Arch Linux Security Advisory ASA-201612-3
========================================
Severity: Critical
Date    : 2016-12-03
CVE-ID  : CVE-2016-5203 CVE-2016-5204 CVE-2016-5205 CVE-2016-5206
          CVE-2016-5207 CVE-2016-5208 CVE-2016-5209 CVE-2016-5210
          CVE-2016-5211 CVE-2016-5212 CVE-2016-5213 CVE-2016-5214
          CVE-2016-5215 CVE-2016-5216 CVE-2016-5217 CVE-2016-5218
          CVE-2016-5219 CVE-2016-5220 CVE-2016-5221 CVE-2016-5222
          CVE-2016-5223 CVE-2016-5224 CVE-2016-5225 CVE-2016-5226
          CVE-2016-9650 CVE-2016-9651 CVE-2016-9652
Package : chromium
Type    : multiple issues
Remote  : Yes
Link    : https://wiki.archlinux.org/title/CVE

Summary
======
The package chromium before version 55.0.2883.75-1 is vulnerable to
multiple issues including arbitrary code execution, access restriction
bypass, arbitrary filesystem access, cross-site scripting, same-origin
policy bypass, content spoofing, insufficient validation and
information disclosure.

Resolution
=========
Upgrade to 55.0.2883.75-1.

# pacman -Syu "chromium>=55.0.2883.75-1"

The problems have been fixed upstream in version 55.0.2883.75.

Workaround
=========
None.

Description
==========
- CVE-2016-5203 (arbitrary code execution)

An use after free flaw was found in the PDFium component of the
Chromium browser.

- CVE-2016-5204 (cross-site scripting)

An universal XSS flaw was found in the Blink component of the Chromium
browser.

- CVE-2016-5205 (cross-site scripting)

An universal XSS flaw was found in the Blink component of the Chromium
browser.

- CVE-2016-5206 (same-origin policy bypass)

A same-origin bypass flaw was found in the PDFium component of the
Chromium browser.

- CVE-2016-5207 (cross-site scripting)

An universal XSS flaw was found in the Blink component of the Chromium
browser.

- CVE-2016-5208 (cross-site scripting)

An universal XSS flaw was found in the Blink component of the Chromium
browser.

- CVE-2016-5209 (arbitrary code execution)

An out of bounds write flaw was found in the Blink component of the
Chromium browser.

- CVE-2016-5210 (arbitrary code execution)

An out of bounds write flaw was found in the PDFium component of the
Chromium browser.

- CVE-2016-5211 (arbitrary code execution)

An use after free flaw was found in the PDFium component of the
Chromium browser.

- CVE-2016-5212 (arbitrary filesystem access)

A local file disclosure flaw was found in the DevTools component of the
Chromium browser.

- CVE-2016-5213 (arbitrary code execution)

An use after free flaw was found in the V8 component of the Chromium
browser.

- CVE-2016-5214 (insufficient validation)

A file download protection bypass was discovered in the Chromium
browser.

- CVE-2016-5215 (arbitrary code execution)

An use after free flaw was found in the Webaudio component of the
Chromium browser.

- CVE-2016-5216 (arbitrary code execution)

An use after free flaw was found in the PDFium component of the
Chromium browser.

- CVE-2016-5217 (insufficient validation)

An use of unvalidated data flaw was found in the PDFium component of
the Chromium browser.

- CVE-2016-5218 (content spoofing)

An address spoofing flaw was found in the Omnibox component of the
Chromium browser.

- CVE-2016-5219 (arbitrary code execution)

An use after free flaw was found in the V8 component of the Chromium
browser.

- CVE-2016-5220 (arbitrary filesystem access)

A local file access flaw was found in the PDFium component of the
Chromium browser.

- CVE-2016-5221 (arbitrary code execution)

An integer overflow flaw was found in the ANGLE component of the
Chromium browser.

- CVE-2016-5222 (content spoofing)

An address spoofing flaw was found in the Omnibox component of the
Chromium browser.

- CVE-2016-5223 (arbitrary code execution)

An integer overflow flaw was found in the PDFium component of the
Chromium browser.

- CVE-2016-5224 (same-origin policy bypass)

A same-origin bypass flaw was found in the SVG component of the
Chromium browser.

- CVE-2016-5225 (access restriction bypass)

A CSP bypass flaw was found in the Blink component of the Chromium
browser.

- CVE-2016-5226 (cross-site scripting)

A limited XSS flaw was found in the Blink component of the Chromium
browser.

- CVE-2016-9650 (information disclosure)

A CSP referrer disclosure vulnerability has been discovered in the
Chromium browser.

- CVE-2016-9651 (access restriction bypass)

A private property access flaw was found in the V8 component of the
Chromium browser.

- CVE-2016-9652 (arbitrary code execution)

Various fixes from internal audits, fuzzing and other initiatives.

Impact
=====
A remote attacker can bypass various restrictions, access sensitive
information, spoof certain content or execute arbitrary code on the
affected host.

References
=========
https://googlechromereleases.blogspot.fr/2016/12/stable-channel-update-for-desktop.html
https://access.redhat.com/security/cve/CVE-2016-5203
https://access.redhat.com/security/cve/CVE-2016-5204
https://access.redhat.com/security/cve/CVE-2016-5205
https://access.redhat.com/security/cve/CVE-2016-5206
https://access.redhat.com/security/cve/CVE-2016-5207
https://access.redhat.com/security/cve/CVE-2016-5208
https://access.redhat.com/security/cve/CVE-2016-5209
https://access.redhat.com/security/cve/CVE-2016-5210
https://access.redhat.com/security/cve/CVE-2016-5211
https://access.redhat.com/security/cve/CVE-2016-5212
https://access.redhat.com/security/cve/CVE-2016-5213
https://access.redhat.com/security/cve/CVE-2016-5214
https://access.redhat.com/security/cve/CVE-2016-5215
https://access.redhat.com/security/cve/CVE-2016-5216
https://access.redhat.com/security/cve/CVE-2016-5217
https://access.redhat.com/security/cve/CVE-2016-5218
https://access.redhat.com/security/cve/CVE-2016-5219
https://access.redhat.com/security/cve/CVE-2016-5220
https://access.redhat.com/security/cve/CVE-2016-5221
https://access.redhat.com/security/cve/CVE-2016-5222
https://access.redhat.com/security/cve/CVE-2016-5223
https://access.redhat.com/security/cve/CVE-2016-5224
https://access.redhat.com/security/cve/CVE-2016-5225
https://access.redhat.com/security/cve/CVE-2016-5226
https://access.redhat.com/security/cve/CVE-2016-9650
https://access.redhat.com/security/cve/CVE-2016-9651
https://access.redhat.com/security/cve/CVE-2016-9652

ArchLinux: 201612-3: chromium: multiple issues

December 4, 2016

Summary

- CVE-2016-5203 (arbitrary code execution) An use after free flaw was found in the PDFium component of the Chromium browser.
- CVE-2016-5204 (cross-site scripting)
An universal XSS flaw was found in the Blink component of the Chromium browser.
- CVE-2016-5205 (cross-site scripting)
An universal XSS flaw was found in the Blink component of the Chromium browser.
- CVE-2016-5206 (same-origin policy bypass)
A same-origin bypass flaw was found in the PDFium component of the Chromium browser.
- CVE-2016-5207 (cross-site scripting)
An universal XSS flaw was found in the Blink component of the Chromium browser.
- CVE-2016-5208 (cross-site scripting)
An universal XSS flaw was found in the Blink component of the Chromium browser.
- CVE-2016-5209 (arbitrary code execution)
An out of bounds write flaw was found in the Blink component of the Chromium browser.
- CVE-2016-5210 (arbitrary code execution)
An out of bounds write flaw was found in the PDFium component of the Chromium browser.
- CVE-2016-5211 (arbitrary code execution)
An use after free flaw was found in the PDFium component of the Chromium browser.
- CVE-2016-5212 (arbitrary filesystem access)
A local file disclosure flaw was found in the DevTools component of the Chromium browser.
- CVE-2016-5213 (arbitrary code execution)
An use after free flaw was found in the V8 component of the Chromium browser.
- CVE-2016-5214 (insufficient validation)
A file download protection bypass was discovered in the Chromium browser.
- CVE-2016-5215 (arbitrary code execution)
An use after free flaw was found in the Webaudio component of the Chromium browser.
- CVE-2016-5216 (arbitrary code execution)
An use after free flaw was found in the PDFium component of the Chromium browser.
- CVE-2016-5217 (insufficient validation)
An use of unvalidated data flaw was found in the PDFium component of the Chromium browser.
- CVE-2016-5218 (content spoofing)
An address spoofing flaw was found in the Omnibox component of the Chromium browser.
- CVE-2016-5219 (arbitrary code execution)
An use after free flaw was found in the V8 component of the Chromium browser.
- CVE-2016-5220 (arbitrary filesystem access)
A local file access flaw was found in the PDFium component of the Chromium browser.
- CVE-2016-5221 (arbitrary code execution)
An integer overflow flaw was found in the ANGLE component of the Chromium browser.
- CVE-2016-5222 (content spoofing)
An address spoofing flaw was found in the Omnibox component of the Chromium browser.
- CVE-2016-5223 (arbitrary code execution)
An integer overflow flaw was found in the PDFium component of the Chromium browser.
- CVE-2016-5224 (same-origin policy bypass)
A same-origin bypass flaw was found in the SVG component of the Chromium browser.
- CVE-2016-5225 (access restriction bypass)
A CSP bypass flaw was found in the Blink component of the Chromium browser.
- CVE-2016-5226 (cross-site scripting)
A limited XSS flaw was found in the Blink component of the Chromium browser.
- CVE-2016-9650 (information disclosure)
A CSP referrer disclosure vulnerability has been discovered in the Chromium browser.
- CVE-2016-9651 (access restriction bypass)
A private property access flaw was found in the V8 component of the Chromium browser.
- CVE-2016-9652 (arbitrary code execution)
Various fixes from internal audits, fuzzing and other initiatives.

Resolution

Upgrade to 55.0.2883.75-1. # pacman -Syu "chromium>=55.0.2883.75-1"
The problems have been fixed upstream in version 55.0.2883.75.

References

https://googlechromereleases.blogspot.fr/2016/12/stable-channel-update-for-desktop.html https://access.redhat.com/security/cve/CVE-2016-5203 https://access.redhat.com/security/cve/CVE-2016-5204 https://access.redhat.com/security/cve/CVE-2016-5205 https://access.redhat.com/security/cve/CVE-2016-5206 https://access.redhat.com/security/cve/CVE-2016-5207 https://access.redhat.com/security/cve/CVE-2016-5208 https://access.redhat.com/security/cve/CVE-2016-5209 https://access.redhat.com/security/cve/CVE-2016-5210 https://access.redhat.com/security/cve/CVE-2016-5211 https://access.redhat.com/security/cve/CVE-2016-5212 https://access.redhat.com/security/cve/CVE-2016-5213 https://access.redhat.com/security/cve/CVE-2016-5214 https://access.redhat.com/security/cve/CVE-2016-5215 https://access.redhat.com/security/cve/CVE-2016-5216 https://access.redhat.com/security/cve/CVE-2016-5217 https://access.redhat.com/security/cve/CVE-2016-5218 https://access.redhat.com/security/cve/CVE-2016-5219 https://access.redhat.com/security/cve/CVE-2016-5220 https://access.redhat.com/security/cve/CVE-2016-5221 https://access.redhat.com/security/cve/CVE-2016-5222 https://access.redhat.com/security/cve/CVE-2016-5223 https://access.redhat.com/security/cve/CVE-2016-5224 https://access.redhat.com/security/cve/CVE-2016-5225 https://access.redhat.com/security/cve/CVE-2016-5226 https://access.redhat.com/security/cve/CVE-2016-9650 https://access.redhat.com/security/cve/CVE-2016-9651 https://access.redhat.com/security/cve/CVE-2016-9652

Severity
CVE-2016-5207 CVE-2016-5208 CVE-2016-5209 CVE-2016-5210
CVE-2016-5211 CVE-2016-5212 CVE-2016-5213 CVE-2016-5214
CVE-2016-5215 CVE-2016-5216 CVE-2016-5217 CVE-2016-5218
CVE-2016-5219 CVE-2016-5220 CVE-2016-5221 CVE-2016-5222
CVE-2016-5223 CVE-2016-5224 CVE-2016-5225 CVE-2016-5226
CVE-2016-9650 CVE-2016-9651 CVE-2016-9652
Package : chromium
Type : multiple issues
Remote : Yes
Link : https://wiki.archlinux.org/title/CVE

Workaround

None.

Related News