ArchLinux: 201703-4: chromium: multiple issues
Summary
- CVE-2017-5029 (arbitrary code execution)
An integer overflow issue has been found in libxslt, leading to an out
of bounds write on 64-bit systems.
- CVE-2017-5030 (arbitrary code execution)
A memory corruption flaw was found in the V8 component of the Chromium
browser.
- CVE-2017-5031 (arbitrary code execution)
A use-after-free flaw has been found in the ANGLE component of the
Chromium browser.
- CVE-2017-5032 (arbitrary code execution)
An out of bounds write flaw has been found in the PDFium component of
the Chromium browser.
- CVE-2017-5033 (access restriction bypass)
A flaw allowing to bypass the content security policy has been found in
the Blink component of the Chromium browser.
- CVE-2017-5034 (arbitrary code execution)
A use after free flaw has been found in the PDFium component of the
Chromium browser.
- CVE-2017-5035 (content spoofing)
An incorrect security ui flaw was found in the Omnibox component of the
Chromium browser.
- CVE-2017-5036 (arbitrary code execution)
A use after free flaw has been found in the PDFium component of the
Chromium browser.
- CVE-2017-5037 (arbitrary code execution)
Multiple out of bounds writes have been found in the ChunkDemuxer
component of the Chromium browser.
- CVE-2017-5038 (arbitrary code execution)
A use after free flaw has been found in the GuestView component of the
Chromium browser.
- CVE-2017-5039 (arbitrary code execution)
A use after free flaw has been found in the PDFium component of the
Chromium browser.
- CVE-2017-5040 (information disclosure)
An information disclosure flaw has been found in the V8 component of
the Chromium browser.
- CVE-2017-5042 (information disclosure)
An issue resulting from incorrect handling of cookies has been found in
the Cast component of the Chromium browser.
- CVE-2017-5043 (arbitrary code execution)
A use after free flaw has been found in the GuestView component of the
Chromium browser.
- CVE-2017-5044 (arbitrary code execution)
A heap overflow flaw has been found in the Skia component of the
Chromium browser.
- CVE-2017-5045 (information disclosure)
An information disclosure flaw has been found in the XSS Auditor
component of the Chromium browser.
- CVE-2017-5046 (information disclosure)
An information disclosure flaw has been found in the Blink component of
the Chromium browser.
Resolution
Upgrade to 57.0.2987.98-1.
# pacman -Syu "chromium>=57.0.2987.98-1"
The problems have been fixed upstream in version 57.0.2987.98.
References
https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html https://gitlab.gnome.org/GNOME/libxslt/-/commit/08ab2774b870de1c7b5a48693df75e8154addae5 https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://security.archlinux.org/CVE-2017-5029 https://security.archlinux.org/CVE-2017-5030 https://security.archlinux.org/CVE-2017-5031 https://security.archlinux.org/CVE-2017-5032 https://security.archlinux.org/CVE-2017-5033 https://security.archlinux.org/CVE-2017-5034 https://security.archlinux.org/CVE-2017-5035 https://security.archlinux.org/CVE-2017-5036 https://security.archlinux.org/CVE-2017-5037 https://security.archlinux.org/CVE-2017-5038 https://security.archlinux.org/CVE-2017-5039 https://security.archlinux.org/CVE-2017-5040 https://security.archlinux.org/CVE-2017-5042 https://security.archlinux.org/CVE-2017-5043 https://security.archlinux.org/CVE-2017-5044 https://security.archlinux.org/CVE-2017-5045 https://security.archlinux.org/CVE-2017-5046
Workaround
None.