ArchLinux: 201701-33: chromium: multiple issues
Summary
- CVE-2017-5006 (cross-site scripting)
An universal XSS flaw was found in the Blink component of the Chromium
browser.
- CVE-2017-5007 (cross-site scripting)
An universal XSS flaw was found in the Blink component of the Chromium
browser.
- CVE-2017-5008 (cross-site scripting)
An universal XSS flaw was found in the Blink component of the Chromium
browser.
- CVE-2017-5009 (arbitrary code execution)
An out of bounds memory access flaw was found in the WebRTC component
of the Chromium browser.
- CVE-2017-5010 (cross-site scripting)
An universal XSS flaw was found in the Blink component of the Chromium
browser.
- CVE-2017-5011 (arbitrary filesystem access)
An unauthorised file access flaw was found in the Devtools component of
the Chromium browser.
- CVE-2017-5012 (arbitrary code execution)
A heap overflow flaw was found in the V8 component of the Chromium
browser.
- CVE-2017-5013 (content spoofing)
An address spoofing flaw was found in the Omnibox component of the
Chromium browser
- CVE-2017-5014 (arbitrary code execution)
A heap overflow flaw was found in the Skia component of the Chromium
browser.
- CVE-2017-5015 (content spoofing)
An address spoofing flaw was found in the Omnibox component of the
Chromium browser.
- CVE-2017-5016 (content spoofing)
An UI spoofing flaw was found in the Blink component of the Chromium
browser.
- CVE-2017-5017 (information disclosure)
An uninitialised memory access flaw was found in the webm video
component of the Chromium browser.
- CVE-2017-5018 (cross-site scripting)
An universal XSS flaw was found in the chrome://apps component of the
Chromium browser.
- CVE-2017-5019 (arbitrary code execution)
An use after free flaw was found in the Renderer component of the
Chromium browser.
- CVE-2017-5020 (cross-site scripting)
An universal XSS flaw was found in the chrome://downloads component of
the Chromium browser.
- CVE-2017-5021 (arbitrary code execution)
A use-after-free flaw was found in the Extensions component of the
Chromium browser.
- CVE-2017-5022 (access restriction bypass)
A bypass of content security policy flaw was found in the Blink
component of the Chromium browser.
- CVE-2017-5023 (denial of service)
A type confusion flaw was found in the metrics component of the
Chromium browser.
- CVE-2017-5024 (arbitrary code execution)
A heap overflow flaw was found in the FFmpeg component of the Chromium
browser.
- CVE-2017-5025 (arbitrary code execution)
A heap overflow flaw was found in the FFmpeg component of the Chromium
browser.
- CVE-2017-5026 (content spoofing)
A UI spoofing flaw was found in the Chromium browser.
Resolution
Upgrade to 56.0.2924.76-1.
# pacman -Syu "chromium>=56.0.2924.76-1"
The problems have been fixed upstream in version 56.0.2924.76.
References
https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html https://bugzilla.redhat.com/show_bug.cgi?id=1416658 https://bugs.chromium.org/p/chromium/issues/detail https://bugzilla.redhat.com/show_bug.cgi?id=1416657 https://bugzilla.redhat.com/show_bug.cgi?id=1416659 https://bugs.chromium.org/p/chromium/issues/detail https://bugzilla.redhat.com/show_bug.cgi?id=1416662 https://bugzilla.redhat.com/show_bug.cgi?id=1416660 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-5011 https://bugzilla.redhat.com/show_bug.cgi?id=1416663 https://bugzilla.redhat.com/show_bug.cgi?id=1416664 https://bugzilla.redhat.com/show_bug.cgi?id=1416665 https://bugs.chromium.org/p/chromium/issues/detail https://bugzilla.redhat.com/show_bug.cgi?id=1416666 https://bugzilla.redhat.com/show_bug.cgi?id=1416668 https://bugzilla.redhat.com/show_bug.cgi?id=1416669 https://bugs.chromium.org/p/chromium/issues/detail https://bugzilla.redhat.com/show_bug.cgi?id=1416670 https://bugzilla.redhat.com/show_bug.cgi?id=1416667 https://bugzilla.redhat.com/show_bug.cgi?id=1416671 https://bugs.chromium.org/p/chromium/issues/detail https://bugzilla.redhat.com/show_bug.cgi?id=1416672 https://bugzilla.redhat.com/show_bug.cgi?id=1416673 https://bugzilla.redhat.com/show_bug.cgi?id=1416674 https://bugzilla.redhat.com/show_bug.cgi?id=1416675 https://bugzilla.redhat.com/show_bug.cgi?id=1416676 https://bugzilla.redhat.com/show_bug.cgi?id=1416677 https://security.archlinux.org/CVE-2017-5006 https://security.archlinux.org/CVE-2017-5007 https://security.archlinux.org/CVE-2017-5008 https://security.archlinux.org/CVE-2017-5009 https://security.archlinux.org/CVE-2017-5010 https://security.archlinux.org/CVE-2017-5011 https://security.archlinux.org/CVE-2017-5012 https://security.archlinux.org/CVE-2017-5013 https://security.archlinux.org/CVE-2017-5014 https://security.archlinux.org/CVE-2017-5015 https://security.archlinux.org/CVE-2017-5016 https://security.archlinux.org/CVE-2017-5017 https://security.archlinux.org/CVE-2017-5018 https://security.archlinux.org/CVE-2017-5019 https://security.archlinux.org/CVE-2017-5020 https://security.archlinux.org/CVE-2017-5021 https://security.archlinux.org/CVE-2017-5022 https://security.archlinux.org/CVE-2017-5023 https://security.archlinux.org/CVE-2017-5024 https://security.archlinux.org/CVE-2017-5025 https://security.archlinux.org/CVE-2017-5026
Workaround
None.