[ASA-201712-6] qt5-webengine: multiple issues
Santiago Torres-Arias
santiago at archlinux.org
Thu Dec 14 00:06:26 UTC 2017
Arch Linux Security Advisory ASA-201712-6
=========================================
Severity: Critical
Date : 2017-12-13
CVE-ID : CVE-2017-15386 CVE-2017-15387 CVE-2017-15388 CVE-2017-15390
CVE-2017-15392 CVE-2017-15394 CVE-2017-5124 CVE-2017-5126
CVE-2017-5127 CVE-2017-5128 CVE-2017-5129 CVE-2017-5132
CVE-2017-5133
Package : qt5-webengine
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-545
Summary
=======
The package qt5-webengine before version 5.10.0-1 is vulnerable to
multiple issues including arbitrary code execution, cross-site
scripting, access restriction bypass, content spoofing and information
disclosure.
Resolution
==========
Upgrade to 5.10.0-1.
# pacman -Syu "qt5-webengine>=5.10.0-1"
The problems have been fixed upstream in version 5.10.0.
Workaround
==========
None.
Description
===========
- CVE-2017-15386 (content spoofing)
A UI spoofing issue has been found in the Blink component of the
Chromium browser < 62.0.3202.62.
- CVE-2017-15387 (access restriction bypass)
A content security bypass has been found in the Chromium browser <
62.0.3202.62.
- CVE-2017-15388 (information disclosure)
An out-of-bounds read has been found in the Skia component of the
Chromium browser < 62.0.3202.62.
- CVE-2017-15390 (content spoofing)
A URL spoofing issue has been found in the Omnibox component of the
Chromium browser < 62.0.3202.62.
- CVE-2017-15392 (access restriction bypass)
An incorrect registry key handling issue has been found in the
PlatformIntegration component of the Chromium browser < 62.0.3202.62.
- CVE-2017-15394 (content spoofing)
A URL spoofing flaw has been found in the extensions UI of the Chromium
browser < 62.0.3202.62.
- CVE-2017-5124 (cross-site scripting)
A universal XSS flaw has been found in the MHTML component of the
Chromium browser < 62.0.3202.62.
- CVE-2017-5126 (arbitrary code execution)
A use-after-free security issue has been found in the PDFium component
of the Chromium browser < 62.0.3202.62.
- CVE-2017-5127 (arbitrary code execution)
A use-after-free security issue has been found in the PDFium component
of the Chromium browser < 62.0.3202.62.
- CVE-2017-5128 (arbitrary code execution)
A heap overflow security issue has been found in the WebGL component of
the Chromium browser < 62.0.3202.62.
- CVE-2017-5129 (arbitrary code execution)
A use-after-free security issue has been found in the WebAudio
component of the Chromium browser < 62.0.3202.62.
- CVE-2017-5132 (arbitrary code execution)
An incorrect stack manipulation security issue has been found in the
WebAssembly component of the Chromium browser < 62.0.3202.62.
- CVE-2017-5133 (arbitrary code execution)
An out-of-bounds write has been found in the Skia component of the
Chromium browser < 62.0.3202.62.
Impact
======
A remote attacker can bypass security measures, trick the user by
spoofing parts of the UI, cause a denial of service or execute
arbitrary code on the affected host.
References
==========
https://github.com/qt/qtwebengine/blob/5.10/dist/changes-5.10.0#L37
https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html
https://crbug.com/752003
https://crbug.com/756040
https://crbug.com/756563
https://crbug.com/750239
https://crbug.com/714401
https://crbug.com/745580
https://crbug.com/762930
https://crbug.com/760455
https://crbug.com/765384
https://crbug.com/765469
https://crbug.com/765495
https://crbug.com/718858
https://crbug.com/762106
https://security.archlinux.org/CVE-2017-15386
https://security.archlinux.org/CVE-2017-15387
https://security.archlinux.org/CVE-2017-15388
https://security.archlinux.org/CVE-2017-15390
https://security.archlinux.org/CVE-2017-15392
https://security.archlinux.org/CVE-2017-15394
https://security.archlinux.org/CVE-2017-5124
https://security.archlinux.org/CVE-2017-5126
https://security.archlinux.org/CVE-2017-5127
https://security.archlinux.org/CVE-2017-5128
https://security.archlinux.org/CVE-2017-5129
https://security.archlinux.org/CVE-2017-5132
https://security.archlinux.org/CVE-2017-5133
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.archlinux.org/pipermail/arch-security/attachments/20171213/e8c2d04c/attachment.asc>
More information about the arch-security
mailing list