openSUSE Security Update : chromium (openSUSE-SU-2014:0982-1)
High Nessus Plugin ID 77127
SynopsisThe remote openSUSE host is missing a security update.
DescriptionChromium was updated to version 36.0.1985.125. New Functionality :
- Rich Notifications Improvements
- An Updated Incognito / Guest NTP design
- The addition of a Browser crash recovery bubble
- Chrome App Launcher for Linux
- Lots of under the hood changes for stability and performance Security Fixes (bnc#887952,bnc#887955) :
- CVE-2014-3160: Same-Origin-Policy bypass in SVG
- CVE-2014-3162: Various fixes from internal audits, fuzzing and other initiatives and 24 more fixes for which no description was given. Packaging changes :
- Switch to newer method to retrieve toolchain packages.
Dropping the three naclsdk_*tgz files. Everything is now included in the toolchain_linux_x86.tar.bz2 tarball
- Add Courgette.tar.xz as that the build process now requires some files from Courgette in order to build succesfully. This does not mean that Courgette is build/delivered.
Includes also an update to Chromium 35.0.1916.153 Security fixes (bnc#882264,bnc#882264,bnc#882265,bnc#882263) :
- CVE-2014-3154: Use-after-free in filesystem api
- CVE-2014-3155: Out-of-bounds read in SPDY
- CVE-2014-3156: Buffer overflow in clipboard
- CVE-2014-3157: Heap overflow in media
SolutionUpdate the affected chromium packages.