[arch-security] [ASA-201701-33] chromium: multiple issues

Remi Gacogne rgacogne at archlinux.org
Fri Jan 27 18:02:05 UTC 2017


Arch Linux Security Advisory ASA-201701-33
==========================================

Severity: Critical
Date    : 2017-01-27
CVE-ID  : CVE-2017-5006 CVE-2017-5007 CVE-2017-5008 CVE-2017-5009
          CVE-2017-5010 CVE-2017-5011 CVE-2017-5012 CVE-2017-5013
          CVE-2017-5014 CVE-2017-5015 CVE-2017-5016 CVE-2017-5017
          CVE-2017-5018 CVE-2017-5019 CVE-2017-5020 CVE-2017-5021
          CVE-2017-5022 CVE-2017-5023 CVE-2017-5024 CVE-2017-5025
          CVE-2017-5026
Package : chromium
Type    : multiple issues
Remote  : Yes
Link    : https://security.archlinux.org/AVG-156

Summary
=======

The package chromium before version 56.0.2924.76-1 is vulnerable to
multiple issues including arbitrary code execution, arbitrary
filesystem access, cross-site scripting, content spoofing, information
disclosure, access restriction bypass and denial of service.

Resolution
==========

Upgrade to 56.0.2924.76-1.

# pacman -Syu "chromium>=56.0.2924.76-1"

The problems have been fixed upstream in version 56.0.2924.76.

Workaround
==========

None.

Description
===========

- CVE-2017-5006 (cross-site scripting)

An universal XSS flaw was found in the Blink component of the Chromium
browser.

- CVE-2017-5007 (cross-site scripting)

An universal XSS flaw was found in the Blink component of the Chromium
browser.

- CVE-2017-5008 (cross-site scripting)

An universal XSS flaw was found in the Blink component of the Chromium
browser.

- CVE-2017-5009 (arbitrary code execution)

An out of bounds memory access flaw was found in the WebRTC component
of the Chromium browser.

- CVE-2017-5010 (cross-site scripting)

An universal XSS flaw was found in the Blink component of the Chromium
browser.

- CVE-2017-5011 (arbitrary filesystem access)

An unauthorised file access flaw was found in the Devtools component of
the Chromium browser.

- CVE-2017-5012 (arbitrary code execution)

A heap overflow flaw was found in the V8 component of the Chromium
browser.

- CVE-2017-5013 (content spoofing)

An address spoofing flaw was found in the Omnibox component of the
Chromium browser

- CVE-2017-5014 (arbitrary code execution)

A heap overflow flaw was found in the Skia component of the Chromium
browser.

- CVE-2017-5015 (content spoofing)

An address spoofing flaw was found in the Omnibox component of the
Chromium browser.

- CVE-2017-5016 (content spoofing)

An UI spoofing flaw was found in the Blink component of the Chromium
browser.

- CVE-2017-5017 (information disclosure)

An uninitialised memory access flaw was found in the webm video
component of the Chromium browser.

- CVE-2017-5018 (cross-site scripting)

An universal XSS flaw was found in the chrome://apps component of the
Chromium browser.

- CVE-2017-5019 (arbitrary code execution)

An use after free flaw was found in the Renderer component of the
Chromium browser.

- CVE-2017-5020 (cross-site scripting)

An universal XSS flaw was found in the chrome://downloads component of
the Chromium browser.

- CVE-2017-5021 (arbitrary code execution)

A use-after-free flaw was found in the Extensions component of the
Chromium browser.

- CVE-2017-5022 (access restriction bypass)

A bypass of content security policy flaw was found in the Blink
component of the Chromium browser.

- CVE-2017-5023 (denial of service)

A type confusion flaw was found in the metrics component of the
Chromium browser.

- CVE-2017-5024 (arbitrary code execution)

A heap overflow flaw was found in the FFmpeg component of the Chromium
browser.

- CVE-2017-5025 (arbitrary code execution)

A heap overflow flaw was found in the FFmpeg component of the Chromium
browser.

- CVE-2017-5026 (content spoofing)

A UI spoofing flaw was found in the Chromium browser.

Impact
======

A remote attacker can access sensitive information and arbitrary files,
bypass security restrictions, spoof content and execute arbitrary code
on the affected host.

References
==========

https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html
https://bugzilla.redhat.com/show_bug.cgi?id=1416658
https://code.google.com/p/chromium/issues/detail?id=673170
https://code.google.com/p/chromium/issues/detail?id=671102
https://bugzilla.redhat.com/show_bug.cgi?id=1416657
https://bugzilla.redhat.com/show_bug.cgi?id=1416659
https://code.google.com/p/chromium/issues/detail?id=668552
https://bugzilla.redhat.com/show_bug.cgi?id=1416662
https://code.google.com/p/chromium/issues/detail?id=667504
https://bugzilla.redhat.com/show_bug.cgi?id=1416660
https://code.google.com/p/chromium/issues/detail?id=663476
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-5011
https://code.google.com/p/chromium/issues/detail?id=662859
https://bugzilla.redhat.com/show_bug.cgi?id=1416663
https://code.google.com/p/chromium/issues/detail?id=681843
https://code.google.com/p/chromium/issues/detail?id=677716
https://bugzilla.redhat.com/show_bug.cgi?id=1416664
https://bugzilla.redhat.com/show_bug.cgi?id=1416665
https://code.google.com/p/chromium/issues/detail?id=675332
https://bugzilla.redhat.com/show_bug.cgi?id=1416666
https://code.google.com/p/chromium/issues/detail?id=673971
https://bugzilla.redhat.com/show_bug.cgi?id=1416668
https://code.google.com/p/chromium/issues/detail?id=673163
https://bugzilla.redhat.com/show_bug.cgi?id=1416669
https://code.google.com/p/chromium/issues/detail?id=676975
https://bugzilla.redhat.com/show_bug.cgi?id=1416670
https://code.google.com/p/chromium/issues/detail?id=668665
https://bugzilla.redhat.com/show_bug.cgi?id=1416667
https://code.google.com/p/chromium/issues/detail?id=666714
https://bugzilla.redhat.com/show_bug.cgi?id=1416671
https://code.google.com/p/chromium/issues/detail?id=668653
https://bugzilla.redhat.com/show_bug.cgi?id=1416672
https://code.google.com/p/chromium/issues/detail?id=663726
https://bugzilla.redhat.com/show_bug.cgi?id=1416673
https://code.google.com/p/chromium/issues/detail?id=663620
https://bugzilla.redhat.com/show_bug.cgi?id=1416674
https://code.google.com/p/chromium/issues/detail?id=651443
https://bugzilla.redhat.com/show_bug.cgi?id=1416675
https://code.google.com/p/chromium/issues/detail?id=643951
https://code.google.com/p/chromium/issues/detail?id=643950
https://bugzilla.redhat.com/show_bug.cgi?id=1416676
https://code.google.com/p/chromium/issues/detail?id=634108
https://bugzilla.redhat.com/show_bug.cgi?id=1416677
https://security.archlinux.org/CVE-2017-5006
https://security.archlinux.org/CVE-2017-5007
https://security.archlinux.org/CVE-2017-5008
https://security.archlinux.org/CVE-2017-5009
https://security.archlinux.org/CVE-2017-5010
https://security.archlinux.org/CVE-2017-5011
https://security.archlinux.org/CVE-2017-5012
https://security.archlinux.org/CVE-2017-5013
https://security.archlinux.org/CVE-2017-5014
https://security.archlinux.org/CVE-2017-5015
https://security.archlinux.org/CVE-2017-5016
https://security.archlinux.org/CVE-2017-5017
https://security.archlinux.org/CVE-2017-5018
https://security.archlinux.org/CVE-2017-5019
https://security.archlinux.org/CVE-2017-5020
https://security.archlinux.org/CVE-2017-5021
https://security.archlinux.org/CVE-2017-5022
https://security.archlinux.org/CVE-2017-5023
https://security.archlinux.org/CVE-2017-5024
https://security.archlinux.org/CVE-2017-5025
https://security.archlinux.org/CVE-2017-5026

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/arch-security/attachments/20170127/3974d8aa/attachment.asc>


More information about the arch-security mailing list