Bug 877768 - (CVE-2014-1740) VUL-0: CVE-2014-1740: google-chrome: websocket UAF
(CVE-2014-1740)
VUL-0: CVE-2014-1740: google-chrome: websocket UAF
Status: RESOLVED FIXED
Classification: openSUSE
Product: openSUSE Tumbleweed
Classification: openSUSE
Component: Security
13.2 Milestone 0
Other Other
: P3 - Medium : Normal (vote)
: ---
Assigned To: Raymond Wooninck
E-mail List
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2014-05-14 13:26 UTC by Sebastian Krahmer
Modified: 2014-09-01 13:13 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sebastian Krahmer 2014-05-14 13:26:26 UTC
CVE-2014-1740

Multiple use-after-free vulnerabilities in net/websockets/websocket_job.cc in
the WebSockets implementation in Google Chrome before 34.0.1847.137 allow remote
attackers to cause a denial of service or possibly have unspecified other impact
via vectors related to WebSocketJob deletion.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1740
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1740
http://googlechromereleases.blogspot.com/2014/05/stable-channel-update.html
https://code.google.com/p/chromium/issues/detail?id=358038
https://src.chromium.org/viewvc/chrome?revision=261707&view=revision
Comment 1 Sebastian Krahmer 2014-05-14 13:28:12 UTC
Also CVE-2014-1742:

Use-after-free vulnerability in the FrameSelection::updateAppearance function in
core/editing/FrameSelection.cpp in Blink, as used in Google Chrome before
34.0.1847.137, allows remote attackers to cause a denial of service or possibly
have unspecified other impact by leveraging improper RenderObject handling.
Comment 2 Swamp Workflow Management 2014-05-14 22:00:29 UTC
bugbot adjusting priority
Comment 3 Sebastian Krahmer 2014-05-21 14:20:58 UTC
Chrome 35 stable has been released, fixing even more CVE's.
Comment 4 Raymond Wooninck 2014-05-22 14:51:45 UTC
And Chromium 35 Stable was submitted to the maintenance track with MR#235119 and MR#235120
Comment 5 Marcus Meissner 2014-05-23 07:23:12 UTC
can you please submit with all CVEs listed?
Comment 6 Raymond Wooninck 2014-05-23 10:48:19 UTC
If I had them, then they would have been listed. I added two more and that is all the information I have.
Comment 7 Sebastian Krahmer 2014-05-26 11:33:26 UTC
There seem to be some build errors:

https://build.opensuse.org/package/live_build_log/openSUSE:Maintenance:2843/chromium.openSUSE_12.3_Update/openSUSE_12.3_Update/x86_64 (and others)

And I dont have more CVE infos either.
Comment 8 Raymond Wooninck 2014-05-26 11:56:17 UTC
The build error is caused by the fact that ninja is too old for 12.3.  Unfortunately we never had this issue before as that we used standard make, which no longer works due to an upstream bug. Therefore I switched to Ninja, but the available version is too old.  

I could submit ninja from Factory (version 1.4.0), but I am not sure if this would be ok. 

Please advice.
Comment 9 Sebastian Krahmer 2014-05-26 13:04:38 UTC
Ok, try to submit the ninja package from 13.1 please
Comment 10 Raymond Wooninck 2014-05-27 11:37:00 UTC
Ok. I submitted ninja from openSUSE:13.1 to 12.3  with MR#235531
Comment 12 Marcus Meissner 2014-09-01 13:13:03 UTC
released