Arch Linux Security Advisory ASA-202112-7
========================================
Severity: High
Date    : 2021-12-11
CVE-ID  : CVE-2021-4052 CVE-2021-4053 CVE-2021-4054 CVE-2021-4055
          CVE-2021-4056 CVE-2021-4057 CVE-2021-4058 CVE-2021-4059
          CVE-2021-4061 CVE-2021-4062 CVE-2021-4063 CVE-2021-4064
          CVE-2021-4065 CVE-2021-4066 CVE-2021-4067 CVE-2021-4068
Package : vivaldi
Type    : multiple issues
Remote  : Yes
Link    : https://security.archlinux.org/AVG-2601

Summary
======
The package vivaldi before version 5.0.2497.28-1 is vulnerable to
multiple issues including arbitrary code execution, content spoofing
and insufficient validation.

Resolution
=========
Upgrade to 5.0.2497.28-1.

# pacman -Syu "vivaldi>=5.0.2497.28-1"

The problems have been fixed upstream in version 5.0.2497.28.

Workaround
=========
None.

Description
==========
- CVE-2021-4052 (arbitrary code execution)

A use after free security issue has been found in the web apps
component of the Chromium browser engine before version 96.0.4664.93.

- CVE-2021-4053 (arbitrary code execution)

A use after free security issue has been found in the UI component of
the Chromium browser engine before version 96.0.4664.93.

- CVE-2021-4054 (content spoofing)

An incorrect security UI security issue has been found in the autofill
component of the Chromium browser engine before version 96.0.4664.93.

- CVE-2021-4055 (arbitrary code execution)

A heap buffer overflow security issue has been found in the extensions
component of the Chromium browser engine before version 96.0.4664.93.

- CVE-2021-4056 (arbitrary code execution)

A type confusion security issue has been found in the loader component
of the Chromium browser engine before version 96.0.4664.93.

- CVE-2021-4057 (arbitrary code execution)

A use after free security issue has been found in the file API
component of the Chromium browser engine before version 96.0.4664.93.

- CVE-2021-4058 (arbitrary code execution)

A heap buffer overflow security issue has been found in the ANGLE
component of the Chromium browser engine before version 96.0.4664.93.

- CVE-2021-4059 (insufficient validation)

An insufficient data validation security issue has been found in the
loader component of the Chromium browser engine before version
96.0.4664.93.

- CVE-2021-4061 (arbitrary code execution)

A type confusion security issue has been found in the V8 component of
the Chromium browser engine before version 96.0.4664.93.

- CVE-2021-4062 (arbitrary code execution)

A heap buffer overflow security issue has been found in the BFCache
component of the Chromium browser engine before version 96.0.4664.93.

- CVE-2021-4063 (arbitrary code execution)

A use after free security issue has been found in the developer tools
component of the Chromium browser engine before version 96.0.4664.93.

- CVE-2021-4064 (arbitrary code execution)

A use after free security issue has been found in the screen capture
component of the Chromium browser engine before version 96.0.4664.93.

- CVE-2021-4065 (arbitrary code execution)

A use after free security issue has been found in the autofill
component of the Chromium browser engine before version 96.0.4664.93.

- CVE-2021-4066 (arbitrary code execution)

An integer underflow security issue has been found in the ANGLE
component of the Chromium browser engine before version 96.0.4664.93.

- CVE-2021-4067 (arbitrary code execution)

A use after free security issue has been found in the window manager
component of the Chromium browser engine before version 96.0.4664.93.

- CVE-2021-4068 (insufficient validation)

An insufficient validation of untrusted input security issue has been
found in the new tab page component of the Chromium browser engine
before version 96.0.4664.93.

Impact
=====
A remote attacker could execute arbitrary code or spoof content through
crafted web content.

References
=========
https://vivaldi.com/blog/desktop/further-updates-to-theme-sharing-vivaldi-browser-snapshot-2488-3/
https://vivaldi.com/blog/desktop/minor-update-5-0/
https://chromereleases.googleblog.com/2021/12/stable-channel-update-for-desktop.html
https://bugs.chromium.org/p/chromium/issues/detail
https://bugs.chromium.org/p/chromium/issues/detail
https://bugs.chromium.org/p/chromium/issues/detail
https://bugs.chromium.org/p/chromium/issues/detail
https://bugs.chromium.org/p/chromium/issues/detail
https://bugs.chromium.org/p/chromium/issues/detail
https://bugs.chromium.org/p/chromium/issues/detail
https://bugs.chromium.org/p/chromium/issues/detail
https://bugs.chromium.org/p/chromium/issues/detail
https://bugs.chromium.org/p/chromium/issues/detail
https://bugs.chromium.org/p/chromium/issues/detail
https://bugs.chromium.org/p/chromium/issues/detail
https://bugs.chromium.org/p/chromium/issues/detail
https://bugs.chromium.org/p/chromium/issues/detail
https://bugs.chromium.org/p/chromium/issues/detail
https://bugs.chromium.org/p/chromium/issues/detail
https://security.archlinux.org/CVE-2021-4052
https://security.archlinux.org/CVE-2021-4053
https://security.archlinux.org/CVE-2021-4054
https://security.archlinux.org/CVE-2021-4055
https://security.archlinux.org/CVE-2021-4056
https://security.archlinux.org/CVE-2021-4057
https://security.archlinux.org/CVE-2021-4058
https://security.archlinux.org/CVE-2021-4059
https://security.archlinux.org/CVE-2021-4061
https://security.archlinux.org/CVE-2021-4062
https://security.archlinux.org/CVE-2021-4063
https://security.archlinux.org/CVE-2021-4064
https://security.archlinux.org/CVE-2021-4065
https://security.archlinux.org/CVE-2021-4066
https://security.archlinux.org/CVE-2021-4067
https://security.archlinux.org/CVE-2021-4068

ArchLinux: 202112-7: vivaldi: multiple issues

December 12, 2021

Summary

- CVE-2021-4052 (arbitrary code execution) A use after free security issue has been found in the web apps component of the Chromium browser engine before version 96.0.4664.93.
- CVE-2021-4053 (arbitrary code execution)
A use after free security issue has been found in the UI component of the Chromium browser engine before version 96.0.4664.93.
- CVE-2021-4054 (content spoofing)
An incorrect security UI security issue has been found in the autofill component of the Chromium browser engine before version 96.0.4664.93.
- CVE-2021-4055 (arbitrary code execution)
A heap buffer overflow security issue has been found in the extensions component of the Chromium browser engine before version 96.0.4664.93.
- CVE-2021-4056 (arbitrary code execution)
A type confusion security issue has been found in the loader component of the Chromium browser engine before version 96.0.4664.93.
- CVE-2021-4057 (arbitrary code execution)
A use after free security issue has been found in the file API component of the Chromium browser engine before version 96.0.4664.93.
- CVE-2021-4058 (arbitrary code execution)
A heap buffer overflow security issue has been found in the ANGLE component of the Chromium browser engine before version 96.0.4664.93.
- CVE-2021-4059 (insufficient validation)
An insufficient data validation security issue has been found in the loader component of the Chromium browser engine before version 96.0.4664.93.
- CVE-2021-4061 (arbitrary code execution)
A type confusion security issue has been found in the V8 component of the Chromium browser engine before version 96.0.4664.93.
- CVE-2021-4062 (arbitrary code execution)
A heap buffer overflow security issue has been found in the BFCache component of the Chromium browser engine before version 96.0.4664.93.
- CVE-2021-4063 (arbitrary code execution)
A use after free security issue has been found in the developer tools component of the Chromium browser engine before version 96.0.4664.93.
- CVE-2021-4064 (arbitrary code execution)
A use after free security issue has been found in the screen capture component of the Chromium browser engine before version 96.0.4664.93.
- CVE-2021-4065 (arbitrary code execution)
A use after free security issue has been found in the autofill component of the Chromium browser engine before version 96.0.4664.93.
- CVE-2021-4066 (arbitrary code execution)
An integer underflow security issue has been found in the ANGLE component of the Chromium browser engine before version 96.0.4664.93.
- CVE-2021-4067 (arbitrary code execution)
A use after free security issue has been found in the window manager component of the Chromium browser engine before version 96.0.4664.93.
- CVE-2021-4068 (insufficient validation)
An insufficient validation of untrusted input security issue has been found in the new tab page component of the Chromium browser engine before version 96.0.4664.93.

Resolution

Upgrade to 5.0.2497.28-1. # pacman -Syu "vivaldi>=5.0.2497.28-1"
The problems have been fixed upstream in version 5.0.2497.28.

References

https://vivaldi.com/blog/desktop/further-updates-to-theme-sharing-vivaldi-browser-snapshot-2488-3/ https://vivaldi.com/blog/desktop/minor-update-5-0/ https://chromereleases.googleblog.com/2021/12/stable-channel-update-for-desktop.html https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://security.archlinux.org/CVE-2021-4052 https://security.archlinux.org/CVE-2021-4053 https://security.archlinux.org/CVE-2021-4054 https://security.archlinux.org/CVE-2021-4055 https://security.archlinux.org/CVE-2021-4056 https://security.archlinux.org/CVE-2021-4057 https://security.archlinux.org/CVE-2021-4058 https://security.archlinux.org/CVE-2021-4059 https://security.archlinux.org/CVE-2021-4061 https://security.archlinux.org/CVE-2021-4062 https://security.archlinux.org/CVE-2021-4063 https://security.archlinux.org/CVE-2021-4064 https://security.archlinux.org/CVE-2021-4065 https://security.archlinux.org/CVE-2021-4066 https://security.archlinux.org/CVE-2021-4067 https://security.archlinux.org/CVE-2021-4068

Severity
CVE-2021-4056 CVE-2021-4057 CVE-2021-4058 CVE-2021-4059
CVE-2021-4061 CVE-2021-4062 CVE-2021-4063 CVE-2021-4064
CVE-2021-4065 CVE-2021-4066 CVE-2021-4067 CVE-2021-4068
Package : vivaldi
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-2601

Workaround

None.

Related News

19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved