[arch-security] [ASA-201703-4] chromium: multiple issues
Remi Gacogne
rgacogne at archlinux.org
Sat Mar 11 20:23:20 UTC 2017
Arch Linux Security Advisory ASA-201703-4
=========================================
Severity: Critical
Date : 2017-03-11
CVE-ID : CVE-2017-5029 CVE-2017-5030 CVE-2017-5031 CVE-2017-5032
CVE-2017-5033 CVE-2017-5034 CVE-2017-5035 CVE-2017-5036
CVE-2017-5037 CVE-2017-5038 CVE-2017-5039 CVE-2017-5040
CVE-2017-5042 CVE-2017-5043 CVE-2017-5044 CVE-2017-5045
CVE-2017-5046
Package : chromium
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-197
Summary
=======
The package chromium before version 57.0.2987.98-1 is vulnerable to
multiple issues including arbitrary code execution, content spoofing,
access restriction bypass and information disclosure.
Resolution
==========
Upgrade to 57.0.2987.98-1.
# pacman -Syu "chromium>=57.0.2987.98-1"
The problems have been fixed upstream in version 57.0.2987.98.
Workaround
==========
None.
Description
===========
- CVE-2017-5029 (arbitrary code execution)
An integer overflow issue has been found in libxslt, leading to an out
of bounds write on 64-bit systems.
- CVE-2017-5030 (arbitrary code execution)
A memory corruption flaw was found in the V8 component of the Chromium
browser.
- CVE-2017-5031 (arbitrary code execution)
A use-after-free flaw has been found in the ANGLE component of the
Chromium browser.
- CVE-2017-5032 (arbitrary code execution)
An out of bounds write flaw has been found in the PDFium component of
the Chromium browser.
- CVE-2017-5033 (access restriction bypass)
A flaw allowing to bypass the content security policy has been found in
the Blink component of the Chromium browser.
- CVE-2017-5034 (arbitrary code execution)
A use after free flaw has been found in the PDFium component of the
Chromium browser.
- CVE-2017-5035 (content spoofing)
An incorrect security ui flaw was found in the Omnibox component of the
Chromium browser.
- CVE-2017-5036 (arbitrary code execution)
A use after free flaw has been found in the PDFium component of the
Chromium browser.
- CVE-2017-5037 (arbitrary code execution)
Multiple out of bounds writes have been found in the ChunkDemuxer
component of the Chromium browser.
- CVE-2017-5038 (arbitrary code execution)
A use after free flaw has been found in the GuestView component of the
Chromium browser.
- CVE-2017-5039 (arbitrary code execution)
A use after free flaw has been found in the PDFium component of the
Chromium browser.
- CVE-2017-5040 (information disclosure)
An information disclosure flaw has been found in the V8 component of
the Chromium browser.
- CVE-2017-5042 (information disclosure)
An issue resulting from incorrect handling of cookies has been found in
the Cast component of the Chromium browser.
- CVE-2017-5043 (arbitrary code execution)
A use after free flaw has been found in the GuestView component of the
Chromium browser.
- CVE-2017-5044 (arbitrary code execution)
A heap overflow flaw has been found in the Skia component of the
Chromium browser.
- CVE-2017-5045 (information disclosure)
An information disclosure flaw has been found in the XSS Auditor
component of the Chromium browser.
- CVE-2017-5046 (information disclosure)
An information disclosure flaw has been found in the Blink component of
the Chromium browser.
Impact
======
A remote attacker can spoof an address in omnibox, bypass the content
security policy, access sensitive information and execute arbitrary
code on the affected host.
References
==========
https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html
https://git.gnome.org/browse/libxslt/commit/?id=08ab2774b870de1c7b5a48693df75e8154addae5
https://crbug.com/676623
https://crbug.com/682194
https://crbug.com/682020
https://crbug.com/668724
https://crbug.com/669086
https://crbug.com/678461
https://crbug.com/688425
https://crbug.com/691371
https://crbug.com/679640
https://crbug.com/695476
https://crbug.com/679649
https://crbug.com/691323
https://crbug.com/671932
https://crbug.com/683523
https://crbug.com/688987
https://crbug.com/667079
https://crbug.com/680409
https://security.archlinux.org/CVE-2017-5029
https://security.archlinux.org/CVE-2017-5030
https://security.archlinux.org/CVE-2017-5031
https://security.archlinux.org/CVE-2017-5032
https://security.archlinux.org/CVE-2017-5033
https://security.archlinux.org/CVE-2017-5034
https://security.archlinux.org/CVE-2017-5035
https://security.archlinux.org/CVE-2017-5036
https://security.archlinux.org/CVE-2017-5037
https://security.archlinux.org/CVE-2017-5038
https://security.archlinux.org/CVE-2017-5039
https://security.archlinux.org/CVE-2017-5040
https://security.archlinux.org/CVE-2017-5042
https://security.archlinux.org/CVE-2017-5043
https://security.archlinux.org/CVE-2017-5044
https://security.archlinux.org/CVE-2017-5045
https://security.archlinux.org/CVE-2017-5046
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/arch-security/attachments/20170311/64d6c79d/attachment.asc>
More information about the arch-security
mailing list