ArchLinux: 201612-18: qt5-webengine: multiple issues
Summary
- CVE-2016-5133 (content spoofing)
Google Chrome before 52.0.2743.82 mishandles origin information during
proxy authentication, which allows man-in-the-middle attackers to spoof
a proxy-authentication login prompt or trigger incorrect credential
storage by modifying the client-server data stream.
- CVE-2016-5147 (cross-site scripting)
Blink, as used in Google Chrome, mishandles deferred page loads, which
allows remote attackers to inject arbitrary web script or HTML via a
crafted web site, aka "Universal XSS (UXSS)."
- CVE-2016-5153 (arbitrary code execution)
The Web Animations implementation in Blink improperly relies on list
iteration, which allows remote attackers to cause a denial of service
(use-after-destruction) or possibly have unspecified other impact via a
crafted web site.
- CVE-2016-5155 (content spoofing)
Chromium does not properly validate access to the initial document,
which allows remote attackers to spoof the address bar via a crafted
web site.
- CVE-2016-5161 (information disclosure)
The EditingStyle::mergeStyle function in
WebKit/Source/core/editing/EditingStyle.cpp in Blink mishandles custom
properties, which allows remote attackers to cause a denial of service
or possibly have unspecified other impact via a crafted web site that
leverages "type confusion" in the StylePropertySerializer class.
- CVE-2016-5166 (information disclosure)
The download implementation in Chromium does not properly restrict
saving a file:// URL that is referenced by an http:// URL, which makes
it easier for user-assisted remote attackers to discover NetNTLM hashes
and conduct SMB relay attacks via a crafted web page that is accessed
with the "Save page as" menu choice.
- CVE-2016-5170 (arbitrary code execution)
WebKit/Source/bindings/modules/v8/V8BindingForModules.cpp in Blink does
not properly consider getter side effects during array key conversion,
which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted Indexed
Database (aka IndexedDB) API calls.
- CVE-2016-5171 (arbitrary code execution)
WebKit/Source/bindings/templates/interface.cpp in Blink does not
prevent certain constructor calls, which allows remote attackers to
cause a denial of service (use-after-free) or possibly have unspecified
other impact via crafted JavaScript code.
- CVE-2016-5172 (information disclosure)
The parser in Google V8 mishandles scopes, which allows remote
attackers to obtain sensitive information from arbitrary memory
locations via crafted JavaScript code.
- CVE-2016-5181 (cross-site scripting)
An universal XSS flaw was found in the Blink component of the Chromium
browser.
- CVE-2016-5185 (arbitrary code execution)
An use after free flaw was found in the Blink component of the Chromium
browser.
- CVE-2016-5186 (information disclosure)
An out of bounds read flaw was found in the DevTools component of the
Chromium browser.
- CVE-2016-5187 (content spoofing)
An URL spoofing flaw was found in the Chromium browser.
- CVE-2016-5188 (content spoofing)
An UI spoofing flaw was found in the Chromium browser.
- CVE-2016-5192 (same-origin policy bypass)
A cross-origin bypass flaw was found in the Blink component of the
Chromium browser.
- CVE-2016-5198 (arbitrary code execution)
An out of bounds memory access flaw was found in the V8 component of
the Chromium browser.
Resolution
Upgrade to 5.7.1-1.
# pacman -Syu "qt5-webengine>=5.7.1-1"
The problems have been fixed upstream in version 5.7.1.
References
https://code.qt.io/cgit/qt/qtwebengine.git/tree/dist/changes-5.7.1?h=5.7 https://bugs.chromium.org/p/chromium/issues/detail?id=613626 https://bugs.chromium.org/p/chromium/issues/detail?id=628942 https://bugs.chromium.org/p/chromium/issues/detail?id=631052 https://bugs.chromium.org/p/chromium/issues/detail?id=630662 https://bugzilla.redhat.com/show_bug.cgi?id=1372216 https://bugs.chromium.org/p/chromium/issues/detail?id=622420 https://bugs.chromium.org/p/chromium/issues/detail?id=616429 https://bugs.chromium.org/p/chromium/issues/detail?id=641101 https://bugs.chromium.org/p/chromium/issues/detail?id=643357 https://chromereleases.googleblog.com/2016/09/stable-channel-update-for-desktop_13.html https://bugs.chromium.org/p/chromium/issues/detail?id=616386 https://chromereleases.googleblog.com/2016/10/stable-channel-update-for-desktop.html https://chromereleases.googleblog.com/2016/11/stable-channel-update-for-desktop.html https://bugs.chromium.org/p/chromium/issues/detail?id=659475 https://access.redhat.com/security/cve/CVE-2016-5133 https://access.redhat.com/security/cve/CVE-2016-5147 https://access.redhat.com/security/cve/CVE-2016-5153 https://access.redhat.com/security/cve/CVE-2016-5155 https://access.redhat.com/security/cve/CVE-2016-5161 https://access.redhat.com/security/cve/CVE-2016-5166 https://access.redhat.com/security/cve/CVE-2016-5170 https://access.redhat.com/security/cve/CVE-2016-5171 https://access.redhat.com/security/cve/CVE-2016-5172 https://access.redhat.com/security/cve/CVE-2016-5181 https://access.redhat.com/security/cve/CVE-2016-5185 https://access.redhat.com/security/cve/CVE-2016-5186 https://access.redhat.com/security/cve/CVE-2016-5187 https://access.redhat.com/security/cve/CVE-2016-5188 https://access.redhat.com/security/cve/CVE-2016-5192 https://access.redhat.com/security/cve/CVE-2016-5198
Workaround
None.