Bug 11935 - chromium-browser-stable new security issues fixed in 31.0.1650.63
: chromium-browser-stable new security issues fixed in 31.0.1650.63
Status: RESOLVED FIXED
Product: Mageia
Classification: Unclassified
Component: Security
: 3
: i586 Linux
: Normal Severity: normal
: ---
Assigned To: QA Team
: Sec team
: http://lwn.net/Vulnerabilities/576256/
: has_procedure advisory mga3-32-ok mga...
: validated_update
:
:
  Show dependency treegraph
 
Reported: 2013-12-10 00:10 CET by David Walser
Modified: 2013-12-23 18:27 CET (History)
2 users (show)

See Also:
Source RPM: chromium-browser-stable-31.0.1650.48-1.mga3.src.rpm
CVE:


Attachments

Description David Walser 2013-12-10 00:10:20 CET
Debian has issued an advisory on December 7:
http://www.debian.org/security/2013/dsa-2811

These issues are fixed in 31.0.1650.63 upstream:
http://googlechromereleases.blogspot.com/2013/12/stable-channel-update.html

This is the current version in the stable channel:
http://googlechromereleases.blogspot.com/search/label/Stable%20updates

We also missed a previous update that fixed one security issue:
http://googlechromereleases.blogspot.com/2013/11/stable-channel-update_14.html

Debian fixed that one as part of their previous update:
http://www.debian.org/security/2013/dsa-2799

CVE-2013-6632 is the one we still need to fix, as I referenced here:
https://bugs.mageia.org/show_bug.cgi?id=11657#c12

Reproducible: 

Steps to Reproduce:
Comment 1 David Walser 2013-12-22 04:13:30 CET
chromium-browser-stable-31.0.1650.63-1.mga4 uploaded for Cauldron.
Comment 2 David Walser 2013-12-22 06:39:29 CET
Updated packages uploaded for Mageia 3.

Note to QA: there are both core and tainted builds for this package.

Advisory:
========================

Updated chromium-browser-stable packages fix security vulnerabilities:

Pinkie Pie discovered multiple memory corruption issues (CVE-2013-6632).

Andrey Labunets discovered that the wrong URL was used during validation in
the one-click sign on helper (CVE-2013-6634).

cloudfuzzer discovered use-after-free issues in the InsertHTML and Indent DOM
editing commands (CVE-2013-6635).

Bas Venis discovered an address bar spoofing issue (CVE-2013-6636).

The chrome 31 development team discovered and fixed multiple issues with
potential security impact (CVE-2013-6637).

Jakob Kummerow of the Chromium project discovered a buffer overflow in the v8
javascript library (CVE-2013-6638).

Jakob Kummerow of the Chromium project discovered an out-of-bounds write in
the v8 javascript library (CVE-2013-6639).

Jakob Kummerow of the Chromium project discovered an out-of-bounds read in
the v8 javascript library (CVE-2013-6640).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6632
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6634
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6635
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6636
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6637
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6638
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6639
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6640
http://googlechromereleases.blogspot.com/2013/11/stable-channel-update_14.html
http://googlechromereleases.blogspot.com/2013/12/stable-channel-update.html
http://www.debian.org/security/2013/dsa-2799
http://www.debian.org/security/2013/dsa-2811
========================

Updated packages in core/updates_testing:
========================
chromium-browser-stable-31.0.1650.63-1.mga3
chromium-browser-31.0.1650.63-1.mga3

Updated packages in tainted/updates_testing:
========================
chromium-browser-stable-31.0.1650.63-1.mga3
chromium-browser-31.0.1650.63-1.mga3

from chromium-browser-stable-31.0.1650.63-1.mga3.src.rpm
Comment 3 claire robinson 2013-12-23 08:27:17 CET
2 srpms for this again.

chromium-browser-stable-31.0.1650.63-1.mga3.src.rpm
chromium-browser-stable-31.0.1650.63-1.mga3.tainted.src.rpm

If just the core srpm is pushed then the tainted is left in testing.
Comment 4 claire robinson 2013-12-23 09:15:36 CET
Testing complete mga3 32

Tested java, flash, https, addons, javascript
Core version plays mp3 through vlc plugin & tainted version plays it natively.

mp3: http://robtowns.com/music/blind_willie.mp3
Java: http://www.javatester.org/version.html
Javascript: http://www.webkit.org/perf/sunspider/sunspider.html
Flash: http://www.youtube.com/watch?v=5qr1YLO9fko
https: https://bugs.mageia.org/show_bug.cgi?id=11935
Comment 5 claire robinson 2013-12-23 10:41:10 CET
Testing complete mga3 64
Comment 6 claire robinson 2013-12-23 10:49:44 CET
Advisory uploaded. Validating.

Could sysadmin please push from 3 core & tainted/updates_testing to updates

Thanks!
Comment 7 Thomas Backlund 2013-12-23 18:27:06 CET
Update pushed:
http://advisories.mageia.org/MGASA-2013-0383.html

Note You need to log in before you can comment on or make changes to this bug.