[Bug 877768] New: VUL-0: CVE-2014-1740: google-chrome: websocket UAF
https://bugzilla.novell.com/show_bug.cgi?id=877768 https://bugzilla.novell.com/show_bug.cgi?id=877768#c0 Summary: VUL-0: CVE-2014-1740: google-chrome: websocket UAF Classification: openSUSE Product: openSUSE Factory Version: 13.2 Milestone 0 Platform: Other OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security AssignedTo: tittiatcoke@gmail.com ReportedBy: krahmer@suse.com QAContact: qa-bugs@suse.de CC: security-team@suse.de Found By: Security Response Team Blocker: --- CVE-2014-1740 Multiple use-after-free vulnerabilities in net/websockets/websocket_job.cc in the WebSockets implementation in Google Chrome before 34.0.1847.137 allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to WebSocketJob deletion. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1740 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1740 http://googlechromereleases.blogspot.com/2014/05/stable-channel-update.html https://code.google.com/p/chromium/issues/detail?id=358038 https://src.chromium.org/viewvc/chrome?revision=261707&view=revision -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=877768 https://bugzilla.novell.com/show_bug.cgi?id=877768#c Sebastian Krahmer <krahmer@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Alias| |CVE-2014-1740 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=877768 https://bugzilla.novell.com/show_bug.cgi?id=877768#c1 --- Comment #1 from Sebastian Krahmer <krahmer@suse.com> 2014-05-14 13:28:12 UTC --- Also CVE-2014-1742: Use-after-free vulnerability in the FrameSelection::updateAppearance function in core/editing/FrameSelection.cpp in Blink, as used in Google Chrome before 34.0.1847.137, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper RenderObject handling. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=877768 https://bugzilla.novell.com/show_bug.cgi?id=877768#c2 Swamp Workflow Management <swamp@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P3 - Medium --- Comment #2 from Swamp Workflow Management <swamp@suse.de> 2014-05-14 22:00:29 UTC --- bugbot adjusting priority -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=877768 https://bugzilla.novell.com/show_bug.cgi?id=877768#c3 --- Comment #3 from Sebastian Krahmer <krahmer@suse.com> 2014-05-21 14:20:58 UTC --- Chrome 35 stable has been released, fixing even more CVE's. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=877768 https://bugzilla.novell.com/show_bug.cgi?id=877768#c4 Raymond Wooninck <tittiatcoke@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO InfoProvider| |krahmer@suse.com --- Comment #4 from Raymond Wooninck <tittiatcoke@gmail.com> 2014-05-22 14:51:45 UTC --- And Chromium 35 Stable was submitted to the maintenance track with MR#235119 and MR#235120 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=877768 https://bugzilla.novell.com/show_bug.cgi?id=877768#c5 Marcus Meissner <meissner@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW CC| |meissner@suse.com InfoProvider|krahmer@suse.com | --- Comment #5 from Marcus Meissner <meissner@suse.com> 2014-05-23 07:23:12 UTC --- can you please submit with all CVEs listed? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=877768 https://bugzilla.novell.com/show_bug.cgi?id=877768#c6 Raymond Wooninck <tittiatcoke@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO InfoProvider| |krahmer@suse.com --- Comment #6 from Raymond Wooninck <tittiatcoke@gmail.com> 2014-05-23 10:48:19 UTC --- If I had them, then they would have been listed. I added two more and that is all the information I have. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=877768 https://bugzilla.novell.com/show_bug.cgi?id=877768#c7 Sebastian Krahmer <krahmer@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW InfoProvider|krahmer@suse.com | --- Comment #7 from Sebastian Krahmer <krahmer@suse.com> 2014-05-26 11:33:26 UTC --- There seem to be some build errors: https://build.opensuse.org/package/live_build_log/openSUSE:Maintenance:2843/... (and others) And I dont have more CVE infos either. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=877768 https://bugzilla.novell.com/show_bug.cgi?id=877768#c8 Raymond Wooninck <tittiatcoke@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO InfoProvider| |krahmer@suse.com --- Comment #8 from Raymond Wooninck <tittiatcoke@gmail.com> 2014-05-26 11:56:17 UTC --- The build error is caused by the fact that ninja is too old for 12.3. Unfortunately we never had this issue before as that we used standard make, which no longer works due to an upstream bug. Therefore I switched to Ninja, but the available version is too old. I could submit ninja from Factory (version 1.4.0), but I am not sure if this would be ok. Please advice. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=877768 https://bugzilla.novell.com/show_bug.cgi?id=877768#c9 Sebastian Krahmer <krahmer@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW InfoProvider|krahmer@suse.com | --- Comment #9 from Sebastian Krahmer <krahmer@suse.com> 2014-05-26 13:04:38 UTC --- Ok, try to submit the ninja package from 13.1 please -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=877768 https://bugzilla.novell.com/show_bug.cgi?id=877768#c10 Raymond Wooninck <tittiatcoke@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO InfoProvider| |krahmer@suse.com --- Comment #10 from Raymond Wooninck <tittiatcoke@gmail.com> 2014-05-27 11:37:00 UTC --- Ok. I submitted ninja from openSUSE:13.1 to 12.3 with MR#235531 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=877768 https://bugzilla.novell.com/show_bug.cgi?id=877768#c12 Marcus Meissner <meissner@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED --- Comment #12 from Marcus Meissner <meissner@suse.com> 2014-09-01 13:13:03 UTC --- released -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com