| Summary: | chromium-browser-stable new security issues fixed in 27.0.1453.110 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | davidwhodgins, dmorganec, rverschelde, sysadmin-bugs, tmb, wrw105 |
| Version: | 3 | Keywords: | validated_update |
| Target Milestone: | --- | ||
| Hardware: | i586 | ||
| OS: | Linux | ||
| URL: | http://lwn.net/Vulnerabilities/552191/ | ||
| Whiteboard: | MGA2TOO has_procedure feedback mga3-32-ok mga3-64-ok mga2-32-OK mga2-64-ok | ||
| Source RPM: | chromium-browser-stable-26.0.1410.65-1.mga3.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2013-05-29 23:20:46 CEST
David Walser
2013-05-29 23:20:53 CEST
Whiteboard:
(none) =>
MGA3TOO, MGA2TOO debian.org link for advisory is now active: http://www.debian.org/security/2013/dsa-2695 Upstream has released 27.0.1453.110 to fix another security issue on June 4: http://googlechromereleases.blogspot.com/2013/06/stable-channel-update.html That's the newest version that's been announced. The newest version in SVN is 27.0.1453.114. http://src.chromium.org/viewvc/chrome/releases/ We currently have 27.0.1454.1 in Cauldron and mga2/mga3 updates_testing, which is actually *older* than 27.0.1453.93, and presumably doesn't fix any of these issues. Debian has issued an advisory for the issues fixed in 27.0.1453.110 on June 10: http://www.debian.org/security/2013/dsa-2706 from http://lwn.net/Vulnerabilities/553818/ i will update ( chromium versionning is a little a mess :( ) (In reply to D Morgan from comment #5) > i will update ( chromium versionning is a little a mess :( ) Indeed. Actually, it makes no sense whatsoever :o( Summary:
chromium-browser-stable new security issues fixed in 27.0.1453.93 =>
chromium-browser-stable new security issues fixed in 27.0.1453.110 Changing the version assignment since Cauldron has an update already. Version:
Cauldron =>
3 D Morgan has backported the updated version from Cauldron to mga2/mga3. chromium-browser-stable-28.0.1500.45-1.mga2 chromium-browser-28.0.1500.45-1.mga2 chromium-browser-stable-28.0.1500.45-1.mga3 chromium-browser-28.0.1500.45-1.mga3 from SRPMS: chromium-browser-stable-28.0.1500.45-1.mga2.src.rpm chromium-browser-stable-28.0.1500.45-1.mga3.src.rpm This takes care of the last three stable channel updates for Linux: http://googlechromereleases.blogspot.com/2013/05/stable-channel-release.html http://googlechromereleases.blogspot.com/2013/06/stable-channel-update.html http://googlechromereleases.blogspot.com/2013/06/stable-channel-update_17.html This can be pushed to QA if it's ready. We'll just have to flesh out an advisory. D Morgan just told me it's ready for QA. Packages list and references in Comment 8. Advisory to come. Assignee:
dmorganec =>
qa-bugs Advisory: ======================== Updated chromium-browser-stable packages fix security vulnerabilities: Use-after-free vulnerability in the SVG implementation allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors (CVE-2013-2837). Google V8, as used in Chromium before 27.0.1453.93, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors (CVE-2013-2838). Chromium before 27.0.1453.93 does not properly perform a cast of an unspecified variable during handling of clipboard data, which allows remote attackers to cause a denial of service or possibly have other impact via unknown vectors (CVE-2013-2839). Use-after-free vulnerability in the media loader in Chromium before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors (CVE-2013-2840). Use-after-free vulnerability in Chromium before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of Pepper resources (CVE-2013-2841). Use-after-free vulnerability in Chromium before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of widgets (CVE-2013-2842). Use-after-free vulnerability in Chromium before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of speech data (CVE-2013-2843). Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Chromium before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to style resolution (CVE-2013-2844). The Web Audio implementation in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors (CVE-2013-2845). Use-after-free vulnerability in the media loader in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors (CVE-2013-2846). Race condition in the workers implementation in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact via unknown vectors (CVE-2013-2847). The XSS Auditor in Google Chrome before 27.0.1453.93 might allow remote attackers to obtain sensitive information via unspecified vectors (CVE-2013-2848). Multiple cross-site scripting (XSS) vulnerabilities in Google Chrome before 27.0.1453.93 allow user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a (1) drag-and-drop or (2) copy-and-paste operation (CVE-2013-2849). The Developer Tools API in Chromium before 27.0.1453.110 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors (CVE-2013-2855). Use-after-free vulnerability in Chromium before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of input (CVE-2013-2856). Use-after-free vulnerability in Chromium before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of images (CVE-2013-2857). Use-after-free vulnerability in the HTML5 Audio implementation in Chromium before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors (CVE-2013-2858). Chromium before 27.0.1453.110 allows remote attackers to bypass the Same Origin Policy and trigger namespace pollution via unspecified vectors (CVE-2013-2859). Use-after-free vulnerability in Chromium before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving access to a database API by a worker process (CVE-2013-2860). Use-after-free vulnerability in the SVG implementation in Chromium before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors (CVE-2013-2861). Skia, as used in Chromium before 27.0.1453.110, does not properly handle GPU acceleration, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors (CVE-2013-2862). Chromium before 27.0.1453.110 does not properly handle SSL sockets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors (CVE-2013-2863). Multiple unspecified vulnerabilities in Chromium before 27.0.1453.110 allow attackers to cause a denial of service or possibly have other impact via unknown vectors (CVE-2013-2865). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2837 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2838 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2839 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2840 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2841 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2842 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2843 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2844 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2845 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2846 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2847 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2848 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2849 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2855 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2856 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2857 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2858 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2859 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2860 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2861 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2862 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2863 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2865 http://googlechromereleases.blogspot.com/2013/05/stable-channel-release.html http://googlechromereleases.blogspot.com/2013/06/stable-channel-update.html http://googlechromereleases.blogspot.com/2013/06/stable-channel-update_17.html http://www.debian.org/security/2013/dsa-2695 http://www.debian.org/security/2013/dsa-2706 ======================== Updated packages in core/updates_testing: ======================== chromium-browser-stable-28.0.1500.45-1.mga2 chromium-browser-28.0.1500.45-1.mga2 chromium-browser-stable-28.0.1500.45-1.mga3 chromium-browser-28.0.1500.45-1.mga3 from SRPMS: chromium-browser-stable-28.0.1500.45-1.mga2.src.rpm chromium-browser-stable-28.0.1500.45-1.mga3.src.rpm The only entry on securityfocus is for 2013-2849 "Attackers can exploit this issue by enticing an unsuspecting user to follow a malicious URI." testing mga3-64 CC:
(none) =>
wrw105 Tested general browsing, a few YouTube videos for the flash plugin, Sunspider for javascript (http://www.webkit.org/perf/sunspider/sunspider.html), javatester.org for java. There is no duckduckgo option in default search engines, which has me thinking we may be missing an opportunity there. Whiteboard:
MGA2TOO =>
MGA2TOO mga3-64-ok Is it there if you create a new user and try chromium with that user Bill? both creating a new user on the system and creating a new chromium user under my usual account show only google, yahoo and bing. Thanks Bill, well spotted too. D Morgan, could you check please, many thanks. Whiteboard:
MGA2TOO mga3-64-ok =>
MGA2TOO has_procedure feedback mga3-64-ok Testing OK on mga3 i586 (same tests as comment 12). @D Morgan: Shouldn't we update chromium-browser from tainted too? CC:
(none) =>
remi Testing OK MGA2-32. Duckduckgo is in the list for mga2-32. Now I"m slightly confused.... Whiteboard:
MGA2TOO has_procedure feedback mga3-32-ok mga3-64-ok =>
MGA2TOO has_procedure feedback mga3-32-ok mga3-64-ok mga2-32-OK Testing OK MGA2-64, but Rémi's question remains: what about chromium-browser from tainted repos in MGA3? Whiteboard:
MGA2TOO has_procedure feedback mga3-32-ok mga3-64-ok mga2-32-OK =>
MGA2TOO has_procedure feedback mga3-32-ok mga3-64-ok mga2-32-OK mga2-64-ok Confirmed DDG is missing in search options for mga3 Only options available are: Google Yahoo Bing Ask Jeeves Also the update removes a require on libminizip1 It's also missing in release version. The chromium-browser-stable tainted build for Mageia 3 is now available. Tested tainted build mga3-64 as above. General functionality, sunspider, flash, java all OK. Testing complete Mageia 3 i586 for the tainted build. validating. Please push from core/updates_testing to core/updates for mga2 and mga3 and tainted/updates_testing to tainted/updates for mga3. Advisory and srpm list in comment 10 Thanks! Keywords:
(none) =>
validated_update http://svnweb.mageia.org/advisories/10353.adv?view=markup&sortby=date ready to be pushed. CC:
(none) =>
davidwhodgins http://advisories.mageia.org/MGASA-2013-0194.html Status:
NEW =>
RESOLVED The tainted copy for Mageia 3 has not yet been pushed to updates. Status:
RESOLVED =>
REOPENED Tainted build pushed. Status:
REOPENED =>
RESOLVED
Nicolas Vigier
2014-05-08 18:06:11 CEST
CC:
boklm =>
(none) |