Bug 991116 (CVE-2013-2882)
| Summary: | CVE-2013-2882 v8: remote DoS or unspecified other impact via type confusion | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Vincent Danen <vdanen> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | abaron, aortega, apevec, ayoung, bkearney, bleanhar, cbillett, ccoleman, chrisw, cpelland, dmcphers, gkotton, iheim, jdetiber, jialiu, jkeck, jokerman, jomara, jorton, katello-bugs, kseifried, lhh, lmeyer, markmc, mmaslano, mmccomas, mmccune, mmcgrath, msuchy, rbryant, rhos-maint, sclewis, sgallagh, tcallawa, tchollingsworth, thrcka, tjay, tomckay, tomspur, yeylon |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | v8 3.18.5.12, v8 3.19.18.14 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2014-11-08 01:56:29 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 991127, 991128, 994830, 994831, 994833, 994834, 995301, 999156, 999157, 1008792 | ||
| Bug Blocks: | 991126, 1000138 | ||
|
Description
Vincent Danen
2013-08-01 16:47:49 UTC
Created v8 tracking bugs for this issue: Affects: fedora-all [bug 991127] Affects: epel-6 [bug 991128] v8 as shipped in Fedora is currently on version 3.14.5. We don't ship Chrome/Chromium; the version of v8 carried in Fedora is meant to support Node.JS development. Thus, we are rarely-if-ever on the latest version of the code. Also, v8 does not provide API stability guarantees between minor versions, so it's is highly non-trivial to upgrade to 3.18.x or later. Can we get information from Google as to whether this vulnerability was present in the 3.14.x release series? The relevant upstream commit seems to be: https://github.com/v8/v8/commit/eea2c15ffe67908e944c1ece849186eaa3d67f3a Which on its face looks like it could go into v8 3.14 used by node stable, but I'd rather have bnoordhuis have a look first. (I don't pretend to know a great deal about v8 internals.) I usually just punt these to the nodejs folks anyway since they have ears at the Googleplex mere mortals don't usually have access to. ;-) https://github.com/joyent/node/issues/5973 Thanks for digging into that. It does look as though that is the correct commit. I suspect that backporting that commit to our current versions would be sufficient to resolve the flaw. Patch backported. Please remember that what is remote DoS for Chromium is just a local DoS for node.js. There are a lot more interesting ways to DoS your machine with server-side JS. ;-) v8-3.14.5.10-2.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report. v8-3.14.5.10-2.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report. v8-3.14.5.10-2.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report. This issue has been addressed in following products: OpenStack 3 for RHEL 6 Via RHSA-2013:1201 https://rhn.redhat.com/errata/RHSA-2013-1201.html |