Bug 1086120 (CVE-2014-1729)

Summary: CVE-2014-1729 v8: multiple unspecified vulnerabilities fixed in Google Chrome 34.0.1847.116
Product: [Other] Security Response Reporter: Murray McAllister <mmcallis>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NOTABUG QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: abaron, aortega, apevec, ayoung, bdunne, bgollahe, bkearney, bleanhar, cbillett, ccoleman, chrisw, cpelland, dajohnso, dallan, dclarizi, dmcphers, drieden, gkotton, gmccullo, jdetiber, jfrey, jialiu, jkeck, jokerman, jomara, jorton, jprause, jrafanie, jvlcek, katello-bugs, kseifried, lhh, lmeyer, lpeer, markmc, mburns, mmaslano, mmccomas, mmccune, mmcgrath, obarenbo, rbryant, rhos-maint, sclewis, tcallawa, tchollingsworth, thrcka, tjay, tomckay, tomspur, vdanen, xlecauch, yeylon
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-09-04 13:12:05 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1086123, 1086124    
Bug Blocks: 1086126    

Description Murray McAllister 2014-04-10 07:20:02 UTC 
Common Vulnerabilities and Exposures assigned an identifier CVE-2014-1729 to
the following vulnerability:

Name: CVE-2014-1729
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1729
Assigned: 20140129
Reference: http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html
Reference: https://code.google.com/p/chromium/issues/detail?id=345820
Reference: https://code.google.com/p/chromium/issues/detail?id=347262
Reference: https://code.google.com/p/chromium/issues/detail?id=348319
Reference: https://code.google.com/p/chromium/issues/detail?id=350863
Reference: https://code.google.com/p/chromium/issues/detail?id=352982
Reference: https://code.google.com/p/chromium/issues/detail?id=355586
Reference: https://code.google.com/p/chromium/issues/detail?id=358059
Reference: https://code.google.com/p/v8/source/detail?r=19572
Reference: https://code.google.com/p/v8/source/detail?r=19584
Reference: https://code.google.com/p/v8/source/detail?r=19923
Reference: https://code.google.com/p/v8/source/detail?r=20033
Reference: https://code.google.com/p/v8/source/detail?r=20345
Reference: https://code.google.com/p/v8/source/detail?r=20409

Multiple unspecified vulnerabilities in Google V8 before 3.24.35.22,
as used in Google Chrome before 34.0.1847.116, allow attackers to
cause a denial of service or possibly have other impact via unknown
vectors.

This is possibly impact moderate or low with the way v8 is used in Red Hat products and Fedora. Investigation ongoing.
Comment 1 Murray McAllister 2014-04-10 07:23:38 UTC 
Created v8 tracking bugs for this issue:

Affects: fedora-all [bug 1086123]
Affects: epel-6 [bug 1086124]
Comment 2 Tomas Hoger 2014-06-16 15:12:23 UTC 
https://code.google.com/p/chromium/issues/detail?id=345820
https://code.google.com/p/v8/source/detail?r=19549

https://code.google.com/p/chromium/issues/detail?id=347262
https://code.google.com/p/v8/source/detail?r=19584

Not applicable to v8 3.14.  Upstream bugs suggest only Chrome version 34 was affected by these issues.

https://code.google.com/p/chromium/issues/detail?id=348319
https://code.google.com/p/v8/source/detail?r=19676

Not applicable to v8 3.14.  Upstream bug does not mention any Chrome version prior 34 as affected.

https://code.google.com/p/chromium/issues/detail?id=350863
https://code.google.com/p/v8/source/detail?r=19923

Private bug report.  This is a follow-up fix for one of the issues under CVE-2013-6668 / bug 1074737.

https://code.google.com/p/chromium/issues/detail?id=352982
https://code.google.com/p/v8/source/detail?r=20033

https://code.google.com/p/chromium/issues/detail?id=355586
https://code.google.com/p/v8/source/detail?r=20345

https://code.google.com/p/chromium/issues/detail?id=358059
https://code.google.com/p/v8/source/detail?r=20409

Private upstream bug reports.  Fixes not applicable to v8 3.14.
Comment 3 Tomas Hoger 2014-09-04 13:12:05 UTC 
(In reply to Tomas Hoger from comment #2)
> https://code.google.com/p/chromium/issues/detail?id=350863
> https://code.google.com/p/v8/source/detail?r=19923
> 
> Private bug report.  This is a follow-up fix for one of the issues under
> CVE-2013-6668 / bug 1074737.

This issue is not reproducible with v8 3.14.  The Hydrogen CFG generated by 3.24/3.25 where this issue was corrected is significantly different form the 3.14 output.  3.14 does not seem affected by this issue.