Bug 991116 (CVE-2013-2882) - CVE-2013-2882 v8: remote DoS or unspecified other impact via type confusion
Summary: CVE-2013-2882 v8: remote DoS or unspecified other impact via type confusion
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2013-2882
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 991127 991128 994830 994831 994833 994834 995301 999156 999157 1008792
Blocks: 991126 1000138
TreeView+ depends on / blocked
 
Reported: 2013-08-01 16:47 UTC by Vincent Danen
Modified: 2020-11-05 10:31 UTC (History)
40 users (show)

Fixed In Version: v8 3.18.5.12, v8 3.19.18.14
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-11-08 01:56:29 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2013:1201 0 normal SHIPPED_LIVE Low: ruby193-v8 security update 2013-09-04 00:27:38 UTC

Description Vincent Danen 2013-08-01 16:47:49 UTC 
Common Vulnerabilities and Exposures assigned an identifier CVE-2013-2882 to
the following vulnerability:

Name: CVE-2013-2882
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2882
Assigned: 20130411
Reference: http://googlechromereleases.blogspot.com/2013/07/stable-channel-update_30.html
Reference: https://code.google.com/p/chromium/issues/detail?id=260106

Google V8, as used in Google Chrome before 28.0.1500.95, allows remote
attackers to cause a denial of service or possibly have unspecified
other impact via vectors that leverage "type confusion."
Comment 2 Vincent Danen 2013-08-01 17:00:26 UTC 
Created v8 tracking bugs for this issue:

Affects: fedora-all [bug 991127]
Affects: epel-6 [bug 991128]
Comment 3 Stephen Gallagher 2013-08-01 17:01:14 UTC 
v8 as shipped in Fedora is currently on version 3.14.5. We don't ship Chrome/Chromium; the version of v8 carried in Fedora is meant to support Node.JS development. Thus, we are rarely-if-ever on the latest version of the code.

Also, v8 does not provide API stability guarantees between minor versions, so it's is highly non-trivial to upgrade to 3.18.x or later.

Can we get information from Google as to whether this vulnerability was present in the 3.14.x release series?
Comment 4 T.C. Hollingsworth 2013-08-01 20:42:40 UTC 
The relevant upstream commit seems to be:
https://github.com/v8/v8/commit/eea2c15ffe67908e944c1ece849186eaa3d67f3a

Which on its face looks like it could go into v8 3.14 used by node stable, but I'd rather have bnoordhuis have a look first.  (I don't pretend to know a great deal about v8 internals.)

I usually just punt these to the nodejs folks anyway since they have ears at the Googleplex mere mortals don't usually have access to.  ;-)

https://github.com/joyent/node/issues/5973
Comment 5 Vincent Danen 2013-08-02 16:26:55 UTC 
Thanks for digging into that.  It does look as though that is the correct commit.  I suspect that backporting that commit to our current versions would be sufficient to resolve the flaw.
Comment 6 T.C. Hollingsworth 2013-08-02 20:51:25 UTC 
Patch backported.

Please remember that what is remote DoS for Chromium is just a local DoS for node.js.  There are a lot more interesting ways to DoS your machine with server-side JS.  ;-)
Comment 9 Fedora Update System 2013-08-15 02:39:07 UTC 
v8-3.14.5.10-2.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 10 Fedora Update System 2013-08-15 03:02:37 UTC 
v8-3.14.5.10-2.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 11 Fedora Update System 2013-08-18 19:09:03 UTC 
v8-3.14.5.10-2.el6 has been pushed to the Fedora EPEL 6 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 14 errata-xmlrpc 2013-09-03 20:29:02 UTC 
This issue has been addressed in following products:

  OpenStack 3 for RHEL 6

Via RHSA-2013:1201 https://rhn.redhat.com/errata/RHSA-2013-1201.html
Note You need to log in before you can comment on or make changes to this bug.