Bug 14258 - chromium-browser-stable new security issues fixed in 38.0.2125.101
Summary: chromium-browser-stable new security issues fixed in 38.0.2125.101
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 4
Hardware: i586 Linux
Priority: Normal critical
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL: http://lwn.net/Vulnerabilities/616162/
Whiteboard: MGA3TOO MGA4-32-OK MGA4-64-OK MGA3-32...
Keywords: validated_update
Depends on:
Blocks:
 
Reported: 2014-10-09 18:23 CEST by David Walser
Modified: 2014-11-18 23:41 CET (History)
4 users (show)

See Also:
Source RPM: chromium-browser-stable-37.0.2062.120-1.mga4.src.rpm
CVE:
Status comment:


Attachments

Description David Walser 2014-10-09 18:23:46 CEST
Upstream has released version 38.0.2125.101 on October 7:
http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html

This fixes a handful of new security issues.

This is the current version in the stable channel:
http://googlechromereleases.blogspot.com/search/label/Stable%20updates

Reproducible: 

Steps to Reproduce:
David Walser 2014-10-09 18:23:53 CEST

Whiteboard: (none) => MGA3TOO

Comment 1 David Walser 2014-10-14 23:31:20 CEST
RedHat has issued an advisory for this today (October 14):
https://rhn.redhat.com/errata/RHSA-2014-1626.html

Since when does RedHat have a chromium-browser package!?

URL: (none) => http://lwn.net/Vulnerabilities/616162/

Comment 2 David Walser 2014-10-15 16:55:45 CEST
Upstream has released version 38.0.2125.104 on October 14:
http://googlechromereleases.blogspot.com/2014/10/stable-channel-update_14.html

It has additional bugfixes.
Comment 3 David Walser 2014-10-16 13:06:02 CEST
It's checked into SVN.  This is the build failure in Cauldron:
http://pkgsubmit.mageia.org/uploads/failure/cauldron/core/release/20141016090817.ennael.valstar.21030/log/chromium-browser-stable-38.0.2125.104-1.mga5/build.0.20141016093308.log

CC: (none) => pterjan

Comment 4 Christiaan Welvaart 2014-10-19 00:26:54 CEST
AFAICT there is no need to run tools/gn/bootstrap/bootstrap.py - have you tried building without gn?

CC: (none) => cjw

Comment 5 David Walser 2014-10-19 02:06:17 CEST
(In reply to Christiaan Welvaart from comment #4)
> AFAICT there is no need to run tools/gn/bootstrap/bootstrap.py - have you
> tried building without gn?

No, I've checked that into SVN.  I'll try it when the mass rebuild finishes.
Comment 7 David Walser 2014-10-21 14:14:40 CEST
For Mageia 4, it's built in core/updates_testing.

Pascal, the build system is broken and won't allow the tainted build for Mageia 4 to be submitted.

Submission errors, aborting:
- chromium-browser-stable-38.0.2125.104-1.mga4:
 - Current or newer revision(s) already exists in core/updates_testing for 4: 38.0.2125.104-1.mga4
Comment 8 Christiaan Welvaart 2014-10-21 15:16:30 CEST
mga3 failure: maybe that version of gcc does not understand the C++11 'alignas(n)' (at that place). See mojo/public/c/system/macros.h - *if* this is the problem there is support for GCC's alignment attribute that should be enabled. Is compiling without -std=c++11 an option? Either that or patch the header file.
Comment 9 David Walser 2014-10-21 15:19:06 CEST
You're probably right.  Patches are welcome.
Comment 10 Pascal Terjan 2014-10-22 01:23:00 CEST
Strange, it accepted the tainted build here:

[pterjan@chopin-cauldron-64 chromium-browser-stable]$ mgarepo submit --define section=tainted/updates_testing
Submitting chromium-browser-stable at revision 791948
URL: svn+ssh://svn.mageia.org/svn/packages/updates/4/chromium-browser-stable
Implicit target: 4
Package submitted!
Comment 11 David Walser 2014-10-25 19:13:13 CEST
Thanks for your help Christiaan!

Updated packages uploaded for Mageia 3, Mageia 4, and Cauldron.

Note to QA: there are both core and tainted builds for this package.

Advisory:
========================

Updated chromium-browser-stable packages fix security vulnerabilities:

Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Chromium to crash or,
potentially, execute arbitrary code with the privileges of the user running
Chromium (CVE-2014-3188, CVE-2014-3189, CVE-2014-3190, CVE-2014-3191,
CVE-2014-3192, CVE-2014-3193, CVE-2014-3194, CVE-2014-3199, CVE-2014-3200).

Several information leak flaws were found in the processing of malformed
web content. A web page containing malicious content could cause Chromium
to disclose potentially sensitive information (CVE-2014-3195,
CVE-2014-3197, CVE-2014-3198).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3188
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3189
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3190
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3191
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3192
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3193
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3194
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3195
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3197
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3198
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3199
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3200
http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html
http://googlechromereleases.blogspot.com/2014/10/stable-channel-update_14.html
https://rhn.redhat.com/errata/RHSA-2014-1626.html
========================

Updated packages in core/updates_testing:
========================
chromium-browser-stable-38.0.2125.104-1.mga3
chromium-browser-38.0.2125.104-1.mga3
chromium-browser-stable-38.0.2125.104-1.mga4
chromium-browser-38.0.2125.104-1.mga4

Updated packages in tainted/updates_testing:
========================
chromium-browser-stable-38.0.2125.104-1.mga3
chromium-browser-38.0.2125.104-1.mga3
chromium-browser-stable-38.0.2125.104-1.mga4
chromium-browser-38.0.2125.104-1.mga4

from SRPMS:
chromium-browser-stable-38.0.2125.104-1.mga3.src.rpm
chromium-browser-stable-38.0.2125.104-1.mga4.src.rpm

Assignee: bugsquad => qa-bugs

Comment 12 Otto Leipälä 2014-10-26 07:21:52 CET
I will stat to testing it today it,this time i don't wan't to hear that nobody complain that java or flash are not working with chromium !!!!!!.

CC: (none) => ozkyster

Comment 13 Otto Leipälä 2014-10-26 12:02:23 CET
Testing done Mga4&3 64&32 core/tainted builds no single crash or problems found i will validate it.
Sysadmin please push this to updates.

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs
Whiteboard: MGA3TOO => MGA3TOO MGA4-32-OK MGA4-64-OK MGA3-32-OK MGA3-64-OK

Comment 14 James Kerr 2014-10-26 13:14:43 CET
I think that this needs a QA team member with SVN access to upload the advisory before it can be pushed to updates.
Comment 15 Otto Leipälä 2014-10-26 13:19:50 CET
This is not any new thing that all of qa team testers have access to svn to upload advisories remi or claire do it normally those advisories.
Comment 16 Rémi Verschelde 2014-10-26 15:49:16 CET
Advisory uploaded.

Whiteboard: MGA3TOO MGA4-32-OK MGA4-64-OK MGA3-32-OK MGA3-64-OK => MGA3TOO MGA4-32-OK MGA4-64-OK MGA3-32-OK MGA3-64-OK advisory

Comment 17 Mageia Robot 2014-10-28 12:34:13 CET
An update for this issue has been pushed to Mageia Updates repository.

http://advisories.mageia.org/MGASA-2014-0428.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED

Comment 18 David Walser 2014-11-17 22:41:50 CET
The tainted packages never got pushed for this update and are still in tainted/updates_testing.  Sysadmins, please push them.

Status: RESOLVED => REOPENED
Resolution: FIXED => (none)

Comment 19 Mageia Robot 2014-11-18 23:35:48 CET
An update for this issue has been pushed to Mageia Updates repository.

http://advisories.mageia.org/MGASA-2014-0428.html

Status: REOPENED => RESOLVED
Resolution: (none) => FIXED

Comment 20 Pascal Terjan 2014-11-18 23:41:02 CET
For the record, the problem was http://svnweb.mageia.org/advisories/14258.adv?r1=2177&r2=2176&pathrev=2177

Note You need to log in before you can comment on or make changes to this bug.