Common Vulnerabilities and Exposures assigned an identifier CVE-2013-2882 to
the following vulnerability:
Google V8, as used in Google Chrome before 28.0.1500.95, allows remote
attackers to cause a denial of service or possibly have unspecified
other impact via vectors that leverage "type confusion."
Created v8 tracking bugs for this issue:
Affects: fedora-all [bug 991127]
Affects: epel-6 [bug 991128]
v8 as shipped in Fedora is currently on version 3.14.5. We don't ship Chrome/Chromium; the version of v8 carried in Fedora is meant to support Node.JS development. Thus, we are rarely-if-ever on the latest version of the code.
Also, v8 does not provide API stability guarantees between minor versions, so it's is highly non-trivial to upgrade to 3.18.x or later.
Can we get information from Google as to whether this vulnerability was present in the 3.14.x release series?
The relevant upstream commit seems to be:
Which on its face looks like it could go into v8 3.14 used by node stable, but I'd rather have bnoordhuis have a look first. (I don't pretend to know a great deal about v8 internals.)
I usually just punt these to the nodejs folks anyway since they have ears at the Googleplex mere mortals don't usually have access to. ;-)
Thanks for digging into that. It does look as though that is the correct commit. I suspect that backporting that commit to our current versions would be sufficient to resolve the flaw.
Please remember that what is remote DoS for Chromium is just a local DoS for node.js. There are a lot more interesting ways to DoS your machine with server-side JS. ;-)
v8-220.127.116.11-2.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
v8-18.104.22.168-2.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.
v8-22.214.171.124-2.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.
This issue has been addressed in following products:
OpenStack 3 for RHEL 6
Via RHSA-2013:1201 https://rhn.redhat.com/errata/RHSA-2013-1201.html