Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

October 2018 Security Update #5764

Merged
merged 7 commits into from
Oct 9, 2018
Merged

October 2018 Security Update #5764

merged 7 commits into from
Oct 9, 2018

Conversation

thomasmo
Copy link
Contributor

@thomasmo thomasmo commented Oct 9, 2018

October 2018 Security Update that addresses the following issues in ChakraCore:
CVE-2018-8473
CVE-2018-8500
CVE-2018-8503
CVE-2018-8505
CVE-2018-8510
CVE-2018-8511
CVE-2018-8513

paolosevMSFT and others added 7 commits October 8, 2018 11:26
@paolosevMSFT
[CVE-2018-8473] Edge - Chakra: Stack corruption in the presence of ne…
a278643 
…sted inlinees

In the presence of nested inlined functions, jitted code can bail out to the wrong function.
This fix disables the inline-args-optimization when it detects that the value of the functionObject symbol for an inlinee has changed between its InlineeStart and its InlineeEnd.
@sigatrev
[CVE-2018-8510] Edge - missing BytecodeUses for IsIn optimization lea…
9b36ce8 
…ds to type confusion
@rajatd
[CVE-2018-8503] Edge - RCE :Type Confusion Bug For Edge Bounty Progra…
062b4d9 
…m - Qihoo 360
@rajatd
[CVE-2018-8505] Edge - Chakra::TypeConfusion_8_16 JIT - Qihoo 360
08f11df
@rajatd
[CVE-2018-8511] Edge - UAF of LdFld instruction in GlobOpt::prePassIn…
f8aa306 
…strMap, freed by path dependent branch folding - Internal
@pleath
[CVE-2018-8500] RCE after cleanup of jitted entry points
cd84a0b
@pleath
[CVE-2018-8513] Type confusion after converting accessor property to …
8997c70 
…data
@dilijev dilijev mentioned this pull request Oct 9, 2018
Merged
rajatd
rajatd approved these changes Oct 9, 2018
View reviewed changes
Copy link
Contributor

@rajatd rajatd left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

:shipit:

@chakrabot chakrabot merged commit 8997c70 into chakra-core:release/1.10 Oct 9, 2018
chakrabot pushed a commit that referenced this pull request Oct 9, 2018
[MERGE #5764 @thomasmo] October 2018 Security Update
f40b55c 
Merge pull request #5764 from thomasmo:1810

October 2018 Security Update that addresses the following issues in ChakraCore:
CVE-2018-8473
CVE-2018-8500
CVE-2018-8503
CVE-2018-8505
CVE-2018-8510
CVE-2018-8511
CVE-2018-8513
chakrabot pushed a commit that referenced this pull request Oct 9, 2018
[1.10>1.11] [MERGE #5764 @thomasmo] October 2018 Security Update
bc9e381 
Merge pull request #5764 from thomasmo:1810

October 2018 Security Update that addresses the following issues in ChakraCore:
CVE-2018-8473
CVE-2018-8500
CVE-2018-8503
CVE-2018-8505
CVE-2018-8510
CVE-2018-8511
CVE-2018-8513
chakrabot pushed a commit that referenced this pull request Oct 10, 2018
[1.11>master] [1.10>1.11] [MERGE #5764 @thomasmo] October 2018 Securi…
090b258 
…ty Update

Merge pull request #5764 from thomasmo:1810

October 2018 Security Update that addresses the following issues in ChakraCore:
CVE-2018-8473
CVE-2018-8500
CVE-2018-8503
CVE-2018-8505
CVE-2018-8510
CVE-2018-8511
CVE-2018-8513
This was referenced Nov 29, 2021
Open
Open
Open
Open
Open
Open
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pleath pleath pleath approved these changes

@rajatd rajatd rajatd approved these changes

@sigatrev sigatrev sigatrev approved these changes

@paolosevMSFT paolosevMSFT Awaiting requested review from paolosevMSFT

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@thomasmo @sigatrev @rajatd @pleath @chakrabot @paolosevMSFT