Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
First Last Prev Next    This bug is not in your last search results.
Bug 1086116 - (CVE-2014-1721) CVE-2014-1721 v8: memory corruption issue fixed in Google Chrome 34.0.1847.116
CVE-2014-1721 v8: memory corruption issue fixed in Google Chrome 34.0.1847.116
Status: CLOSED NOTABUG
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
impact=moderate,public=20140312,repor...
: Security
Depends On: 1086118 1086119
Blocks: 1086126
  Show dependency treegraph
 
Reported: 2014-04-10 03:13 EDT by Murray McAllister
Modified: 2016-04-26 12:22 EDT (History)
54 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2014-09-04 10:03:43 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Murray McAllister 2014-04-10 03:13:46 EDT 
Common Vulnerabilities and Exposures assigned an identifier CVE-2014-1721 to
the following vulnerability:

Name: CVE-2014-1721
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1721
Assigned: 20140129
Reference: http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html
Reference: https://code.google.com/p/chromium/issues/detail?id=350434
Reference: https://code.google.com/p/v8/source/detail?r=19834

Google V8, as used in Google Chrome before 34.0.1847.116, does not
properly implement lazy deoptimization, which allows remote attackers
to cause a denial of service (memory corruption) or possibly have
unspecified other impact via crafted JavaScript code, as demonstrated
by improper handling of a heap allocation of a number outside the
Small Integer (aka smi) range.

This is possibly impact moderate or low with the way v8 is used in Red Hat products and Fedora. Investigation ongoing.
Comment 1 Murray McAllister 2014-04-10 03:16:50 EDT 
Created v8 tracking bugs for this issue:

Affects: fedora-all [bug 1086118]
Affects: epel-6 [bug 1086119]
Comment 2 Tomas Hoger 2014-06-16 10:18:17 EDT 
Most of the patch is applicable to v8 3.14.  However, the test case form upstream commit does not reproduce any issue with 3.14.  It requires removal of %SetAllocationTimeout which is not supported in that version.  It does not seem such change should break the test.
Comment 3 Tomas Hoger 2014-09-04 10:03:43 EDT 
Not reproducible with the other test case from the other bug:

https://code.google.com/p/chromium/issues/detail?id=350434#c12

Assuming this is not needed for 3.14.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.