openSUSE Security Update : chromium (openSUSE-SU-2013:0454-1)

High Nessus Plugin ID 74920


The remote openSUSE host is missing a security update.


chromium was updated to version 27.0.1425 having both stability and security fixes :

- Bug and stability fixes :

- Fixed crash after clicking through malware warning.
(Issue: 173986)

- Fixed broken command line to create extensions with locale info (Issue: 176187)

- Hosted apps in Chrome will always be opened from app launcher. (Issue: 176267)

- Added modal confirmation dialog to the enterprise profile sign-in flow. (Issue: 171236)

- Fixed a crash with autofill. (Issues: 175454, 176576)

- Fixed issues with sign-in. (Issues: 175672, 175819, 175541, 176190)

- Fixed spurious profile shortcuts created with a system-level install. (Issue: 177047)

- Fixed the background tab flashing with certain themes.
(Issue: 175426)

- Security Fixes: (bnc#804986)

- High CVE-2013-0879: Memory corruption with web audio node

- High CVE-2013-0880: Use-after-free in database handling

- Medium CVE-2013-0881: Bad read in Matroska handling

- High CVE-2013-0882: Bad memory access with excessive SVG parameters.

- Medium CVE-2013-0883: Bad read in Skia.

- Low CVE-2013-0884: Inappropriate load of NaCl.

- Medium CVE-2013-0885: Too many API permissions granted to web store

- Medium CVE-2013-0886: Incorrect NaCl signal handling.

- Low CVE-2013-0887: Developer tools process has too many permissions and places too much trust in the connected server

- Medium CVE-2013-0888: Out-of-bounds read in Skia

- Low CVE-2013-0889: Tighten user gesture check for dangerous file downloads.

- High CVE-2013-0890: Memory safety issues across the IPC layer.

- High CVE-2013-0891: Integer overflow in blob handling.

- Medium CVE-2013-0892: Lower severity issues across the IPC layer

- Medium CVE-2013-0893: Race condition in media handling.

- High CVE-2013-0894: Buffer overflow in vorbis decoding.

- High CVE-2013-0895: Incorrect path handling in file copying.

- High CVE-2013-0896: Memory management issues in plug-in message handling

- Low CVE-2013-0897: Off-by-one read in PDF

- High CVE-2013-0898: Use-after-free in URL handling

- Low CVE-2013-0899: Integer overflow in Opus handling

- Medium CVE-2013-0900: Race condition in ICU

- Make adjustment for autodetecting of the PepperFlash library. The package with the PepperFlash hopefully will be soon available through packman

- Update to 26.0.1411

- Bug and stability fixes

- Update to 26.0.1403

- Bug and stability fixes

- Using system libxml2 requires system libxslt.

- Using system MESA does not work in i586 for some reason.

- Also use system MESA, factory version seems adecuate now.

- Always use system libxml2.

- Restrict the usage of system libraries instead of the bundled ones to new products, too much hassle otherwise.

- Also link kerberos and libgps directly, do not dlopen them.

- Avoid using dlopen on system libraries, rpm or the package Manager do not handle this at all. tested for a few weeks and implemented with a macro so it can be easily disabled if problems arise.

- Use SOME system libraries instead of the bundled ones, tested for several weeks and implemented with a macro for easy enable/Disable in case of trouble.

- Update to 26.0.1393

- Bug and stability fixes

- Security fixes

- Update to 26.0.1375

- Bug and stability fixes

- Update to 26.0.1371

- Bug and stability fixes

- Update to 26.0.1367

- Bug and stability fixes


Update the affected chromium packages.

See Also

Plugin Details

Severity: High

ID: 74920

File Name: openSUSE-2013-203.nasl

Version: $Revision: 1.3 $

Type: local

Agent: unix

Published: 2014/06/13

Modified: 2017/11/02

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:F/RL:OF/RC:ND

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:chromedriver, p-cpe:/a:novell:opensuse:chromedriver-debuginfo, p-cpe:/a:novell:opensuse:chromium, p-cpe:/a:novell:opensuse:chromium-debuginfo, p-cpe:/a:novell:opensuse:chromium-debugsource, p-cpe:/a:novell:opensuse:chromium-desktop-gnome, p-cpe:/a:novell:opensuse:chromium-desktop-kde, p-cpe:/a:novell:opensuse:chromium-ffmpegsumo, p-cpe:/a:novell:opensuse:chromium-ffmpegsumo-debuginfo, p-cpe:/a:novell:opensuse:chromium-suid-helper, p-cpe:/a:novell:opensuse:chromium-suid-helper-debuginfo, cpe:/o:novell:opensuse:12.1, cpe:/o:novell:opensuse:12.2

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2013/03/09

Reference Information

CVE: CVE-2013-0879, CVE-2013-0880, CVE-2013-0881, CVE-2013-0882, CVE-2013-0883, CVE-2013-0884, CVE-2013-0885, CVE-2013-0886, CVE-2013-0887, CVE-2013-0888, CVE-2013-0889, CVE-2013-0890, CVE-2013-0891, CVE-2013-0892, CVE-2013-0893, CVE-2013-0894, CVE-2013-0895, CVE-2013-0896, CVE-2013-0897, CVE-2013-0898, CVE-2013-0899, CVE-2013-0900

OSVDB: 90521, 90522, 90523, 90524, 90525, 90526, 90527, 90528, 90529, 90530, 90531, 90532, 90533, 90534, 90535, 90536, 90537, 90538, 90539, 90540, 90541, 90542, 90950, 101163, 101164, 101165, 101166, 101167, 101168