Bug 11657 - chromium-browser-stable new security issues fixed in 31.0.1650.48
: chromium-browser-stable new security issues fixed in 31.0.1650.48
Status: RESOLVED FIXED
Product: Mageia
Classification: Unclassified
Component: Security
: 3
: i586 Linux
: Normal Severity: critical
: ---
Assigned To: QA Team
: Sec team
: http://lwn.net/Vulnerabilities/573814/
: MGA2TOO advisory has_procedure mga2-3...
: validated_update
:
:
  Show dependency treegraph
 
Reported: 2013-11-12 19:27 CET by David Walser
Modified: 2013-12-10 00:00 CET (History)
3 users (show)

See Also:
Source RPM: chromium-browser-stable-30.0.199.114-1.mga4.src.rpm
CVE:


Attachments

Description David Walser 2013-11-12 19:27:14 CET
Upstream has released version 31.0.1650.48 today (November 12):
http://googlechromereleases.blogspot.com/2013/11/stable-channel-update.html

This fixes a handful of new security issues.

This is the current version in the stable channel:
http://googlechromereleases.blogspot.com/search/label/Stable%20updates

Reproducible: 

Steps to Reproduce:
Comment 1 David Walser 2013-11-13 00:11:15 CET
Updated packages uploaded for Mageia 2, Mageia 3, and Cauldron.

I'll wait until another vendor posts an update for the full advisory, but some information about the security issues fixed is in the upstream blog post.

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2931
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6621
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6622
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6623
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6624
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6625
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6626
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6627
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6628
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6629
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6630
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6631
http://googlechromereleases.blogspot.com/2013/11/stable-channel-update.html
========================

Updated packages in core/updates_testing:
========================
chromium-browser-stable-31.0.1650.48-1.mga2
chromium-browser-31.0.1650.48-1.mga2
chromium-browser-stable-31.0.1650.48-1.mga3
chromium-browser-31.0.1650.48-1.mga3

Updated packages in tainted/updates_testing:
========================
chromium-browser-stable-31.0.1650.48-1.mga3
chromium-browser-31.0.1650.48-1.mga3

from SRPMS:
chromium-browser-stable-31.0.1650.48-1.mga2.src.rpm
chromium-browser-stable-31.0.1650.48-1.mga3.src.rpm
Comment 2 claire robinson 2013-11-13 12:14:50 CET
David could you remember to list the tainted srpm for this one too please. It was forgotten about a couple of updates ago and not pushed.

chromium-browser-stable-31.0.1650.48-1.mga2.src.rpm
chromium-browser-stable-31.0.1650.48-1.mga3.src.rpm
chromium-browser-stable-31.0.1650.48-1.mga3.tainted.src.rpm
Comment 3 claire robinson 2013-11-13 12:34:40 CET
Testing complete mga2 32

https, Flash, browsing, java, javascript, html5, google account


See bug 11554 for previous update and testing ideas.

The tainted version in mga3 should enable it to play mp3.
Comment 4 Bill Wilkinson 2013-11-13 15:50:18 CET
Tested https, google account, java, javascript, browsing, flash in core and tainted for mga3-64, all ok.  mp3 plays in tainted verison.
Comment 5 Bill Wilkinson 2013-11-13 16:57:40 CET
tested mga3-32 as in comment 4, all OK in core and tainted, tainted plays mp3.
Comment 6 claire robinson 2013-11-13 18:26:13 CET
Testing complete mga2 64
Comment 7 claire robinson 2013-11-13 18:44:53 CET
Validating. Advisory uploaded with temporary description which will need to be updated when details become available.

+description: |
+  This updates chromium-browser-stable to the latest stable version fixing
+  multiple security vulnerbilities, details will be posted when available.


Could sysadmin please push from 2&3 core/updates_testing and
3 tainted/updates_testing to updates.

Thanks!
Comment 8 claire robinson 2013-11-13 18:45:25 CET
really validating..
Comment 9 David Walser 2013-11-13 19:40:01 CET
Preliminary advisory based on upstream blog post...

Advisory:
========================

Updated chromium-browser-stable packages fix security vulnerabilities:

Various fixes from internal audits, fuzzing and other initiatives
(CVE-2013-2931).

Use after free related to speech input elements (CVE-2013-6621).

Use after free related to media elements (CVE-2013-6622).

Out of bounds read in SVG (CVE-2013-6623).

Use after free related to “id” attribute strings (CVE-2013-6624).

Use after free in DOM ranges (CVE-2013-6625).

Address bar spoofing related to interstitial warnings (CVE-2013-6626).

Out of bounds read in HTTP parsing (CVE-2013-6627).

Issue with certificates not being checked during TLS renegotiation
(CVE-2013-6628).

libjpeg 6b and libjpeg-turbo will use uninitialized memory when decoding
images with missing SOS data for the luminance component (Y) in presence of
valid chroma data (Cr, Cb) (CVE-2013-6629).

libjpeg-turbo will use uninitialized memory when handling Huffman tables
(CVE-2013-6630).

Use after free in libjingle (CVE-2013-6631).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2931
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6621
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6622
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6623
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6624
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6625
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6626
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6627
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6628
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6629
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6630
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6631
http://permalink.gmane.org/gmane.comp.security.full-disclosure/90919
http://googlechromereleases.blogspot.com/2013/11/stable-channel-update.html
Comment 10 claire robinson 2013-11-13 19:50:21 CET
Added to svn, thanks.
Comment 11 Thomas Backlund 2013-11-13 20:12:34 CET
Update pushed:
http://advisories.mageia.org/MGASA-2013-0324.html
Comment 12 David Walser 2013-11-18 21:15:31 CET
Debian has issued an advisory for this on November 16:
http://lists.debian.org/debian-security-announce/2013/msg00211.html

It lists one more CVE that our advisory missed (I wish I knew where they got it from), CVE-2013-6632.

"Pinkie Pie discovered multiple memory corruption issues (CVE-2013-6632)."
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6632

LWN reference for CVE-2013-6632:
http://lwn.net/Vulnerabilities/574199/
Comment 13 David Walser 2013-12-10 00:00:49 CET
Ahh, I didn't notice that Debian's update was to 31.0.1650.57, which fixes CVE-2013-6632:
http://googlechromereleases.blogspot.com/2013/11/stable-channel-update_14.html

We'll need to issue another update (there's an even newer version with more security fixes).

Note You need to log in before you can comment on or make changes to this bug.