[Pkg-chromium-maint] Bug#740727: chromium: segfault when connecting to a TLS server with a weak DHE group

Daniel Kahn Gillmor dkg at fifthhorseman.net
Tue Mar 4 12:55:03 UTC 2014 

Package: chromium
Version: 32.0.1700.123-2
Severity: important

https://demo.cmrg.net/ is a horribly-configured webserver offering
only discrete-log DHE key exchange with a trivially-crackable 16-bit
group.

chromium segfaults when visiting it for any reason:

0 dkg at alice:~$ chromium https://demo.cmrg.net
Segmentation fault
139 dkg at alice:~$ cat tmp/x.html 
<html>
<head>
<title>
crasher
</title>
</head>
<body>
<h1>crasher</h1>
<p>blah blah</p>
<img src="https://demo.cmrg.net/" />
</body>
</html>
0 dkg at alice:~$ chromium file://$(pwd)/tmp/x.html 
Segmentation fault
139 dkg at alice:~$ 

John Haxby originally reported this on the oss-security list against
Chrome, not chromium:

  http://www.openwall.com/lists/oss-security/2014/03/04/7

So I suspect this is an upstream issue, but the upstream bug tracker
wants me to "sign in to all of google", and i'd rather not.  feel free
to report this upstream, though.

Sorry i don't have a backtrace to offer here: I don't have 2.3GiB of
space available on this machine to install chromium-dbg.  I suspect
anyone who wants a backtrace should be able to get one from the above
replication steps.

  --dkg

-- System Information:
Debian Release: jessie/sid
  APT prefers testing
  APT policy: (500, 'testing'), (200, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.13-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages chromium depends on:
ii  chromium-inspector   32.0.1700.123-1
ii  gconf-service        3.2.6-1
ii  libasound2           1.0.27.2-3
ii  libatk1.0-0          2.10.0-2
ii  libc6                2.17-97
ii  libcairo2            1.12.16-2
ii  libcups2             1.7.1-5
ii  libdbus-1-3          1.8.0-1
ii  libexpat1            2.1.0-4
ii  libfontconfig1       2.11.0-2
ii  libfreetype6         2.5.2-1
ii  libgcc1              1:4.8.2-16
ii  libgconf-2-4         3.2.6-1
ii  libgcrypt11          1.5.3-3
ii  libgdk-pixbuf2.0-0   2.30.5-1
ii  libglib2.0-0         2.38.2-5
ii  libgnome-keyring0    3.4.1-1
ii  libgtk2.0-0          2.24.22-1
ii  libjpeg8             8d-2
ii  libnspr4             2:4.10.3-1
ii  libnss3              2:3.15.4-2
ii  libpango-1.0-0       1.36.0-1+b1
ii  libpangocairo-1.0-0  1.36.0-1+b1
ii  libspeechd2          0.7.1-6.3
ii  libspeex1            1.2~rc1.1-1
ii  libstdc++6           4.8.2-16
ii  libudev1             204-7
ii  libx11-6             2:1.6.2-1
ii  libxcomposite1       1:0.4.4-1
ii  libxdamage1          1:1.1.4-1
ii  libxext6             2:1.3.2-1
ii  libxfixes3           1:5.0.1-1
ii  libxi6               2:1.7.2-1
ii  libxml2              2.9.1+dfsg1-3
ii  libxrender1          1:0.9.8-1
ii  libxslt1.1           1.1.28-2
ii  libxss1              1:1.2.2-1
ii  libxtst6             2:1.2.2-1
ii  xdg-utils            1.1.0~rc1+git20111210-7

chromium recommends no packages.

Versions of packages chromium suggests:
pn  chromium-l10n  <none>

-- debconf-show failed

More information about the Pkg-chromium-maint mailing list