Mageia Bugzilla – Bug 11361
chromium-browser-stable new security issues fixed in 30.0.1599.66
Last modified: 2013-10-28 22:14:24 CET
Upstream has released version 30.0.1599.66 on October 1:
This fixes a handful of new security issues.
This is the current version in the stable channel:
Steps to Reproduce:
Updated packages uploaded for Mageia 2, Mageia 3, and Cauldron.
Advisory is not available yet.
I don't know what it means or if it matters, but there was a file called chrome-remote-desktop.pak in the previous packages that is no longer available in this update.
That sounds like the browser addon..
It seems apps update automatically and silently now so it is probably nothing to worry about http://chrome.blogspot.co.uk/2013/09/a-new-breed-of-chrome-apps.html
Testing complete mga3 32 & 64
Usual browser tests, java, flash, addons, https, general browsing stuff.
Testing complete mga2 32
Testing complete mga2 64
Ready for validating.
Advisory 11361.adv uploaded. It will need to be updated with the description and any references before passing to sysadmins please.
Still need an advisory for this one please.
Debian still hasn't updated theirs, and the upstream blog post only lists some of the CVEs fixed, without any details. Do we want to push this and do the advisory later or just wait?
We usually treat browser updates as high priority, probably best to push with a temporary advisory and update it later.
Added the advisory as..
+ This updates chromium-browser to the latest stable version, fixing
+ multiple security vulnerabilities.
+ This advisory will be updated later when full details become available.
Could sysadmin please push to updates
Claire, please add a reference to the advisory:
OpenSuSE has issued an advisory for this on October 16:
Their advisory doesn't have any more details than the upstream one does.
There are supposed to be 50 security fixes, but only 19 CVEs are listed:
- Security fixes:
- CVE-2013-2906: Races in Web Audio
- CVE-2013-2907: Out of bounds read in Window.prototype object
- CVE-2013-2908: Address bar spoofing related to the "204 No Content"
- CVE-2013-2909: Use after free in inline-block rendering
- CVE-2013-2910: Use-after-free in Web Audio
- CVE-2013-2911: Use-after-free in XSLT
- CVE-2013-2912: Use-after-free in PPAPI
- CVE-2013-2913: Use-after-free in XML document parsing
- CVE-2013-2914: Use after free in the Windows color chooser dialog
- CVE-2013-2915: Address bar spoofing via a malformed scheme
- CVE-2013-2916: Address bar spoofing related to the "204 No Content"
- CVE-2013-2917: Out of bounds read in Web Audio
- CVE-2013-2918: Use-after-free in DOM
- CVE-2013-2919: Memory corruption in V8
- CVE-2013-2920: Out of bounds read in URL parsing
- CVE-2013-2921: Use-after-free in resource loader
- CVE-2013-2922: Use-after-free in template element
- CVE-2013-2923: Various fixes from internal audits, fuzzing and other
- CVE-2013-2924: Use-after-free in ICU. Upstream bug
There is also a tainted SRPM for this on mga3 which wasn't listed/added/pushed.
Added chromium-browser-stable-30.0.1599.66-1.mga3.tainted to advisory.
Could sysadmin please push it to updates.
hmm actually, I'm not seeing it in the repo. Was tainted built for this?
Removed tainted srpm from the advisory again, for now, as it seems to be missing from the mirrors so I'm unable to test it.
Checking svnweb, there was a change to this for 30 so it looks to be an issue and could need a rebuild. It appears it is actually intended to be present though, although not listed with the srpms.
I'm guessing it was forgotten at the time. I've just pushed it to the build system for Mageia 3 tainted/updates_testing.
Thanks David, removing mga3 whiteboard for now.
Note to testers: When it lands, this is just the tainted packages which were missed previously.
Chromium-browser-stable & chromium-browser from tainted updates testing. One should require the other, I don't recall which one is which.
It should be able to play mp3's
Advisory updated and cve list from comment 13 added.
See here for previous tainted testing:
Testing complete. Re-Validating.
Could sysadmin please push the missing chromium-browser-stable from 3 tainted updates testing to updates. Advisory was updated in comment 20.
Tainted build pushed.
The Debian advisory is finally available. It lists a few more CVEs (2925 through 2928):
(In reply to David Walser from comment #24)
> The Debian advisory is finally available. It lists a few more CVEs (2925
> through 2928):
Ahh, this would be because there's a newer version of Chromium fixing these:
And an even newer version fixing a regression:
Time for another update :o(