February 2019 Security Update #5936
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters
…onfusion - 360Vulcan
…n a split scope (a function has both a param and body scope), then it is required that the body and param scope are marked as both requiring either a scope object or a scope slot. This was not being enforced in Scope::SetIsObject(). This led to an AV in the interpreter when accessing a property because StLocalSlot was used instead of StLocalObjSlot.
…romise result I also added mitigations for bad things that can happen when calling into a closed script context. 1. We delete xdata before unregistering it, which can lead to UAF if we call address of a closed function. Windows Exception code unconditionally jumps to handler address (i.e. without CFG check), so this can bypass CFG. I changed to delete after unregistering. 2. We zero code pages when we close script context, which could be exploitable on x86. I changed to fill with debugbreak.
meg-gupta approved these changes Feb 12, 2019
pleath approved these changes Feb 12, 2019
MikeHolman force-pushed the servicing/1902_1_11 branch from 3e2bfd5 to 8ffd310 Compare 
wyrichte approved these changes Feb 12, 2019
Contributor Author
| Failures all seem infra related. I'm going to merge despite them to get release going. |
MikeHolman force-pushed the servicing/1902_1_11 branch from 8ffd310 to a54c9cb Compare 
chakrabot pushed a commit that referenced this pull request Feb 12, 2019
Merge pull request #5936 from MikeHolman:servicing/1902_1_11 February 2019 Security Update that addresses the following issues in ChakraCore: CVE-2019-0590 CVE-2019-0591 CVE-2019-0593 CVE-2019-0605 CVE-2019-0607 CVE-2019-0610 CVE-2019-0640 CVE-2019-0642 CVE-2019-0644 CVE-2019-0648 CVE-2019-0649 CVE-2019-0651 CVE-2019-0655 CVE-2019-0658
chakrabot pushed a commit that referenced this pull request Feb 12, 2019
Merge pull request #5936 from MikeHolman:servicing/1902_1_11 February 2019 Security Update that addresses the following issues in ChakraCore: CVE-2019-0590 CVE-2019-0591 CVE-2019-0593 CVE-2019-0605 CVE-2019-0607 CVE-2019-0610 CVE-2019-0640 CVE-2019-0642 CVE-2019-0644 CVE-2019-0648 CVE-2019-0649 CVE-2019-0651 CVE-2019-0655 CVE-2019-0658
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit. This suggestion is invalid because no changes were made to the code. Suggestions cannot be applied while the pull request is closed. Suggestions cannot be applied while viewing a subset of changes. Only one suggestion per line can be applied in a batch. Add this suggestion to a batch that can be applied as a single commit. Applying suggestions on deleted lines is not supported. You must change the existing code in this line in order to create a valid suggestion. Outdated suggestions cannot be applied. This suggestion has been applied or marked resolved. Suggestions cannot be applied from pending reviews. Suggestions cannot be applied on multi-line comments. Suggestions cannot be applied while the pull request is queued to merge. Suggestion cannot be applied right now. Please check back later.
February 2019 Security Update that addresses the following issues in ChakraCore:
CVE-2019-0590
CVE-2019-0591
CVE-2019-0593
CVE-2019-0605
CVE-2019-0607
CVE-2019-0610
CVE-2019-0640
CVE-2019-0642
CVE-2019-0644
CVE-2019-0648
CVE-2019-0649
CVE-2019-0651
CVE-2019-0655
CVE-2019-0658