Bug 12314

Summary: chromium-browser-stable new security issues fixed in 32.0.1700.102
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: major    
Priority: Normal CC: geiger.david68210, mageia, sysadmin-bugs, tmb, wrw105
Version: 4Keywords: validated_update
Target Milestone: ---   
Hardware: i586   
OS: Linux   
URL: http://lwn.net/Vulnerabilities/585198/
Whiteboard: MGA3TOO has_procedure advisory mga3-64-ok mga4-32-ok mga4-64-ok mga3-32-ok
Source RPM: chromium-browser-stable-31.0.1650.63-1.mga3.src.rpm CVE:
Status comment:

Description David Walser 2014-01-15 17:25:02 CET 
Upstream has released version 32.0.1700.77 on January 14:
http://googlechromereleases.blogspot.com/2014/01/stable-channel-update.html

This fixes a handful of new security issues.

This is the current version in the stable channel:
http://googlechromereleases.blogspot.com/search/label/Stable%20updates

Reproducible: 

Steps to Reproduce:
David Walser 2014-01-15 17:25:14 CET

Whiteboard: (none) => MGA3TOO

Thierry Vignaud 2014-01-16 06:34:15 CET

Assignee: bugsquad => dmorganec

Comment 1 David Walser 2014-01-28 14:17:25 CET 
Upstream has released version 32.0.1700.102 on January 27:
http://googlechromereleases.blogspot.com/2014/01/stable-channel-update_27.html

It fixes some regressions in the previous version and two security issues.

Summary: chromium-browser-stable new security issues fixed in 32.0.1700.77 => chromium-browser-stable new security issues fixed in 32.0.1700.102
Whiteboard: MGA3TOO => MGA4TOO, MGA3TOO

Comment 2 David Walser 2014-02-05 22:45:48 CET 
Updated packages uploaded for Mageia 3, Mageia 4, and Cauldron.

Note to QA: there are both core and tainted builds for this package.

Advisory:
========================

Use-after-free related to forms (CVE-2013-6641).

Unprompted sync with an attackerâs Google account (CVE-2013-6643).

Various fixes from internal audits, fuzzing and other initiatives
(CVE-2013-6644).

Use-after-free related to speech input elements (CVE-2013-6645).

Use-after-free in web workers (CVE-2013-6646).

Use-after-free in SVG images (CVE-2013-6649).

Memory corruption in v8 before version 3.22.24.16 (CVE-2013-6650).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6641
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6643
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6644
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6645
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6646
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6649
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6650
http://googlechromereleases.blogspot.com/2014/01/stable-channel-update.html
http://googlechromereleases.blogspot.com/2014/01/stable-channel-update_27.html
========================

Updated packages in core/updates_testing:
========================
chromium-browser-stable-32.0.1700.102-1.mga3
chromium-browser-32.0.1700.102-1.mga3
chromium-browser-stable-32.0.1700.102-1.mga4
chromium-browser-32.0.1700.102-1.mga4

Updated packages in tainted/updates_testing:
========================
chromium-browser-stable-32.0.1700.102-1.mga3
chromium-browser-32.0.1700.102-1.mga3
chromium-browser-stable-32.0.1700.102-1.mga4
chromium-browser-32.0.1700.102-1.mga4

from SRPMS:
chromium-browser-stable-32.0.1700.102-1.mga3.src.rpm
chromium-browser-stable-32.0.1700.102-1.mga4.src.rpm

Version: Cauldron => 4
Assignee: dmorganec => qa-bugs
Whiteboard: MGA4TOO, MGA3TOO => MGA3TOO
Severity: normal => major

Comment 3 claire robinson 2014-02-05 23:45:59 CET 
There are actually tainted srpms too so..

chromium-browser-stable-32.0.1700.102-1.mga3.src.rpm
chromium-browser-stable-32.0.1700.102-1.mga4.src.rpm
chromium-browser-stable-32.0.1700.102-1.mga3.tainted.src.rpm
chromium-browser-stable-32.0.1700.102-1.mga4.tainted.src.rpm
Comment 4 Bill Wilkinson 2014-02-06 16:43:26 CET 
tested mga3-64, core and tainted.

Browsed various websites, tested javascript with sunspider, java with javatester.org, flash with youtube and a flash game.

In tainted tested an mp3 from https://archive.org/details/testmp3testfile

All OK.

CC: (none) => wrw105
Whiteboard: MGA3TOO => MGA3TOO mga3-64-ok

Comment 5 Bill Wilkinson 2014-02-06 18:02:13 CET 
Mga4-32 tested as above, all OK

Whiteboard: MGA3TOO mga3-64-ok => MGA3TOO mga3-64-ok mga4-32-ok

claire robinson 2014-02-06 18:19:45 CET

Whiteboard: MGA3TOO mga3-64-ok mga4-32-ok => MGA3TOO has_procedure mga3-64-ok mga4-32-ok

Comment 6 David GEIGER 2014-02-06 19:34:48 CET 
Tested mga4-64,


Testing complete for chromium-browser-stable-32.0.1700.102-1.mga4, nothing to report.

CC: (none) => geiger.david68210
Whiteboard: MGA3TOO has_procedure mga3-64-ok mga4-32-ok => MGA3TOO has_procedure mga3-64-ok mga4-32-ok mga4-64-ok

Comment 7 Bill Wilkinson 2014-02-07 05:50:45 CET 
Tested mga3-32 as in comment 4, all OK.

Update just needs the advisory update for validation.

Whiteboard: MGA3TOO has_procedure mga3-64-ok mga4-32-ok mga4-64-ok => MGA3TOO has_procedure mga3-64-ok mga4-32-ok mga4-64-ok mga3-32-ok

Comment 8 Nicolas LĂ©cureuil 2014-02-07 09:23:34 CET 
the advisory of comment #2 is not enough ?

CC: (none) => mageia

Comment 9 claire robinson 2014-02-07 09:59:31 CET 
Yes, he's referring to me needing to add it to svn.

Thanks Bill!
Comment 10 claire robinson 2014-02-07 09:59:51 CET 
and David
Comment 11 claire robinson 2014-02-07 10:17:55 CET 
Advisory uploaded. Validating

Could sysadmin please push from 3&4 core & tainted updates_testing to updates

Thanks!

Keywords: (none) => validated_update
Whiteboard: MGA3TOO has_procedure mga3-64-ok mga4-32-ok mga4-64-ok mga3-32-ok => MGA3TOO has_procedure advisory mga3-64-ok mga4-32-ok mga4-64-ok mga3-32-ok
CC: (none) => sysadmin-bugs

Comment 12 Thomas Backlund 2014-02-08 20:32:17 CET 
Update pushed:
http://advisories.mageia.org/MGASA-2014-0037.html

Status: NEW => RESOLVED
CC: (none) => tmb
Resolution: (none) => FIXED

David Walser 2014-02-10 20:06:51 CET

URL: (none) => http://lwn.net/Vulnerabilities/585198/

Comment 13 David Walser 2014-02-18 17:41:19 CET 
Debian has issued an advisory for this on February 16:
http://www.debian.org/security/2014/dsa-2862