Bug 12885 - chromium-browser-stable new security issues fixed in 33.0.1750.117
Summary: chromium-browser-stable new security issues fixed in 33.0.1750.117
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 4
Hardware: i586 Linux
Priority: Normal critical
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL: http://lwn.net/Vulnerabilities/588859/
Whiteboard: MGA3TOO mga4-32-ok mga3-32-ok mga4-64...
Keywords: validated_update
Depends on:
Blocks:
 
Reported: 2014-02-26 19:16 CET by David Walser
Modified: 2014-03-02 00:12 CET (History)
4 users (show)

See Also:
Source RPM: chromium-browser-stable-32.0.1700.102-1.mga4.src.rpm
CVE:
Status comment:


Attachments

Description David Walser 2014-02-26 19:16:48 CET
Upstream has released version 33.0.1750.177 on February 20:
http://googlechromereleases.blogspot.com/2014/02/stable-channel-update_20.html

This fixes a handful of new security issues.

This is the current version in the stable channel:
http://googlechromereleases.blogspot.com/search/label/Stable%20updates

Reproducible: 

Steps to Reproduce:
David Walser 2014-02-26 19:17:00 CET

Whiteboard: (none) => MGA4TOO, MGA3TOO

Comment 1 David Walser 2014-02-26 23:10:51 CET
Updated packages uploaded for Mageia 3, Mageia 4, and Cauldron.

Note to QA: there are both core and tainted builds for this package.

Advisory:
========================

Use-after-free related to web contents (CVE-2013-6653).

Bad cast in SVG (CVE-2013-6654).

Use-after-free in layout (CVE-2013-6655).

Information leaks in XSS auditor (CVE-2013-6656, CVE-2013-6657).

Use-after-free in layout (CVE-2013-6658).

Issue with certificates validation in TLS handshake (CVE-2013-6659).

Information leak in drag and drop (CVE-2013-6660).

Various fixes from internal audits, fuzzing and other initiatives. Of these,
seven are fixes for issues that could have allowed for sandbox escapes from
compromised renderers (CVE-2013-6661).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6653
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6654
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6655
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6656
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6657
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6658
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6659
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6660
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6661
http://googlechromereleases.blogspot.com/2014/02/stable-channel-update_20.html
========================

Updated packages in core/updates_testing:
========================
chromium-browser-stable-33.0.1750.117-1.mga3
chromium-browser-33.0.1750.117-1.mga3
chromium-browser-stable-33.0.1750.117-1.mga4
chromium-browser-33.0.1750.117-1.mga4

Updated packages in tainted/updates_testing:
========================
chromium-browser-stable-33.0.1750.117-1.mga3
chromium-browser-33.0.1750.117-1.mga3
chromium-browser-stable-33.0.1750.117-1.mga4
chromium-browser-33.0.1750.117-1.mga4

from SRPMS:
chromium-browser-stable-33.0.1750.117-1.mga3.src.rpm
chromium-browser-stable-33.0.1750.117-1.mga4.src.rpm

URL: (none) => qa-bugs@ml.mageia.org
Version: Cauldron => 4
Whiteboard: MGA4TOO, MGA3TOO => MGA3TOO
Severity: normal => critical

Comment 2 David Walser 2014-02-26 23:14:09 CET
Oops, QA is not a URL.

Updated packages uploaded for Mageia 3, Mageia 4, and Cauldron.

Note to QA: there are both core and tainted builds for this package.

Advisory:
========================

Use-after-free related to web contents (CVE-2013-6653).

Bad cast in SVG (CVE-2013-6654).

Use-after-free in layout (CVE-2013-6655).

Information leaks in XSS auditor (CVE-2013-6656, CVE-2013-6657).

Use-after-free in layout (CVE-2013-6658).

Issue with certificates validation in TLS handshake (CVE-2013-6659).

Information leak in drag and drop (CVE-2013-6660).

Various fixes from internal audits, fuzzing and other initiatives. Of these,
seven are fixes for issues that could have allowed for sandbox escapes from
compromised renderers (CVE-2013-6661).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6653
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6654
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6655
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6656
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6657
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6658
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6659
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6660
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6661
http://googlechromereleases.blogspot.com/2014/02/stable-channel-update_20.html
========================

Updated packages in core/updates_testing:
========================
chromium-browser-stable-33.0.1750.117-1.mga3
chromium-browser-33.0.1750.117-1.mga3
chromium-browser-stable-33.0.1750.117-1.mga4
chromium-browser-33.0.1750.117-1.mga4

Updated packages in tainted/updates_testing:
========================
chromium-browser-stable-33.0.1750.117-1.mga3
chromium-browser-33.0.1750.117-1.mga3
chromium-browser-stable-33.0.1750.117-1.mga4
chromium-browser-33.0.1750.117-1.mga4

from SRPMS:
chromium-browser-stable-33.0.1750.117-1.mga3.src.rpm
chromium-browser-stable-33.0.1750.117-1.mga4.src.rpm

URL: qa-bugs@ml.mageia.org => (none)
Assignee: bugsquad => qa-bugs

Comment 3 Bill Wilkinson 2014-02-27 00:49:56 CET
No PoC on Securityfocus.

Testing mga4-32

CC: (none) => wrw105

Comment 4 Bill Wilkinson 2014-02-27 01:51:22 CET
Did the usual browser tests: sunspider, javatester, general browsing, youtube for flash, mp3 at https://archive.org/details/testmp3testfile
for the tainted build, all OK.

Whiteboard: MGA3TOO => MGA3TOO mga4-32-ok

Comment 5 Bill Wilkinson 2014-02-27 02:55:15 CET
Tested mga3-32 as above, all OK.

Whiteboard: MGA3TOO mga4-32-ok => MGA3TOO mga4-32-ok mga3-32-ok

Comment 6 Bill Wilkinson 2014-02-27 03:24:37 CET
Tested mga4-64 as above, all OK.

Whiteboard: MGA3TOO mga4-32-ok mga3-32-ok => MGA3TOO mga4-32-ok mga3-32-ok mga4-64-ok

Comment 7 Bill Wilkinson 2014-02-27 04:28:06 CET
Tested mga3-64 as above, all OK.

Update just needs advisory uploaded to svn to validate.

Whiteboard: MGA3TOO mga4-32-ok mga3-32-ok mga4-64-ok => MGA3TOO mga4-32-ok mga3-32-ok mga4-64-ok mga3-64-ok

Comment 8 William Kenney 2014-02-27 04:50:48 CET
In Whiteboard: MGA3-64-OK

In VirtualBox, M3, KDE, 64-bit

Package(s) under test:
 chromium-browser-stable

default install of chromium

[root@localhost wilcal]# urpmi chromium-browser-stable
Package chromium-browser-stable-32.0.1700.102-1.mga3.tainted.x86_64 is already installed

Successfully plays flash videos, cnn.com, successfully passes:
http://www.webstandards.org/files/acid2/test.html#top
http://acid3.acidtests.org/

install chromium-browser-stable from updates_testing

[root@localhost wilcal]# urpmi chromium-browser-stable
Package chromium-browser-stable-33.0.1750.117-1.mga3.tainted.x86_64 is already installed

Successfully plays flash videos, cnn.com, successfully passes:
http://www.webstandards.org/files/acid2/test.html#top
http://acid3.acidtests.org/

Test platform:
Intel Core i7-2600K Sandy Bridge 3.4GHz
GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo
GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB
RTL8111/8168B PCI Express 1Gbit Ethernet
DRAM 16GB (4 x 4GB)
Mageia 4 64-bit, Nvidia driver
VirtualBox 4.3.6-1.mga4.x86_64.rpm

CC: (none) => wilcal.int

Comment 9 William Kenney 2014-02-27 04:51:19 CET
I think we can go ahead and push this one.
Comment 10 claire robinson 2014-02-27 08:09:29 CET
Thanks guys. Validating.

Added the missing tainted srpms to the advisory again..

  3:
   core:
     - chromium-browser-stable-33.0.1750.117-1.mga3
   tainted:
     - chromium-browser-stable-33.0.1750.117-1.mga3.tainted
  4:
   core:
     - chromium-browser-stable-33.0.1750.117-1.mga4
   tainted:
     - chromium-browser-stable-33.0.1750.117-1.mga4.tainted


Could sysadmin please push to 3 & 4 updates

Thanks

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Comment 11 Thomas Backlund 2014-02-27 23:15:35 CET
Update pushed:
http://advisories.mageia.org/MGASA-2014-0107.html

Status: NEW => RESOLVED
CC: (none) => tmb
Resolution: (none) => FIXED

David Walser 2014-03-02 00:12:28 CET

URL: (none) => http://lwn.net/Vulnerabilities/588859/


Note You need to log in before you can comment on or make changes to this bug.