Bug 11049 - chromium-browser-stable new security issues fixed in 29.0.1547.57
: chromium-browser-stable new security issues fixed in 29.0.1547.57
Status: RESOLVED FIXED
Product: Mageia
Classification: Unclassified
Component: Security
: 3
: i586 Linux
: Normal Severity: normal
: ---
Assigned To: QA Team
: Sec team
: http://lwn.net/Vulnerabilities/564817/
: MGA2TOO MGA3-64-OK MGA3-32-OK MGA2-6...
: validated_update
:
:
  Show dependency treegraph
 
Reported: 2013-08-21 16:42 CEST by David Walser
Modified: 2014-05-08 18:06 CEST (History)
2 users (show)

See Also:
Source RPM: chromium-browser-stable-28.0.1500.95-1.mga3.src.rpm
CVE:
Status comment:


Attachments

Description David Walser 2013-08-21 16:42:43 CEST
Upstream has released version 28.0.1500.95 on August 20:
http://googlechromereleases.blogspot.com/2013/08/stable-channel-update.html

This fixes a handful of new security issues.

This is the current version in the stable channel:
http://googlechromereleases.blogspot.com/search/label/Stable%20updates

Reproducible: 

Steps to Reproduce:
Comment 1 David Walser 2013-08-26 19:08:53 CEST
Debian has issued an advisory for this on August 25:
http://www.debian.org/security/2013/dsa-2741
Comment 2 David Walser 2013-09-06 13:22:05 CEST
The stable channel has been upated to 29.0.1547.65:
http://googlechromereleases.blogspot.com/2013/09/stable-channel-update.html

D Morgan uploaded 29.0.1547.72 to Cauldron, which is actually older:
http://src.chromium.org/viewvc/chrome/releases/

This should probably be reverted.
Comment 3 David Walser 2013-09-12 22:23:25 CEST
Updated packages uploaded for Mageia 2, Mageia 3, and Cauldron.

Note: Mageia 3 includes a tainted build.

Advisory:
========================

Updated chromium-browser-stable packages fix security vulnerabilities:

The chrome 29 development team found various issues from internal fuzzing,
audits, and other studies (CVE-2013-2887).

Krystian Bigaj discovered a file handling path sanitization issue
(CVE-2013-2900).

Alex Chapman discovered an integer overflow issue in ANGLE, the Almost Native
Graphics Layer (CVE-2013-2901).

cloudfuzzer discovered a use-after-free issue in XSLT (CVE-2013-2902).

cloudfuzzer discovered a use-after-free issue in HTMLMediaElement
(CVE-2013-2903).

cloudfuzzer discovered a use-after-free issue in XML document parsing
(CVE-2013-2904).

Christian Jaeger discovered an information leak due to insufficient file
permissions (CVE-2013-2905).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2887
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2900
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2901
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2902
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2903
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2904
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2905
http://googlechromereleases.blogspot.com/2013/08/stable-channel-update.html
http://googlechromereleases.blogspot.com/2013/09/stable-channel-update.html
http://www.debian.org/security/2013/dsa-2741
========================

Updated packages in core/updates_testing:
========================
chromium-browser-stable-29.0.1547.65-1.mga2
chromium-browser-29.0.1547.65-1.mga2
chromium-browser-stable-29.0.1547.65-1.mga3
chromium-browser-29.0.1547.65-1.mga3

Updated packages in tainted/updates_testing:
========================
chromium-browser-stable-29.0.1547.65-1.mga3
chromium-browser-29.0.1547.65-1.mga3

from SRPMS:
chromium-browser-stable-29.0.1547.65-1.mga2.src.rpm
chromium-browser-stable-29.0.1547.65-1.mga3.src.rpm
Comment 4 Dave Hodgins 2013-09-12 22:52:01 CEST
Advisory 11049.adv committed to svn.
Comment 5 Dave Hodgins 2013-09-13 22:25:58 CEST
Added the srpm chromium-browser-stable-29.0.1547.65-1.mga3.tainted
to the advisory.

Testing complete Mageia 2 and 3, i586 and x86_64, including tainted
on Mageia 3.

Someone from the sysadmin team please push 11049.adv to updates.
Comment 6 Nicolas Vigier 2013-09-13 22:32:17 CEST
http://advisories.mageia.org/MGASA-2013-0278.html

Note You need to log in before you can comment on or make changes to this bug.