Arch Linux
Home
Packages
Forums
Wiki
GitLab
Security
AUR
Download
issues
advisories
todo
stats
log
login
ASA-201701-33
log
generated
external
raw
[ASA-201701-33] chromium: multiple issues
Arch Linux Security Advisory ASA-201701-33 ========================================== Severity: Critical Date : 2017-01-27 CVE-ID :
CVE-2017-5006
CVE-2017-5007
CVE-2017-5008
CVE-2017-5009
CVE-2017-5010
CVE-2017-5011
CVE-2017-5012
CVE-2017-5013
CVE-2017-5014
CVE-2017-5015
CVE-2017-5016
CVE-2017-5017
CVE-2017-5018
CVE-2017-5019
CVE-2017-5020
CVE-2017-5021
CVE-2017-5022
CVE-2017-5023
CVE-2017-5024
CVE-2017-5025
CVE-2017-5026
Package :
chromium
Type : multiple issues Remote : Yes Link :
https://security.archlinux.org/AVG-156
Summary ======= The package
chromium
before version 56.0.2924.76-1 is vulnerable to multiple issues including arbitrary code execution, arbitrary filesystem access, cross-site scripting, content spoofing, information disclosure, access restriction bypass and denial of service. Resolution ========== Upgrade to 56.0.2924.76-1. # pacman -Syu "
chromium
>=56.0.2924.76-1" The problems have been fixed upstream in version 56.0.2924.76. Workaround ========== None. Description =========== -
CVE-2017-5006
(cross-site scripting) An universal XSS flaw was found in the Blink component of the
Chromium
browser. -
CVE-2017-5007
(cross-site scripting) An universal XSS flaw was found in the Blink component of the
Chromium
browser. -
CVE-2017-5008
(cross-site scripting) An universal XSS flaw was found in the Blink component of the
Chromium
browser. -
CVE-2017-5009
(arbitrary code execution) An out of bounds memory access flaw was found in the WebRTC component of the
Chromium
browser. -
CVE-2017-5010
(cross-site scripting) An universal XSS flaw was found in the Blink component of the
Chromium
browser. -
CVE-2017-5011
(arbitrary filesystem access) An unauthorised file access flaw was found in the Devtools component of the
Chromium
browser. -
CVE-2017-5012
(arbitrary code execution) A heap overflow flaw was found in the V8 component of the
Chromium
browser. -
CVE-2017-5013
(content spoofing) An address spoofing flaw was found in the Omnibox component of the
Chromium
browser -
CVE-2017-5014
(arbitrary code execution) A heap overflow flaw was found in the Skia component of the
Chromium
browser. -
CVE-2017-5015
(content spoofing) An address spoofing flaw was found in the Omnibox component of the
Chromium
browser. -
CVE-2017-5016
(content spoofing) An UI spoofing flaw was found in the Blink component of the
Chromium
browser. -
CVE-2017-5017
(information disclosure) An uninitialised memory access flaw was found in the webm video component of the
Chromium
browser. -
CVE-2017-5018
(cross-site scripting) An universal XSS flaw was found in the chrome://apps component of the
Chromium
browser. -
CVE-2017-5019
(arbitrary code execution) An use after free flaw was found in the Renderer component of the
Chromium
browser. -
CVE-2017-5020
(cross-site scripting) An universal XSS flaw was found in the chrome://downloads component of the
Chromium
browser. -
CVE-2017-5021
(arbitrary code execution) A use-after-free flaw was found in the Extensions component of the
Chromium
browser. -
CVE-2017-5022
(access restriction bypass) A bypass of content security policy flaw was found in the Blink component of the
Chromium
browser. -
CVE-2017-5023
(denial of service) A type confusion flaw was found in the metrics component of the
Chromium
browser. -
CVE-2017-5024
(arbitrary code execution) A heap overflow flaw was found in the FFmpeg component of the
Chromium
browser. -
CVE-2017-5025
(arbitrary code execution) A heap overflow flaw was found in the FFmpeg component of the
Chromium
browser. -
CVE-2017-5026
(content spoofing) A UI spoofing flaw was found in the
Chromium
browser. Impact ====== A remote attacker can access sensitive information and arbitrary files, bypass security restrictions, spoof content and execute arbitrary code on the affected host. References ==========
https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html
https://bugzilla.redhat.com/show_bug.cgi?id=1416658
https://code.google.com/p/chromium/issues/detail?id=673170
https://code.google.com/p/chromium/issues/detail?id=671102
https://bugzilla.redhat.com/show_bug.cgi?id=1416657
https://bugzilla.redhat.com/show_bug.cgi?id=1416659
https://code.google.com/p/chromium/issues/detail?id=668552
https://bugzilla.redhat.com/show_bug.cgi?id=1416662
https://code.google.com/p/chromium/issues/detail?id=667504
https://bugzilla.redhat.com/show_bug.cgi?id=1416660
https://code.google.com/p/chromium/issues/detail?id=663476
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-5011
https://code.google.com/p/chromium/issues/detail?id=662859
https://bugzilla.redhat.com/show_bug.cgi?id=1416663
https://code.google.com/p/chromium/issues/detail?id=681843
https://code.google.com/p/chromium/issues/detail?id=677716
https://bugzilla.redhat.com/show_bug.cgi?id=1416664
https://bugzilla.redhat.com/show_bug.cgi?id=1416665
https://code.google.com/p/chromium/issues/detail?id=675332
https://bugzilla.redhat.com/show_bug.cgi?id=1416666
https://code.google.com/p/chromium/issues/detail?id=673971
https://bugzilla.redhat.com/show_bug.cgi?id=1416668
https://code.google.com/p/chromium/issues/detail?id=673163
https://bugzilla.redhat.com/show_bug.cgi?id=1416669
https://code.google.com/p/chromium/issues/detail?id=676975
https://bugzilla.redhat.com/show_bug.cgi?id=1416670
https://code.google.com/p/chromium/issues/detail?id=668665
https://bugzilla.redhat.com/show_bug.cgi?id=1416667
https://code.google.com/p/chromium/issues/detail?id=666714
https://bugzilla.redhat.com/show_bug.cgi?id=1416671
https://code.google.com/p/chromium/issues/detail?id=668653
https://bugzilla.redhat.com/show_bug.cgi?id=1416672
https://code.google.com/p/chromium/issues/detail?id=663726
https://bugzilla.redhat.com/show_bug.cgi?id=1416673
https://code.google.com/p/chromium/issues/detail?id=663620
https://bugzilla.redhat.com/show_bug.cgi?id=1416674
https://code.google.com/p/chromium/issues/detail?id=651443
https://bugzilla.redhat.com/show_bug.cgi?id=1416675
https://code.google.com/p/chromium/issues/detail?id=643951
https://code.google.com/p/chromium/issues/detail?id=643950
https://bugzilla.redhat.com/show_bug.cgi?id=1416676
https://code.google.com/p/chromium/issues/detail?id=634108
https://bugzilla.redhat.com/show_bug.cgi?id=1416677
https://security.archlinux.org/CVE-2017-5006
https://security.archlinux.org/CVE-2017-5007
https://security.archlinux.org/CVE-2017-5008
https://security.archlinux.org/CVE-2017-5009
https://security.archlinux.org/CVE-2017-5010
https://security.archlinux.org/CVE-2017-5011
https://security.archlinux.org/CVE-2017-5012
https://security.archlinux.org/CVE-2017-5013
https://security.archlinux.org/CVE-2017-5014
https://security.archlinux.org/CVE-2017-5015
https://security.archlinux.org/CVE-2017-5016
https://security.archlinux.org/CVE-2017-5017
https://security.archlinux.org/CVE-2017-5018
https://security.archlinux.org/CVE-2017-5019
https://security.archlinux.org/CVE-2017-5020
https://security.archlinux.org/CVE-2017-5021
https://security.archlinux.org/CVE-2017-5022
https://security.archlinux.org/CVE-2017-5023
https://security.archlinux.org/CVE-2017-5024
https://security.archlinux.org/CVE-2017-5025
https://security.archlinux.org/CVE-2017-5026