Upstream has released 27.0.1453.93 to fix several security issues on May 21: http://googlechromereleases.blogspot.com/2013/05/stable-channel-release.html Stable channel is up to 27.0.1453.94: http://googlechromereleases.blogspot.com/search/label/Stable%20updates Debian has issued an advisory for this today (May 29): http://lwn.net/Alerts/552188/ Reproducible: Steps to Reproduce:
Whiteboard: (none) => MGA3TOO, MGA2TOO
debian.org link for advisory is now active: http://www.debian.org/security/2013/dsa-2695
Upstream has released 27.0.1453.110 to fix another security issue on June 4: http://googlechromereleases.blogspot.com/2013/06/stable-channel-update.html That's the newest version that's been announced. The newest version in SVN is 27.0.1453.114. http://src.chromium.org/viewvc/chrome/releases/ We currently have 27.0.1454.1 in Cauldron and mga2/mga3 updates_testing, which is actually *older* than 27.0.1453.93, and presumably doesn't fix any of these issues.
Debian has issued an advisory for the issues fixed in 27.0.1453.110 on June 10: http://www.debian.org/security/2013/dsa-2706 from http://lwn.net/Vulnerabilities/553818/
*** Bug 10556 has been marked as a duplicate of this bug. ***
CC: (none) => dmorganec
i will update ( chromium versionning is a little a mess :( )
(In reply to D Morgan from comment #5) > i will update ( chromium versionning is a little a mess :( ) Indeed. Actually, it makes no sense whatsoever :o(
Summary: chromium-browser-stable new security issues fixed in 27.0.1453.93 => chromium-browser-stable new security issues fixed in 27.0.1453.110
Changing the version assignment since Cauldron has an update already.
Version: Cauldron => 3Whiteboard: MGA3TOO, MGA2TOO => MGA2TOO
D Morgan has backported the updated version from Cauldron to mga2/mga3. chromium-browser-stable-28.0.1500.45-1.mga2 chromium-browser-28.0.1500.45-1.mga2 chromium-browser-stable-28.0.1500.45-1.mga3 chromium-browser-28.0.1500.45-1.mga3 from SRPMS: chromium-browser-stable-28.0.1500.45-1.mga2.src.rpm chromium-browser-stable-28.0.1500.45-1.mga3.src.rpm This takes care of the last three stable channel updates for Linux: http://googlechromereleases.blogspot.com/2013/05/stable-channel-release.html http://googlechromereleases.blogspot.com/2013/06/stable-channel-update.html http://googlechromereleases.blogspot.com/2013/06/stable-channel-update_17.html This can be pushed to QA if it's ready. We'll just have to flesh out an advisory.
D Morgan just told me it's ready for QA. Packages list and references in Comment 8. Advisory to come.
Assignee: dmorganec => qa-bugs
Advisory: ======================== Updated chromium-browser-stable packages fix security vulnerabilities: Use-after-free vulnerability in the SVG implementation allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors (CVE-2013-2837). Google V8, as used in Chromium before 27.0.1453.93, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors (CVE-2013-2838). Chromium before 27.0.1453.93 does not properly perform a cast of an unspecified variable during handling of clipboard data, which allows remote attackers to cause a denial of service or possibly have other impact via unknown vectors (CVE-2013-2839). Use-after-free vulnerability in the media loader in Chromium before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors (CVE-2013-2840). Use-after-free vulnerability in Chromium before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of Pepper resources (CVE-2013-2841). Use-after-free vulnerability in Chromium before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of widgets (CVE-2013-2842). Use-after-free vulnerability in Chromium before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of speech data (CVE-2013-2843). Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Chromium before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to style resolution (CVE-2013-2844). The Web Audio implementation in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors (CVE-2013-2845). Use-after-free vulnerability in the media loader in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors (CVE-2013-2846). Race condition in the workers implementation in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact via unknown vectors (CVE-2013-2847). The XSS Auditor in Google Chrome before 27.0.1453.93 might allow remote attackers to obtain sensitive information via unspecified vectors (CVE-2013-2848). Multiple cross-site scripting (XSS) vulnerabilities in Google Chrome before 27.0.1453.93 allow user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a (1) drag-and-drop or (2) copy-and-paste operation (CVE-2013-2849). The Developer Tools API in Chromium before 27.0.1453.110 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors (CVE-2013-2855). Use-after-free vulnerability in Chromium before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of input (CVE-2013-2856). Use-after-free vulnerability in Chromium before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of images (CVE-2013-2857). Use-after-free vulnerability in the HTML5 Audio implementation in Chromium before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors (CVE-2013-2858). Chromium before 27.0.1453.110 allows remote attackers to bypass the Same Origin Policy and trigger namespace pollution via unspecified vectors (CVE-2013-2859). Use-after-free vulnerability in Chromium before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving access to a database API by a worker process (CVE-2013-2860). Use-after-free vulnerability in the SVG implementation in Chromium before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors (CVE-2013-2861). Skia, as used in Chromium before 27.0.1453.110, does not properly handle GPU acceleration, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors (CVE-2013-2862). Chromium before 27.0.1453.110 does not properly handle SSL sockets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors (CVE-2013-2863). Multiple unspecified vulnerabilities in Chromium before 27.0.1453.110 allow attackers to cause a denial of service or possibly have other impact via unknown vectors (CVE-2013-2865). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2837 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2838 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2839 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2840 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2841 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2842 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2843 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2844 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2845 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2846 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2847 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2848 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2849 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2855 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2856 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2857 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2858 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2859 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2860 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2861 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2862 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2863 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2865 http://googlechromereleases.blogspot.com/2013/05/stable-channel-release.html http://googlechromereleases.blogspot.com/2013/06/stable-channel-update.html http://googlechromereleases.blogspot.com/2013/06/stable-channel-update_17.html http://www.debian.org/security/2013/dsa-2695 http://www.debian.org/security/2013/dsa-2706 ======================== Updated packages in core/updates_testing: ======================== chromium-browser-stable-28.0.1500.45-1.mga2 chromium-browser-28.0.1500.45-1.mga2 chromium-browser-stable-28.0.1500.45-1.mga3 chromium-browser-28.0.1500.45-1.mga3 from SRPMS: chromium-browser-stable-28.0.1500.45-1.mga2.src.rpm chromium-browser-stable-28.0.1500.45-1.mga3.src.rpm
The only entry on securityfocus is for 2013-2849 "Attackers can exploit this issue by enticing an unsuspecting user to follow a malicious URI." testing mga3-64
CC: (none) => wrw105
Tested general browsing, a few YouTube videos for the flash plugin, Sunspider for javascript (http://www.webkit.org/perf/sunspider/sunspider.html), javatester.org for java. There is no duckduckgo option in default search engines, which has me thinking we may be missing an opportunity there.
Whiteboard: MGA2TOO => MGA2TOO mga3-64-ok
Is it there if you create a new user and try chromium with that user Bill?
both creating a new user on the system and creating a new chromium user under my usual account show only google, yahoo and bing.
Thanks Bill, well spotted too. D Morgan, could you check please, many thanks.
Whiteboard: MGA2TOO mga3-64-ok => MGA2TOO has_procedure feedback mga3-64-ok
Testing OK on mga3 i586 (same tests as comment 12). @D Morgan: Shouldn't we update chromium-browser from tainted too?
CC: (none) => remiWhiteboard: MGA2TOO has_procedure feedback mga3-64-ok => MGA2TOO has_procedure feedback mga3-32-ok mga3-64-ok
Testing OK MGA2-32. Duckduckgo is in the list for mga2-32. Now I"m slightly confused....
Whiteboard: MGA2TOO has_procedure feedback mga3-32-ok mga3-64-ok => MGA2TOO has_procedure feedback mga3-32-ok mga3-64-ok mga2-32-OK
Testing OK MGA2-64, but Rémi's question remains: what about chromium-browser from tainted repos in MGA3?
Whiteboard: MGA2TOO has_procedure feedback mga3-32-ok mga3-64-ok mga2-32-OK => MGA2TOO has_procedure feedback mga3-32-ok mga3-64-ok mga2-32-OK mga2-64-ok
Confirmed DDG is missing in search options for mga3 Only options available are: Google Yahoo Bing Ask Jeeves Also the update removes a require on libminizip1
It's also missing in release version.
The chromium-browser-stable tainted build for Mageia 3 is now available.
Tested tainted build mga3-64 as above. General functionality, sunspider, flash, java all OK.
Testing complete Mageia 3 i586 for the tainted build.
validating. Please push from core/updates_testing to core/updates for mga2 and mga3 and tainted/updates_testing to tainted/updates for mga3. Advisory and srpm list in comment 10 Thanks!
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
http://svnweb.mageia.org/advisories/10353.adv?view=markup&sortby=date ready to be pushed.
CC: (none) => davidwhodgins
http://advisories.mageia.org/MGASA-2013-0194.html
Status: NEW => RESOLVEDCC: (none) => boklmResolution: (none) => FIXED
The tainted copy for Mageia 3 has not yet been pushed to updates.
Status: RESOLVED => REOPENEDResolution: FIXED => (none)
Tainted build pushed.
Status: REOPENED => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED
CC: boklm => (none)