-free in first-letter handling

- CVE-2012-2830: Wild pointer in array value setting

- CVE-2012-2831: Use-after-free in SVG reference handling

- CVE-2012-2834: Integer overflow in Matroska container

- CVE-2012-2825: Wild read in XSL handling

- CVE-2012-2807: Integer overflows in libxml

- Fix update-alternatives within the spec-file

- Update v8 to 3.12.5.0

- Fixed Chromium issues: 115100, 129628, 131994, 132727, 132741, 132742, 133211

- Fixed V8 issues: 915, 1914, 2034, 2087, 2094, 2134, 2156, 2166, 2172, 2177, 2179, 2185

- Added --extra-code flag to mksnapshot to load JS code into the VM before creating the snapshot.

- Support 'restart call frame' command in the debugger.

- Fixed lazy sweeping heuristics to prevent old-space expansion. (issue 2194)

- Fixed sharing of literal boilerplates for optimized code. (issue 2193)

- Removed -fomit-frame-pointer flag from Release builds to make the stack walkable by TCMalloc (Chromium issue 133723).

- Expose more detailed memory statistics (issue 2201).

- Fixed Harmony Maps and WeakMaps for undefined values (Chromium issue 132744).

- Update v8 to 3.11.10.6

- Implemented heap profiler memory usage reporting.

- Preserved error message during finally block in try..finally. (Chromium issue 129171)

- Fixed EnsureCanContainElements to properly handle double values. (issue 2170)

- Improved heuristics to keep objects in fast mode with inherited constructors.

- Performance and stability improvements on all platforms.

- Implemented ES5-conformant semantics for inherited setters and read-only properties. Currently behind
--es5_readonly flag, because it breaks WebKit bindings.

- Exposed last seen heap object id via v8 public api.

- Update v8 to 3.11.8.0

- Avoid overdeep recursion in regexp where a guarded expression with a minimum repetition count is inside another quantifier. (Chromium issue 129926)

- Fixed missing write barrier in store field stub. (issues 2143, 1465, Chromium issue 129355)

- Proxies: Fixed receiver for setters inherited from proxies.

- Proxies: Fixed ToStringArray function so that it does not reject some keys. (issue 1543)

- Update v8 to 3.11.7.0

- Get better function names in stack traces.

- Fixed RegExp.prototype.toString for incompatible receivers (issue 1981).

- Some cleanup to common.gypi. This fixes some host/target combinations that weren't working in the Make build on Mac.

- Handle EINTR in socket functions and continue incomplete sends. (issue 2098)

- Fixed python deprecations. (issue 1391)

- Made socket send and receive more robust and return 0 on failure. (Chromium issue 15719)

- Fixed GCC 4.7 (C++11) compilation. (issue 2136)

- Set '-m32' option for host and target platforms

- Performance and stability improvements on all platforms.

Solution

Update the affected chromium / v8 packages.

See Also

https://bugzilla.novell.com/show_bug.cgi?id=769181

https://lists.opensuse.org/opensuse-updates/2012-07/msg00003.html

Plugin Details

Severity: High

ID: 74660

File Name: openSUSE-2012-355.nasl

Version: 1.6

Type: local

Agent: unix

Published: 2014/06/13

Updated: 2020/06/04

Dependencies: 12634

Risk Information

Risk Factor: High

VPR Score: 5.9

CVSS v2.0

Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:chromedriver, p-cpe:/a:novell:opensuse:chromedriver-debuginfo, p-cpe:/a:novell:opensuse:chromium, p-cpe:/a:novell:opensuse:chromium-debuginfo, p-cpe:/a:novell:opensuse:chromium-debugsource, p-cpe:/a:novell:opensuse:chromium-desktop-gnome, p-cpe:/a:novell:opensuse:chromium-desktop-kde, p-cpe:/a:novell:opensuse:chromium-suid-helper, p-cpe:/a:novell:opensuse:chromium-suid-helper-debuginfo, p-cpe:/a:novell:opensuse:libv8-3, p-cpe:/a:novell:opensuse:libv8-3-debuginfo, p-cpe:/a:novell:opensuse:v8-debugsource, p-cpe:/a:novell:opensuse:v8-devel, p-cpe:/a:novell:opensuse:v8-private-headers-devel, cpe:/o:novell:opensuse:12.1

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2012/07/02

Reference Information

CVE: CVE-2012-2807, CVE-2012-2815, CVE-2012-2816, CVE-2012-2817, CVE-2012-2818, CVE-2012-2819, CVE-2012-2820, CVE-2012-2821, CVE-2012-2823, CVE-2012-2825, CVE-2012-2826, CVE-2012-2829, CVE-2012-2830, CVE-2012-2831, CVE-2012-2834