Arch Linux Security Advisory ASA-201612-18
=========================================
Severity: Critical
Date    : 2016-12-17
CVE-ID  : CVE-2016-5133 CVE-2016-5147 CVE-2016-5153 CVE-2016-5155
          CVE-2016-5161 CVE-2016-5166 CVE-2016-5170 CVE-2016-5171
          CVE-2016-5172 CVE-2016-5181 CVE-2016-5185 CVE-2016-5186
          CVE-2016-5187 CVE-2016-5188 CVE-2016-5192 CVE-2016-5198
Package : qt5-webengine
Type    : multiple issues
Remote  : Yes
Link    : https://wiki.archlinux.org/title/CVE

Summary
======
The package qt5-webengine before version 5.7.1-1 is vulnerable to
multiple issues including arbitrary code execution, content spoofing,
cross-site scripting, information disclosure and same-origin policy
bypass.

Resolution
=========
Upgrade to 5.7.1-1.

# pacman -Syu "qt5-webengine>=5.7.1-1"

The problems have been fixed upstream in version 5.7.1.

Workaround
=========
None.

Description
==========
- CVE-2016-5133 (content spoofing)

Google Chrome before 52.0.2743.82 mishandles origin information during
proxy authentication, which allows man-in-the-middle attackers to spoof
a proxy-authentication login prompt or trigger incorrect credential
storage by modifying the client-server data stream.

- CVE-2016-5147 (cross-site scripting)

Blink, as used in Google Chrome, mishandles deferred page loads, which
allows remote attackers to inject arbitrary web script or HTML via a
crafted web site, aka "Universal XSS (UXSS)."

- CVE-2016-5153 (arbitrary code execution)

The Web Animations implementation in Blink improperly relies on list
iteration, which allows remote attackers to cause a denial of service
(use-after-destruction) or possibly have unspecified other impact via a
crafted web site.

- CVE-2016-5155 (content spoofing)

Chromium does not properly validate access to the initial document,
which allows remote attackers to spoof the address bar via a crafted
web site.

- CVE-2016-5161 (information disclosure)

The EditingStyle::mergeStyle function in
WebKit/Source/core/editing/EditingStyle.cpp in Blink mishandles custom
properties, which allows remote attackers to cause a denial of service
or possibly have unspecified other impact via a crafted web site that
leverages "type confusion" in the StylePropertySerializer class.

- CVE-2016-5166 (information disclosure)

The download implementation in Chromium does not properly restrict
saving a file:// URL that is referenced by an http:// URL, which makes
it easier for user-assisted remote attackers to discover NetNTLM hashes
and conduct SMB relay attacks via a crafted web page that is accessed
with the "Save page as" menu choice.

- CVE-2016-5170 (arbitrary code execution)

WebKit/Source/bindings/modules/v8/V8BindingForModules.cpp in Blink does
not properly consider getter side effects during array key conversion,
which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted Indexed
Database (aka IndexedDB) API calls.

- CVE-2016-5171 (arbitrary code execution)

WebKit/Source/bindings/templates/interface.cpp in Blink does not
prevent certain constructor calls, which allows remote attackers to
cause a denial of service (use-after-free) or possibly have unspecified
other impact via crafted JavaScript code.

- CVE-2016-5172 (information disclosure)

The parser in Google V8 mishandles scopes, which allows remote
attackers to obtain sensitive information from arbitrary memory
locations via crafted JavaScript code.

- CVE-2016-5181 (cross-site scripting)

An universal XSS flaw was found in the Blink component of the Chromium
browser.

- CVE-2016-5185 (arbitrary code execution)

An use after free flaw was found in the Blink component of the Chromium
browser.

- CVE-2016-5186 (information disclosure)

An out of bounds read flaw was found in the DevTools component of the
Chromium browser.

- CVE-2016-5187 (content spoofing)

An URL spoofing flaw was found in the Chromium browser.

- CVE-2016-5188 (content spoofing)

An UI spoofing flaw was found in the Chromium browser.

- CVE-2016-5192 (same-origin policy bypass)

A cross-origin bypass flaw was found in the Blink component of the
Chromium browser.

- CVE-2016-5198 (arbitrary code execution)

An out of bounds memory access flaw was found in the V8 component of
the Chromium browser.

Impact
=====
A remote attacker can access sensitive information, spoof content,
bypass security measures or execute arbitrary code on the affected
host.

References
=========
https://code.qt.io/cgit/qt/qtwebengine.git/tree/dist/changes-5.7.1?h=5.7
https://bugs.chromium.org/p/chromium/issues/detail?id=613626
https://bugs.chromium.org/p/chromium/issues/detail?id=628942
https://bugs.chromium.org/p/chromium/issues/detail?id=631052
https://bugs.chromium.org/p/chromium/issues/detail?id=630662
https://bugzilla.redhat.com/show_bug.cgi?id=1372216
https://bugs.chromium.org/p/chromium/issues/detail?id=622420
https://bugs.chromium.org/p/chromium/issues/detail?id=616429
https://bugs.chromium.org/p/chromium/issues/detail?id=641101
https://bugs.chromium.org/p/chromium/issues/detail?id=643357
https://chromereleases.googleblog.com/2016/09/stable-channel-update-for-desktop_13.html
https://bugs.chromium.org/p/chromium/issues/detail?id=616386
https://chromereleases.googleblog.com/2016/10/stable-channel-update-for-desktop.html
https://chromereleases.googleblog.com/2016/11/stable-channel-update-for-desktop.html
https://bugs.chromium.org/p/chromium/issues/detail?id=659475
https://access.redhat.com/security/cve/CVE-2016-5133
https://access.redhat.com/security/cve/CVE-2016-5147
https://access.redhat.com/security/cve/CVE-2016-5153
https://access.redhat.com/security/cve/CVE-2016-5155
https://access.redhat.com/security/cve/CVE-2016-5161
https://access.redhat.com/security/cve/CVE-2016-5166
https://access.redhat.com/security/cve/CVE-2016-5170
https://access.redhat.com/security/cve/CVE-2016-5171
https://access.redhat.com/security/cve/CVE-2016-5172
https://access.redhat.com/security/cve/CVE-2016-5181
https://access.redhat.com/security/cve/CVE-2016-5185
https://access.redhat.com/security/cve/CVE-2016-5186
https://access.redhat.com/security/cve/CVE-2016-5187
https://access.redhat.com/security/cve/CVE-2016-5188
https://access.redhat.com/security/cve/CVE-2016-5192
https://access.redhat.com/security/cve/CVE-2016-5198

ArchLinux: 201612-18: qt5-webengine: multiple issues

December 17, 2016

Summary

- CVE-2016-5133 (content spoofing) Google Chrome before 52.0.2743.82 mishandles origin information during proxy authentication, which allows man-in-the-middle attackers to spoof a proxy-authentication login prompt or trigger incorrect credential storage by modifying the client-server data stream.
- CVE-2016-5147 (cross-site scripting)
Blink, as used in Google Chrome, mishandles deferred page loads, which allows remote attackers to inject arbitrary web script or HTML via a crafted web site, aka "Universal XSS (UXSS)."
- CVE-2016-5153 (arbitrary code execution)
The Web Animations implementation in Blink improperly relies on list iteration, which allows remote attackers to cause a denial of service (use-after-destruction) or possibly have unspecified other impact via a crafted web site.
- CVE-2016-5155 (content spoofing)
Chromium does not properly validate access to the initial document, which allows remote attackers to spoof the address bar via a crafted web site.
- CVE-2016-5161 (information disclosure)
The EditingStyle::mergeStyle function in WebKit/Source/core/editing/EditingStyle.cpp in Blink mishandles custom properties, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted web site that leverages "type confusion" in the StylePropertySerializer class.
- CVE-2016-5166 (information disclosure)
The download implementation in Chromium does not properly restrict saving a file:// URL that is referenced by an http:// URL, which makes it easier for user-assisted remote attackers to discover NetNTLM hashes and conduct SMB relay attacks via a crafted web page that is accessed with the "Save page as" menu choice.
- CVE-2016-5170 (arbitrary code execution)
WebKit/Source/bindings/modules/v8/V8BindingForModules.cpp in Blink does not properly consider getter side effects during array key conversion, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted Indexed Database (aka IndexedDB) API calls.
- CVE-2016-5171 (arbitrary code execution)
WebKit/Source/bindings/templates/interface.cpp in Blink does not prevent certain constructor calls, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted JavaScript code.
- CVE-2016-5172 (information disclosure)
The parser in Google V8 mishandles scopes, which allows remote attackers to obtain sensitive information from arbitrary memory locations via crafted JavaScript code.
- CVE-2016-5181 (cross-site scripting)
An universal XSS flaw was found in the Blink component of the Chromium browser.
- CVE-2016-5185 (arbitrary code execution)
An use after free flaw was found in the Blink component of the Chromium browser.
- CVE-2016-5186 (information disclosure)
An out of bounds read flaw was found in the DevTools component of the Chromium browser.
- CVE-2016-5187 (content spoofing)
An URL spoofing flaw was found in the Chromium browser.
- CVE-2016-5188 (content spoofing)
An UI spoofing flaw was found in the Chromium browser.
- CVE-2016-5192 (same-origin policy bypass)
A cross-origin bypass flaw was found in the Blink component of the Chromium browser.
- CVE-2016-5198 (arbitrary code execution)
An out of bounds memory access flaw was found in the V8 component of the Chromium browser.

Resolution

Upgrade to 5.7.1-1. # pacman -Syu "qt5-webengine>=5.7.1-1"
The problems have been fixed upstream in version 5.7.1.

References

https://code.qt.io/cgit/qt/qtwebengine.git/tree/dist/changes-5.7.1?h=5.7 https://bugs.chromium.org/p/chromium/issues/detail?id=613626 https://bugs.chromium.org/p/chromium/issues/detail?id=628942 https://bugs.chromium.org/p/chromium/issues/detail?id=631052 https://bugs.chromium.org/p/chromium/issues/detail?id=630662 https://bugzilla.redhat.com/show_bug.cgi?id=1372216 https://bugs.chromium.org/p/chromium/issues/detail?id=622420 https://bugs.chromium.org/p/chromium/issues/detail?id=616429 https://bugs.chromium.org/p/chromium/issues/detail?id=641101 https://bugs.chromium.org/p/chromium/issues/detail?id=643357 https://chromereleases.googleblog.com/2016/09/stable-channel-update-for-desktop_13.html https://bugs.chromium.org/p/chromium/issues/detail?id=616386 https://chromereleases.googleblog.com/2016/10/stable-channel-update-for-desktop.html https://chromereleases.googleblog.com/2016/11/stable-channel-update-for-desktop.html https://bugs.chromium.org/p/chromium/issues/detail?id=659475 https://access.redhat.com/security/cve/CVE-2016-5133 https://access.redhat.com/security/cve/CVE-2016-5147 https://access.redhat.com/security/cve/CVE-2016-5153 https://access.redhat.com/security/cve/CVE-2016-5155 https://access.redhat.com/security/cve/CVE-2016-5161 https://access.redhat.com/security/cve/CVE-2016-5166 https://access.redhat.com/security/cve/CVE-2016-5170 https://access.redhat.com/security/cve/CVE-2016-5171 https://access.redhat.com/security/cve/CVE-2016-5172 https://access.redhat.com/security/cve/CVE-2016-5181 https://access.redhat.com/security/cve/CVE-2016-5185 https://access.redhat.com/security/cve/CVE-2016-5186 https://access.redhat.com/security/cve/CVE-2016-5187 https://access.redhat.com/security/cve/CVE-2016-5188 https://access.redhat.com/security/cve/CVE-2016-5192 https://access.redhat.com/security/cve/CVE-2016-5198

Severity
CVE-2016-5161 CVE-2016-5166 CVE-2016-5170 CVE-2016-5171
CVE-2016-5172 CVE-2016-5181 CVE-2016-5185 CVE-2016-5186
CVE-2016-5187 CVE-2016-5188 CVE-2016-5192 CVE-2016-5198
Package : qt5-webengine
Type : multiple issues
Remote : Yes
Link : https://wiki.archlinux.org/title/CVE

Workaround

None.

Related News

22.Lock ScreenEffect Esm H320
2 - 3 min read
Red Hat recently released its newest enterprise Linux distro, Red Hat Enterprise Linux (RHEL) 9.4 , which introduces several features designed to
8.Locks HexConnections CodeGlobe Esm H320
1 - 2 min read
The latest release of Debian , one of the oldest and most trusted distributions within the Linux ecosystem, redefines security, stability, and
20.Lock AbstractDigital Circular Esm H320
1 - 2 min read
The Ubuntu security team has recently discovered and addressed multiple vulnerabilities in the Apache HTTP Server. The vulnerabilities affected
1.Penguin Landscape Esm H320
1 - 2 min read
A critical vulnerability was discovered in the Linux kernel's netfilter subsystem, specifically within the nf_tables component, posing potential
19.Laptop Bed Esm H320
2 - 3 min read
The release of Google Chrome 124 addresses four vulnerabilities, including a critical security flaw that can enable attackers to execute arbitrary
23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved