Arch Linux Security Advisory ASA-201701-33
=========================================
Severity: Critical
Date    : 2017-01-27
CVE-ID  : CVE-2017-5006 CVE-2017-5007 CVE-2017-5008 CVE-2017-5009
          CVE-2017-5010 CVE-2017-5011 CVE-2017-5012 CVE-2017-5013
          CVE-2017-5014 CVE-2017-5015 CVE-2017-5016 CVE-2017-5017
          CVE-2017-5018 CVE-2017-5019 CVE-2017-5020 CVE-2017-5021
          CVE-2017-5022 CVE-2017-5023 CVE-2017-5024 CVE-2017-5025
          CVE-2017-5026
Package : chromium
Type    : multiple issues
Remote  : Yes
Link    : https://security.archlinux.org/AVG-156

Summary
======
The package chromium before version 56.0.2924.76-1 is vulnerable to
multiple issues including arbitrary code execution, arbitrary
filesystem access, cross-site scripting, content spoofing, information
disclosure, access restriction bypass and denial of service.

Resolution
=========
Upgrade to 56.0.2924.76-1.

# pacman -Syu "chromium>=56.0.2924.76-1"

The problems have been fixed upstream in version 56.0.2924.76.

Workaround
=========
None.

Description
==========
- CVE-2017-5006 (cross-site scripting)

An universal XSS flaw was found in the Blink component of the Chromium
browser.

- CVE-2017-5007 (cross-site scripting)

An universal XSS flaw was found in the Blink component of the Chromium
browser.

- CVE-2017-5008 (cross-site scripting)

An universal XSS flaw was found in the Blink component of the Chromium
browser.

- CVE-2017-5009 (arbitrary code execution)

An out of bounds memory access flaw was found in the WebRTC component
of the Chromium browser.

- CVE-2017-5010 (cross-site scripting)

An universal XSS flaw was found in the Blink component of the Chromium
browser.

- CVE-2017-5011 (arbitrary filesystem access)

An unauthorised file access flaw was found in the Devtools component of
the Chromium browser.

- CVE-2017-5012 (arbitrary code execution)

A heap overflow flaw was found in the V8 component of the Chromium
browser.

- CVE-2017-5013 (content spoofing)

An address spoofing flaw was found in the Omnibox component of the
Chromium browser

- CVE-2017-5014 (arbitrary code execution)

A heap overflow flaw was found in the Skia component of the Chromium
browser.

- CVE-2017-5015 (content spoofing)

An address spoofing flaw was found in the Omnibox component of the
Chromium browser.

- CVE-2017-5016 (content spoofing)

An UI spoofing flaw was found in the Blink component of the Chromium
browser.

- CVE-2017-5017 (information disclosure)

An uninitialised memory access flaw was found in the webm video
component of the Chromium browser.

- CVE-2017-5018 (cross-site scripting)

An universal XSS flaw was found in the chrome://apps component of the
Chromium browser.

- CVE-2017-5019 (arbitrary code execution)

An use after free flaw was found in the Renderer component of the
Chromium browser.

- CVE-2017-5020 (cross-site scripting)

An universal XSS flaw was found in the chrome://downloads component of
the Chromium browser.

- CVE-2017-5021 (arbitrary code execution)

A use-after-free flaw was found in the Extensions component of the
Chromium browser.

- CVE-2017-5022 (access restriction bypass)

A bypass of content security policy flaw was found in the Blink
component of the Chromium browser.

- CVE-2017-5023 (denial of service)

A type confusion flaw was found in the metrics component of the
Chromium browser.

- CVE-2017-5024 (arbitrary code execution)

A heap overflow flaw was found in the FFmpeg component of the Chromium
browser.

- CVE-2017-5025 (arbitrary code execution)

A heap overflow flaw was found in the FFmpeg component of the Chromium
browser.

- CVE-2017-5026 (content spoofing)

A UI spoofing flaw was found in the Chromium browser.

Impact
=====
A remote attacker can access sensitive information and arbitrary files,
bypass security restrictions, spoof content and execute arbitrary code
on the affected host.

References
=========
https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html
https://bugzilla.redhat.com/show_bug.cgi?id=1416658
https://code.google.com/p/chromium/issues/detail?id=671102
https://bugzilla.redhat.com/show_bug.cgi?id=1416657
https://bugzilla.redhat.com/show_bug.cgi?id=1416659
https://code.google.com/p/chromium/issues/detail?id=668552
https://bugzilla.redhat.com/show_bug.cgi?id=1416662
https://bugzilla.redhat.com/show_bug.cgi?id=1416660
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-5011
https://bugzilla.redhat.com/show_bug.cgi?id=1416663
https://bugzilla.redhat.com/show_bug.cgi?id=1416664
https://bugzilla.redhat.com/show_bug.cgi?id=1416665
https://code.google.com/p/chromium/issues/detail?id=675332
https://bugzilla.redhat.com/show_bug.cgi?id=1416666
https://bugzilla.redhat.com/show_bug.cgi?id=1416668
https://bugzilla.redhat.com/show_bug.cgi?id=1416669
https://code.google.com/p/chromium/issues/detail?id=676975
https://bugzilla.redhat.com/show_bug.cgi?id=1416670
https://bugzilla.redhat.com/show_bug.cgi?id=1416667
https://bugzilla.redhat.com/show_bug.cgi?id=1416671
https://code.google.com/p/chromium/issues/detail?id=668653
https://bugzilla.redhat.com/show_bug.cgi?id=1416672
https://bugzilla.redhat.com/show_bug.cgi?id=1416673
https://bugzilla.redhat.com/show_bug.cgi?id=1416674
https://bugzilla.redhat.com/show_bug.cgi?id=1416675
https://bugzilla.redhat.com/show_bug.cgi?id=1416676
https://bugzilla.redhat.com/show_bug.cgi?id=1416677
https://security.archlinux.org/CVE-2017-5006
https://security.archlinux.org/CVE-2017-5007
https://security.archlinux.org/CVE-2017-5008
https://security.archlinux.org/CVE-2017-5009
https://security.archlinux.org/CVE-2017-5010
https://security.archlinux.org/CVE-2017-5011
https://security.archlinux.org/CVE-2017-5012
https://security.archlinux.org/CVE-2017-5013
https://security.archlinux.org/CVE-2017-5014
https://security.archlinux.org/CVE-2017-5015
https://security.archlinux.org/CVE-2017-5016
https://security.archlinux.org/CVE-2017-5017
https://security.archlinux.org/CVE-2017-5018
https://security.archlinux.org/CVE-2017-5019
https://security.archlinux.org/CVE-2017-5020
https://security.archlinux.org/CVE-2017-5021
https://security.archlinux.org/CVE-2017-5022
https://security.archlinux.org/CVE-2017-5023
https://security.archlinux.org/CVE-2017-5024
https://security.archlinux.org/CVE-2017-5025
https://security.archlinux.org/CVE-2017-5026

ArchLinux: 201701-33: chromium: multiple issues

January 27, 2017

Summary

- CVE-2017-5006 (cross-site scripting) An universal XSS flaw was found in the Blink component of the Chromium browser.
- CVE-2017-5007 (cross-site scripting)
An universal XSS flaw was found in the Blink component of the Chromium browser.
- CVE-2017-5008 (cross-site scripting)
An universal XSS flaw was found in the Blink component of the Chromium browser.
- CVE-2017-5009 (arbitrary code execution)
An out of bounds memory access flaw was found in the WebRTC component of the Chromium browser.
- CVE-2017-5010 (cross-site scripting)
An universal XSS flaw was found in the Blink component of the Chromium browser.
- CVE-2017-5011 (arbitrary filesystem access)
An unauthorised file access flaw was found in the Devtools component of the Chromium browser.
- CVE-2017-5012 (arbitrary code execution)
A heap overflow flaw was found in the V8 component of the Chromium browser.
- CVE-2017-5013 (content spoofing)
An address spoofing flaw was found in the Omnibox component of the Chromium browser
- CVE-2017-5014 (arbitrary code execution)
A heap overflow flaw was found in the Skia component of the Chromium browser.
- CVE-2017-5015 (content spoofing)
An address spoofing flaw was found in the Omnibox component of the Chromium browser.
- CVE-2017-5016 (content spoofing)
An UI spoofing flaw was found in the Blink component of the Chromium browser.
- CVE-2017-5017 (information disclosure)
An uninitialised memory access flaw was found in the webm video component of the Chromium browser.
- CVE-2017-5018 (cross-site scripting)
An universal XSS flaw was found in the chrome://apps component of the Chromium browser.
- CVE-2017-5019 (arbitrary code execution)
An use after free flaw was found in the Renderer component of the Chromium browser.
- CVE-2017-5020 (cross-site scripting)
An universal XSS flaw was found in the chrome://downloads component of the Chromium browser.
- CVE-2017-5021 (arbitrary code execution)
A use-after-free flaw was found in the Extensions component of the Chromium browser.
- CVE-2017-5022 (access restriction bypass)
A bypass of content security policy flaw was found in the Blink component of the Chromium browser.
- CVE-2017-5023 (denial of service)
A type confusion flaw was found in the metrics component of the Chromium browser.
- CVE-2017-5024 (arbitrary code execution)
A heap overflow flaw was found in the FFmpeg component of the Chromium browser.
- CVE-2017-5025 (arbitrary code execution)
A heap overflow flaw was found in the FFmpeg component of the Chromium browser.
- CVE-2017-5026 (content spoofing)
A UI spoofing flaw was found in the Chromium browser.

Resolution

Upgrade to 56.0.2924.76-1. # pacman -Syu "chromium>=56.0.2924.76-1"
The problems have been fixed upstream in version 56.0.2924.76.

References

https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html https://bugzilla.redhat.com/show_bug.cgi?id=1416658 https://code.google.com/p/chromium/issues/detail?id=671102 https://bugzilla.redhat.com/show_bug.cgi?id=1416657 https://bugzilla.redhat.com/show_bug.cgi?id=1416659 https://code.google.com/p/chromium/issues/detail?id=668552 https://bugzilla.redhat.com/show_bug.cgi?id=1416662 https://bugzilla.redhat.com/show_bug.cgi?id=1416660 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-5011 https://bugzilla.redhat.com/show_bug.cgi?id=1416663 https://bugzilla.redhat.com/show_bug.cgi?id=1416664 https://bugzilla.redhat.com/show_bug.cgi?id=1416665 https://code.google.com/p/chromium/issues/detail?id=675332 https://bugzilla.redhat.com/show_bug.cgi?id=1416666 https://bugzilla.redhat.com/show_bug.cgi?id=1416668 https://bugzilla.redhat.com/show_bug.cgi?id=1416669 https://code.google.com/p/chromium/issues/detail?id=676975 https://bugzilla.redhat.com/show_bug.cgi?id=1416670 https://bugzilla.redhat.com/show_bug.cgi?id=1416667 https://bugzilla.redhat.com/show_bug.cgi?id=1416671 https://code.google.com/p/chromium/issues/detail?id=668653 https://bugzilla.redhat.com/show_bug.cgi?id=1416672 https://bugzilla.redhat.com/show_bug.cgi?id=1416673 https://bugzilla.redhat.com/show_bug.cgi?id=1416674 https://bugzilla.redhat.com/show_bug.cgi?id=1416675 https://bugzilla.redhat.com/show_bug.cgi?id=1416676 https://bugzilla.redhat.com/show_bug.cgi?id=1416677 https://security.archlinux.org/CVE-2017-5006 https://security.archlinux.org/CVE-2017-5007 https://security.archlinux.org/CVE-2017-5008 https://security.archlinux.org/CVE-2017-5009 https://security.archlinux.org/CVE-2017-5010 https://security.archlinux.org/CVE-2017-5011 https://security.archlinux.org/CVE-2017-5012 https://security.archlinux.org/CVE-2017-5013 https://security.archlinux.org/CVE-2017-5014 https://security.archlinux.org/CVE-2017-5015 https://security.archlinux.org/CVE-2017-5016 https://security.archlinux.org/CVE-2017-5017 https://security.archlinux.org/CVE-2017-5018 https://security.archlinux.org/CVE-2017-5019 https://security.archlinux.org/CVE-2017-5020 https://security.archlinux.org/CVE-2017-5021 https://security.archlinux.org/CVE-2017-5022 https://security.archlinux.org/CVE-2017-5023 https://security.archlinux.org/CVE-2017-5024 https://security.archlinux.org/CVE-2017-5025 https://security.archlinux.org/CVE-2017-5026

Severity
CVE-2017-5010 CVE-2017-5011 CVE-2017-5012 CVE-2017-5013
CVE-2017-5014 CVE-2017-5015 CVE-2017-5016 CVE-2017-5017
CVE-2017-5018 CVE-2017-5019 CVE-2017-5020 CVE-2017-5021
CVE-2017-5022 CVE-2017-5023 CVE-2017-5024 CVE-2017-5025
CVE-2017-5026
Package : chromium
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-156

Workaround

None.

Related News