New! Vulnerability Priority Rating (VPR)
Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.
VPR Score: 6.3
Synopsis
The remote openSUSE host is missing a security update.
Description
Chromium was updated to 31.0.1650.57: Stable channel update :
- Security Fixes :
- CVE-2013-6632: Multiple memory corruption issues.
- Update to Chromium 31.0.1650.48 (bnc#850430) Stable Channel update :
- Security fixes :
- CVE-2013-6621: Use after free related to speech input elements..
- CVE-2013-6622: Use after free related to media elements.
- CVE-2013-6623: Out of bounds read in SVG.
- CVE-2013-6624: Use after free related to “id” attribute strings.
- CVE-2013-6625: Use after free in DOM ranges.
- CVE-2013-6626: Address bar spoofing related to interstitial warnings.
- CVE-2013-6627: Out of bounds read in HTTP parsing.
- CVE-2013-6628: Issue with certificates not being checked during TLS renegotiation.
- CVE-2013-2931: Various fixes from internal audits, fuzzing and other initiatives.
- CVE-2013-6629: Read of uninitialized memory in libjpeg and libjpeg-turbo.
- CVE-2013-6630: Read of uninitialized memory in libjpeg-turbo.
- CVE-2013-6631: Use after free in libjingle.
- Added patch chromium-fix-chromedriver-build.diff to fix the chromedriver build
Solution
Update the affected chromium packages.