openSUSE Security Update : Chromium (openSUSE-SU-2012:1637-1)

Critical Nessus Plugin ID 74839


The remote openSUSE host is missing a security update.


Chromium was updated to 25.0.1343

- Security Fixes (bnc#791234 and bnc#792154) :

- CVE-2012-5131: Corrupt rendering in the Apple OSX driver for Intel GPUs

- CVE-2012-5133: Use-after-free in SVG filters.

- CVE-2012-5130: Out-of-bounds read in Skia

- CVE-2012-5132: Browser crash with chunked encoding

- CVE-2012-5134: Buffer underflow in libxml.

- CVE-2012-5135: Use-after-free with printing.

- CVE-2012-5136: Bad cast in input element handling.

- CVE-2012-5138: Incorrect file path handling

- CVE-2012-5137: Use-after-free in media source handling

- Correct build so that proprietary codecs can be used when the chromium-ffmpeg package is installed

- Update to 25.0.1335

- {gtk} Fixed <input> selection renders white text on white background in apps. (Issue: 158422)

- Fixed translate infobar button to show selected language. (Issue: 155350)

- Fixed broken Arabic language. (Issue: 158978)

- Fixed pre-rendering if the preference is disabled at start up. (Issue: 159393)

- Fixed JavaScript rendering issue. (Issue: 159655)

- No further indications in the ChangeLog

- Updated V8 -

- Bookmarks are now searched by their title while typing into the omnibox with matching bookmarks being shown in the autocomplete suggestions pop-down list. Matching is done by prefix.

- Fixed chromium issues 155871, 154173, 155133.

- Removed patch chomium-ffmpeg-no-pkgconfig.patch

- Building now internal based on the standard chromium ffmpeg codecs

- Add a configuration file (/etc/default/chromium) where we can indicate flags for the chromium-browser.

- add explicit buildrequire on libbz2-devel


Update the affected Chromium packages.

See Also

Plugin Details

Severity: Critical

ID: 74839

File Name: openSUSE-2012-845.nasl

Version: $Revision: 1.3 $

Type: local

Agent: unix

Published: 2014/06/13

Modified: 2015/01/26

Dependencies: 12634

Risk Information

Risk Factor: Critical


Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:chromedriver, p-cpe:/a:novell:opensuse:chromedriver-debuginfo, p-cpe:/a:novell:opensuse:chromium, p-cpe:/a:novell:opensuse:chromium-debuginfo, p-cpe:/a:novell:opensuse:chromium-debugsource, p-cpe:/a:novell:opensuse:chromium-desktop-gnome, p-cpe:/a:novell:opensuse:chromium-desktop-kde, p-cpe:/a:novell:opensuse:chromium-ffmpegsumo, p-cpe:/a:novell:opensuse:chromium-ffmpegsumo-debuginfo, p-cpe:/a:novell:opensuse:chromium-suid-helper, p-cpe:/a:novell:opensuse:chromium-suid-helper-debuginfo, cpe:/o:novell:opensuse:12.1, cpe:/o:novell:opensuse:12.2

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Patch Publication Date: 2012/12/04

Reference Information

CVE: CVE-2012-5130, CVE-2012-5131, CVE-2012-5132, CVE-2012-5133, CVE-2012-5134, CVE-2012-5135, CVE-2012-5136, CVE-2012-5137, CVE-2012-5138