openSUSE Security Update : chromium (openSUSE-SU-2014:0601-1)
High Nessus Plugin ID 75340
Synopsis
The remote openSUSE host is missing a security update.
Description
This chromium version update fixes the following security and non-security issues :
- Add patch chromium-fix-arm-skia-memset.patch to resolve a linking issue on ARM with regards to missing symbols.
- Add patch arm_use_gold.patch to use the right gold binaries on ARM. Hopefully this resolves the build issues with running out of memory
- bnc#872805: Update to Chromium 34.0.1847.116
- Responsive Images and Unprefixed Web Audio
- Import supervised users onto new computers
- A number of new apps/extension APIs
- Lots of under the hood changes for stability and performance
- Security fixes :
- CVE-2014-1716: UXSS in V8
- CVE-2014-1717: OOB access in V8
- CVE-2014-1718: Integer overflow in compositor
- CVE-2014-1719: Use-after-free in web workers
- CVE-2014-1720: Use-after-free in DOM
- CVE-2014-1721: Memory corruption in V8
- CVE-2014-1722: Use-after-free in rendering
- CVE-2014-1723: Url confusion with RTL characters
- CVE-2014-1724: Use-after-free in speech
- CVE-2014-1725: OOB read with window property
- CVE-2014-1726: Local cross-origin bypass
- CVE-2014-1727: Use-after-free in forms
- CVE-2014-1728: Various fixes from internal audits, fuzzing and other initiatives
- CVE-2014-1729: Multiple vulnerabilities in V8
- No longer build against system libraries as that Chromium works a lot better and crashes less on websites than with system libs
- Added package depot_tools.tar.gz as that the chromium build now requires it during the initial build phase. It just contains some utilities and nothing from it is being installed.
- If people want to install newer versions of the ffmpeg library then let them. This is what they want.
- Remove the buildscript from the sources
Solution
Update the affected chromium packages.