openSUSE Security Update : chromium (openSUSE-SU-2014:0982-1)

High Nessus Plugin ID 77127


The remote openSUSE host is missing a security update.


Chromium was updated to version 36.0.1985.125. New Functionality :

- Rich Notifications Improvements

- An Updated Incognito / Guest NTP design

- The addition of a Browser crash recovery bubble

- Chrome App Launcher for Linux

- Lots of under the hood changes for stability and performance Security Fixes (bnc#887952,bnc#887955) :

- CVE-2014-3160: Same-Origin-Policy bypass in SVG

- CVE-2014-3162: Various fixes from internal audits, fuzzing and other initiatives and 24 more fixes for which no description was given. Packaging changes :

- Switch to newer method to retrieve toolchain packages.
Dropping the three naclsdk_*tgz files. Everything is now included in the toolchain_linux_x86.tar.bz2 tarball

- Add Courgette.tar.xz as that the build process now requires some files from Courgette in order to build succesfully. This does not mean that Courgette is build/delivered.

Includes also an update to Chromium 35.0.1916.153 Security fixes (bnc#882264,bnc#882264,bnc#882265,bnc#882263) :

- CVE-2014-3154: Use-after-free in filesystem api

- CVE-2014-3155: Out-of-bounds read in SPDY

- CVE-2014-3156: Buffer overflow in clipboard

- CVE-2014-3157: Heap overflow in media


Update the affected chromium packages.

See Also

Plugin Details

Severity: High

ID: 77127

File Name: openSUSE-2014-483.nasl

Version: $Revision: 1.5 $

Type: local

Agent: unix

Published: 2014/08/12

Modified: 2014/08/21

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:chromedriver, p-cpe:/a:novell:opensuse:chromedriver-debuginfo, p-cpe:/a:novell:opensuse:chromium, p-cpe:/a:novell:opensuse:chromium-debuginfo, p-cpe:/a:novell:opensuse:chromium-debugsource, p-cpe:/a:novell:opensuse:chromium-desktop-gnome, p-cpe:/a:novell:opensuse:chromium-desktop-kde, p-cpe:/a:novell:opensuse:chromium-ffmpegsumo, p-cpe:/a:novell:opensuse:chromium-ffmpegsumo-debuginfo, p-cpe:/a:novell:opensuse:chromium-suid-helper, p-cpe:/a:novell:opensuse:chromium-suid-helper-debuginfo, cpe:/o:novell:opensuse:12.3, cpe:/o:novell:opensuse:13.1

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2014/07/28

Reference Information

CVE: CVE-2014-3154, CVE-2014-3155, CVE-2014-3156, CVE-2014-3157, CVE-2014-3160, CVE-2014-3162

BID: 67972, 67977, 67980, 67981, 68677