[arch-security] [ASA-201702-2] qt5-webengine: multiple issues

Remi Gacogne rgacogne at archlinux.org
Thu Feb 2 20:39:22 UTC 2017


Arch Linux Security Advisory ASA-201702-2
=========================================

Severity: High
Date    : 2017-02-02
CVE-ID  : CVE-2016-5182 CVE-2016-5183 CVE-2016-5189 CVE-2016-5199
          CVE-2016-5201 CVE-2016-5203 CVE-2016-5204 CVE-2016-5205
          CVE-2016-5206 CVE-2016-5207 CVE-2016-5208 CVE-2016-5210
          CVE-2016-5211 CVE-2016-5212 CVE-2016-5213 CVE-2016-5214
          CVE-2016-5215 CVE-2016-5216 CVE-2016-5217 CVE-2016-5218
          CVE-2016-5219 CVE-2016-5221 CVE-2016-5222 CVE-2016-5223
          CVE-2016-5224 CVE-2016-5225 CVE-2016-9650 CVE-2016-9651
Package : qt5-webengine
Type    : multiple issues
Remote  : Yes
Link    : https://security.archlinux.org/AVG-162

Summary
=======

The package qt5-webengine before version 5.8.0-1 is vulnerable to
multiple issues including access restriction bypass, arbitrary code
execution, arbitrary filesystem access, cross-site scripting, same-
origin policy bypass, content spoofing, information disclosure and
insufficient validation.

Resolution
==========

Upgrade to 5.8.0-1.

# pacman -Syu "qt5-webengine>=5.8.0-1"

The problems have been fixed upstream in version 5.8.0.

Workaround
==========

None.

Description
===========

- CVE-2016-5182 (arbitrary code execution)

A heap overflow flaw was found in the Blink component of the Chromium
browser.

- CVE-2016-5183 (arbitrary code execution)

An use after free flaw was found in the PDFium component of the
Chromium browser.

- CVE-2016-5189 (content spoofing)

An URL spoofing flaw was found in the Chromium browser.

- CVE-2016-5199 (arbitrary code execution)

FFMPEG MP4 decoder contains an off-by-one error resulting in an
allocation of size 0, followed by corrupting an arbitrary number of
pointers out of bounds on the heap, where each is pointing to
controllable or uninitialized data. A remote attacker can potentially
use this flaw to exploit heap corruption via a crafted video file.

- CVE-2016-5201 (information disclosure)

An information disclosure flaw was found in the extensions component of
the Chromium browser before 54.0.2840.100.

- CVE-2016-5203 (arbitrary code execution)

An use after free flaw was found in the PDFium component of the
Chromium browser.

- CVE-2016-5204 (cross-site scripting)

An universal XSS flaw was found in the Blink component of the Chromium
browser.

- CVE-2016-5205 (cross-site scripting)

An universal XSS flaw was found in the Blink component of the Chromium
browser.

- CVE-2016-5206 (same-origin policy bypass)

A same-origin bypass flaw was found in the PDFium component of the
Chromium browser.

- CVE-2016-5207 (cross-site scripting)

An universal XSS flaw was found in the Blink component of the Chromium
browser.

- CVE-2016-5208 (cross-site scripting)

An universal XSS flaw was found in the Blink component of the Chromium
browser.

- CVE-2016-5210 (arbitrary code execution)

An out of bounds write flaw was found in the PDFium component of the
Chromium browser.

- CVE-2016-5211 (arbitrary code execution)

An use after free flaw was found in the PDFium component of the
Chromium browser.

- CVE-2016-5212 (arbitrary filesystem access)

A local file disclosure flaw was found in the DevTools component of the
Chromium browser.

- CVE-2016-5213 (arbitrary code execution)

An use after free flaw was found in the V8 component of the Chromium
browser.

- CVE-2016-5214 (insufficient validation)

A file download protection bypass was discovered in the Chromium
browser.

- CVE-2016-5215 (arbitrary code execution)

An use after free flaw was found in the Webaudio component of the
Chromium browser.

- CVE-2016-5216 (arbitrary code execution)

An use after free flaw was found in the PDFium component of the
Chromium browser.

- CVE-2016-5217 (insufficient validation)

An use of unvalidated data flaw was found in the PDFium component of
the Chromium browser.

- CVE-2016-5218 (content spoofing)

An address spoofing flaw was found in the Omnibox component of the
Chromium browser.

- CVE-2016-5219 (arbitrary code execution)

An use after free flaw was found in the V8 component of the Chromium
browser.

- CVE-2016-5221 (arbitrary code execution)

An integer overflow flaw was found in the ANGLE component of the
Chromium browser.

- CVE-2016-5222 (content spoofing)

An address spoofing flaw was found in the Omnibox component of the
Chromium browser.

- CVE-2016-5223 (arbitrary code execution)

An integer overflow flaw was found in the PDFium component of the
Chromium browser.

- CVE-2016-5224 (same-origin policy bypass)

A same-origin bypass flaw was found in the SVG component of the
Chromium browser.

- CVE-2016-5225 (access restriction bypass)

A CSP bypass flaw was found in the Blink component of the Chromium
browser.

- CVE-2016-9650 (information disclosure)

A CSP referrer disclosure vulnerability has been discovered in the
Chromium browser.

- CVE-2016-9651 (access restriction bypass)

A private property access flaw was found in the V8 component of the
Chromium browser.

Impact
======

A remote attacker might be able to bypass access restrictions, access
sensitive information or files, and execute arbitrary code on the
affected host.

References
==========

https://code.qt.io/cgit/qt/qtwebengine.git/tree/dist/changes-5.8.0
https://googlechromereleases.blogspot.fr/2016/10/stable-channel-update-for-desktop.html
https://chromereleases.googleblog.com/2016/11/stable-channel-update-for-desktop_9.html
https://bugs.chromium.org/p/chromium/issues/detail?id=643948
https://bugs.chromium.org/p/chromium/issues/detail?id=660678
https://googlechromereleases.blogspot.fr/2016/12/stable-channel-update-for-desktop.html
https://security.archlinux.org/CVE-2016-5182
https://security.archlinux.org/CVE-2016-5183
https://security.archlinux.org/CVE-2016-5189
https://security.archlinux.org/CVE-2016-5199
https://security.archlinux.org/CVE-2016-5201
https://security.archlinux.org/CVE-2016-5203
https://security.archlinux.org/CVE-2016-5204
https://security.archlinux.org/CVE-2016-5205
https://security.archlinux.org/CVE-2016-5206
https://security.archlinux.org/CVE-2016-5207
https://security.archlinux.org/CVE-2016-5208
https://security.archlinux.org/CVE-2016-5210
https://security.archlinux.org/CVE-2016-5211
https://security.archlinux.org/CVE-2016-5212
https://security.archlinux.org/CVE-2016-5213
https://security.archlinux.org/CVE-2016-5214
https://security.archlinux.org/CVE-2016-5215
https://security.archlinux.org/CVE-2016-5216
https://security.archlinux.org/CVE-2016-5217
https://security.archlinux.org/CVE-2016-5218
https://security.archlinux.org/CVE-2016-5219
https://security.archlinux.org/CVE-2016-5221
https://security.archlinux.org/CVE-2016-5222
https://security.archlinux.org/CVE-2016-5223
https://security.archlinux.org/CVE-2016-5224
https://security.archlinux.org/CVE-2016-5225
https://security.archlinux.org/CVE-2016-9650
https://security.archlinux.org/CVE-2016-9651

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/arch-security/attachments/20170202/4510f33b/attachment.asc>


More information about the arch-security mailing list