[manjaro-security] [arch-security] [ASA-201703-4] chromium: multiple issues

Remi Gacogne rgacogne at archlinux.org
Sat Mar 11 21:23:20 CET 2017 

Arch Linux Security Advisory ASA-201703-4
=========================================

Severity: Critical
Date    : 2017-03-11
CVE-ID  : CVE-2017-5029 CVE-2017-5030 CVE-2017-5031 CVE-2017-5032
          CVE-2017-5033 CVE-2017-5034 CVE-2017-5035 CVE-2017-5036
          CVE-2017-5037 CVE-2017-5038 CVE-2017-5039 CVE-2017-5040
          CVE-2017-5042 CVE-2017-5043 CVE-2017-5044 CVE-2017-5045
          CVE-2017-5046
Package : chromium
Type    : multiple issues
Remote  : Yes
Link    : https://security.archlinux.org/AVG-197

Summary
=======

The package chromium before version 57.0.2987.98-1 is vulnerable to
multiple issues including arbitrary code execution, content spoofing,
access restriction bypass and information disclosure.

Resolution
==========

Upgrade to 57.0.2987.98-1.

# pacman -Syu "chromium>=57.0.2987.98-1"

The problems have been fixed upstream in version 57.0.2987.98.

Workaround
==========

None.

Description
===========

- CVE-2017-5029 (arbitrary code execution)

An integer overflow issue has been found in libxslt, leading to an out
of bounds write on 64-bit systems.

- CVE-2017-5030 (arbitrary code execution)

A memory corruption flaw was found in the V8 component of the Chromium
browser.

- CVE-2017-5031 (arbitrary code execution)

A use-after-free flaw has been found in the ANGLE component of the
Chromium browser.

- CVE-2017-5032 (arbitrary code execution)

An out of bounds write flaw has been found in the PDFium component of
the Chromium browser.

- CVE-2017-5033 (access restriction bypass)

A flaw allowing to bypass the content security policy has been found in
the Blink component of the Chromium browser.

- CVE-2017-5034 (arbitrary code execution)

A use after free flaw has been found in the PDFium component of the
Chromium browser.

- CVE-2017-5035 (content spoofing)

An incorrect security ui flaw was found in the Omnibox component of the
Chromium browser.

- CVE-2017-5036 (arbitrary code execution)

A use after free flaw has been found in the PDFium component of the
Chromium browser.

- CVE-2017-5037 (arbitrary code execution)

Multiple out of bounds writes have been found in the ChunkDemuxer
component of the Chromium browser.

- CVE-2017-5038 (arbitrary code execution)

A use after free flaw has been found in the GuestView component of the
Chromium browser.

- CVE-2017-5039 (arbitrary code execution)

A use after free flaw has been found in the PDFium component of the
Chromium browser.

- CVE-2017-5040 (information disclosure)

An information disclosure flaw has been found in the V8 component of
the Chromium browser.

- CVE-2017-5042 (information disclosure)

An issue resulting from incorrect handling of cookies has been found in
the Cast component of the Chromium browser.

- CVE-2017-5043 (arbitrary code execution)

A use after free flaw has been found in the GuestView component of the
Chromium browser.

- CVE-2017-5044 (arbitrary code execution)

A heap overflow flaw has been found in the Skia component of the
Chromium browser.

- CVE-2017-5045 (information disclosure)

An information disclosure flaw has been found in the XSS Auditor
component of the Chromium browser.

- CVE-2017-5046 (information disclosure)

An information disclosure flaw has been found in the Blink component of
the Chromium browser.

Impact
======

A remote attacker can spoof an address in omnibox, bypass the content
security policy, access sensitive information and execute arbitrary
code on the affected host.

References
==========

https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html
https://git.gnome.org/browse/libxslt/commit/?id=08ab2774b870de1c7b5a48693df75e8154addae5
https://crbug.com/676623
https://crbug.com/682194
https://crbug.com/682020
https://crbug.com/668724
https://crbug.com/669086
https://crbug.com/678461
https://crbug.com/688425
https://crbug.com/691371
https://crbug.com/679640
https://crbug.com/695476
https://crbug.com/679649
https://crbug.com/691323
https://crbug.com/671932
https://crbug.com/683523
https://crbug.com/688987
https://crbug.com/667079
https://crbug.com/680409
https://security.archlinux.org/CVE-2017-5029
https://security.archlinux.org/CVE-2017-5030
https://security.archlinux.org/CVE-2017-5031
https://security.archlinux.org/CVE-2017-5032
https://security.archlinux.org/CVE-2017-5033
https://security.archlinux.org/CVE-2017-5034
https://security.archlinux.org/CVE-2017-5035
https://security.archlinux.org/CVE-2017-5036
https://security.archlinux.org/CVE-2017-5037
https://security.archlinux.org/CVE-2017-5038
https://security.archlinux.org/CVE-2017-5039
https://security.archlinux.org/CVE-2017-5040
https://security.archlinux.org/CVE-2017-5042
https://security.archlinux.org/CVE-2017-5043
https://security.archlinux.org/CVE-2017-5044
https://security.archlinux.org/CVE-2017-5045
https://security.archlinux.org/CVE-2017-5046

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.manjaro.org/pipermail/manjaro-security/attachments/20170311/64d6c79d/attachment.pgp>

More information about the manjaro-security mailing list