Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 504890 (CVE-2014-1705) - <www-client/chromium-33.0.1750.152 : Multiple Vulnerabilities (CVE-2014-{1705,1713,1714,1715})
Summary: <www-client/chromium-33.0.1750.152 : Multiple Vulnerabilities (CVE-2014-{1705...
Status: RESOLVED FIXED
Alias: CVE-2014-1705
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
URL: http://googlechromereleases.blogspot....
Whiteboard: A2 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2014-03-17 13:57 UTC by Agostino Sarubbo
Modified: 2014-09-02 07:58 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2014-03-17 13:57:49 UTC
From ${URL} :

The Stable Channel has been updated to 33.0.1750.152 for Mac and Linux and 33.0.1750.154 for Windows.

Security Fixes and Rewards

Congratulations to VUPEN and an Anonymous submission for winning the Pwn2Own competition.
[$100,000] [352369] Code execution outside sandbox. Credit to VUPEN.
[352374] High CVE-2014-1713: Use-after-free in Blink bindings
[352395] High CVE-2014-1714: Windows clipboard vulnerability
[$60,000] [352420] Code execution outside sandbox. Credit to Anonymous.
[351787] High CVE-2014-1705: Memory corruption in V8
[352429] High CVE-2014-1715: Directory traversal issue

We’re delighted at the success of Pwn2Own and the ability to study full exploits. We anticipate landing 
additional changes and hardening measures for these vulnerabilities in the near future. We also believe 
that both submissions are works of art and deserve wider sharing and recognition. We plan to do technical 
reports on both Pwn2Own submissions in the future.


@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 Mike Gilbert gentoo-dev 2014-03-17 15:49:16 UTC
Working on the bump.
Comment 2 Mike Gilbert gentoo-dev 2014-03-17 22:36:24 UTC
Please stabilize on amd64 and x86.

=www-client/chromium-33.0.1750.152
Comment 3 Richard Freeman gentoo-dev 2014-03-18 01:27:14 UTC
amd64 stable
Comment 4 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2014-03-18 16:38:45 UTC
x86 stable
Comment 5 Agostino Sarubbo gentoo-dev 2014-03-20 11:36:24 UTC
Security: please add it to the existing draft or file a new one.
Comment 6 Mikle Kolyada archtester Gentoo Infrastructure gentoo-dev Security 2014-03-20 12:20:51 UTC
glsa request filed.
Comment 7 GLSAMaker/CVETool Bot gentoo-dev 2014-04-10 21:36:38 UTC
CVE-2014-1715 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1715):
  Directory traversal vulnerability in Google Chrome before 33.0.1750.152 on
  OS X and Linux and before 33.0.1750.154 on Windows has unspecified impact
  and attack vectors.

CVE-2014-1714 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1714):
  The ScopedClipboardWriter::WritePickledData function in
  ui/base/clipboard/scoped_clipboard_writer.cc in Google Chrome before
  33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows does not
  verify a certain format value, which allows remote attackers to cause a
  denial of service or possibly have unspecified other impact via vectors
  related to the clipboard.

CVE-2014-1713 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1713):
  Use-after-free vulnerability in the AttributeSetter function in
  bindings/templates/attributes.cpp in the bindings in Blink, as used in
  Google Chrome before 33.0.1750.152 on OS X and Linux and before
  33.0.1750.154 on Windows, allows remote attackers to cause a denial of
  service or possibly have unspecified other impact via vectors involving the
  document.location value.

CVE-2014-1705 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1705):
  Google V8, as used in Google Chrome before 33.0.1750.152 on OS X and Linux
  and before 33.0.1750.154 on Windows, allows remote attackers to cause a
  denial of service (memory corruption) or possibly have unspecified other
  impact via unknown vectors.
Comment 8 GLSAMaker/CVETool Bot gentoo-dev 2014-09-02 07:58:19 UTC
This issue was resolved and addressed in
 GLSA 201408-16 at http://security.gentoo.org/glsa/glsa-201408-16.xml
by GLSA coordinator Kristian Fiskerstrand (K_F).