Bug 991116 - (CVE-2013-2882) CVE-2013-2882 v8: remote DoS or unspecified other impact via type confusion
CVE-2013-2882 v8: remote DoS or unspecified other impact via type confusion
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
impact=moderate,public=20130730,repor...
: Security
Depends On: 991127 991128 994830 994831 994833 994834 995301 999156 999157 1008792
Blocks: 991126 1000138
  Show dependency treegraph
 
Reported: 2013-08-01 12:47 EDT by Vincent Danen
Modified: 2016-04-27 01:43 EDT (History)
42 users (show)

See Also:
Fixed In Version: v8 3.18.5.12, v8 3.19.18.14
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2014-11-07 20:56:29 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Vincent Danen 2013-08-01 12:47:49 EDT
Common Vulnerabilities and Exposures assigned an identifier CVE-2013-2882 to
the following vulnerability:

Name: CVE-2013-2882
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2882
Assigned: 20130411
Reference: http://googlechromereleases.blogspot.com/2013/07/stable-channel-update_30.html
Reference: https://code.google.com/p/chromium/issues/detail?id=260106

Google V8, as used in Google Chrome before 28.0.1500.95, allows remote
attackers to cause a denial of service or possibly have unspecified
other impact via vectors that leverage "type confusion."
Comment 2 Vincent Danen 2013-08-01 13:00:26 EDT
Created v8 tracking bugs for this issue:

Affects: fedora-all [bug 991127]
Affects: epel-6 [bug 991128]
Comment 3 Stephen Gallagher 2013-08-01 13:01:14 EDT
v8 as shipped in Fedora is currently on version 3.14.5. We don't ship Chrome/Chromium; the version of v8 carried in Fedora is meant to support Node.JS development. Thus, we are rarely-if-ever on the latest version of the code.

Also, v8 does not provide API stability guarantees between minor versions, so it's is highly non-trivial to upgrade to 3.18.x or later.

Can we get information from Google as to whether this vulnerability was present in the 3.14.x release series?
Comment 4 T.C. Hollingsworth 2013-08-01 16:42:40 EDT
The relevant upstream commit seems to be:
https://github.com/v8/v8/commit/eea2c15ffe67908e944c1ece849186eaa3d67f3a

Which on its face looks like it could go into v8 3.14 used by node stable, but I'd rather have bnoordhuis have a look first.  (I don't pretend to know a great deal about v8 internals.)

I usually just punt these to the nodejs folks anyway since they have ears at the Googleplex mere mortals don't usually have access to.  ;-)

https://github.com/joyent/node/issues/5973
Comment 5 Vincent Danen 2013-08-02 12:26:55 EDT
Thanks for digging into that.  It does look as though that is the correct commit.  I suspect that backporting that commit to our current versions would be sufficient to resolve the flaw.
Comment 6 T.C. Hollingsworth 2013-08-02 16:51:25 EDT
Patch backported.

Please remember that what is remote DoS for Chromium is just a local DoS for node.js.  There are a lot more interesting ways to DoS your machine with server-side JS.  ;-)
Comment 9 Fedora Update System 2013-08-14 22:39:07 EDT
v8-3.14.5.10-2.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 10 Fedora Update System 2013-08-14 23:02:37 EDT
v8-3.14.5.10-2.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 11 Fedora Update System 2013-08-18 15:09:03 EDT
v8-3.14.5.10-2.el6 has been pushed to the Fedora EPEL 6 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 14 errata-xmlrpc 2013-09-03 16:29:02 EDT
This issue has been addressed in following products:

  OpenStack 3 for RHEL 6

Via RHSA-2013:1201 https://rhn.redhat.com/errata/RHSA-2013-1201.html

Note You need to log in before you can comment on or make changes to this bug.