Arch Linux Security Advisory ASA-201707-4 ========================================= Severity: Critical Date : 2017-07-04 CVE-ID : CVE-2017-5070 CVE-2017-5071 CVE-2017-5075 CVE-2017-5076 CVE-2017-5077 CVE-2017-5078 CVE-2017-5079 CVE-2017-5083 CVE-2017-5088 CVE-2017-5089 Package : qt5-webengine Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-339 Summary ======= The package qt5-webengine before version 5.9.1-1 is vulnerable to multiple issues including arbitrary code execution, arbitrary command execution, information disclosure and content spoofing. Resolution ========== Upgrade to 5.9.1-1. # pacman -Syu "qt5-webengine>=5.9.1-1" The problems have been fixed upstream in version 5.9.1. Workaround ========== None. Description =========== - CVE-2017-5070 (arbitrary code execution) A type confusion flaw has been found in the V8 component of the Chromium browser. - CVE-2017-5071 (information disclosure) An out of bounds read flaw has been found in the V8 component of the Chromium browser. - CVE-2017-5075 (information disclosure) An information leak flaw has been found in the CSP reporting component of the Chromium browser. - CVE-2017-5076 (content spoofing) An address spoofing flaw has been found in the Omnibox component of the Chromium browser. - CVE-2017-5077 (arbitrary code execution) A heap buffer overflow flaw was found in the Skia component of the Chromium browser. - CVE-2017-5078 (arbitrary command execution) A possible command injection flaw has been found in the mailto handling component of the Chromium browser. - CVE-2017-5079 (content spoofing) A UI spoofing flaw has been found in the Blink component of the Chromium browser. - CVE-2017-5083 (content spoofing) A UI spoofing flaw has been found in the Blink component of the Chromium browser. - CVE-2017-5088 (information disclosure) An out-of-bounds read vulnerability has been found in the V8 component of the Chromium browser < 59.0.3071.104. - CVE-2017-5089 (content spoofing) A domain spoofing vulnerability has been found in the Omnibox component of the Chromium browser < 59.0.3071.104. Impact ====== A remote attacker can access sensitive information, spoof content and execute arbitrary code and commands on the affected host. References ========== https://github.com/qt/qtwebengine/blob/5.9.1/dist/changes-5.9.1 https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desk... https://bugs.chromium.org/p/chromium/issues/detail?id=722756 https://bugs.chromium.org/p/chromium/issues/detail?id=715582 https://bugs.chromium.org/p/chromium/issues/detail?id=678776 https://bugs.chromium.org/p/chromium/issues/detail?id=719199 https://bugs.chromium.org/p/chromium/issues/detail?id=716311 https://bugs.chromium.org/p/chromium/issues/detail?id=711020 https://bugs.chromium.org/p/chromium/issues/detail?id=713686 https://bugs.chromium.org/p/chromium/issues/detail?id=714849 https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desk... https://bugs.chromium.org/p/chromium/issues/detail?id=729991 https://bugs.chromium.org/p/chromium/issues/detail?id=714196 https://security.archlinux.org/CVE-2017-5070 https://security.archlinux.org/CVE-2017-5071 https://security.archlinux.org/CVE-2017-5075 https://security.archlinux.org/CVE-2017-5076 https://security.archlinux.org/CVE-2017-5077 https://security.archlinux.org/CVE-2017-5078 https://security.archlinux.org/CVE-2017-5079 https://security.archlinux.org/CVE-2017-5083 https://security.archlinux.org/CVE-2017-5088 https://security.archlinux.org/CVE-2017-5089