Subject: [ASA-201702-2] qt5-webengine: multiple issues Arch Linux Security Advisory ASA-201702-2 ========================================= Severity: High Date : 2017-02-02 CVE-ID : CVE-2016-5182 CVE-2016-5183 CVE-2016-5189 CVE-2016-5199 CVE-2016-5201 CVE-2016-5203 CVE-2016-5204 CVE-2016-5205 CVE-2016-5206 CVE-2016-5207 CVE-2016-5208 CVE-2016-5210 CVE-2016-5211 CVE-2016-5212 CVE-2016-5213 CVE-2016-5214 CVE-2016-5215 CVE-2016-5216 CVE-2016-5217 CVE-2016-5218 CVE-2016-5219 CVE-2016-5221 CVE-2016-5222 CVE-2016-5223 CVE-2016-5224 CVE-2016-5225 CVE-2016-9650 CVE-2016-9651 Package : qt5-webengine Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-162 Summary ======= The package qt5-webengine before version 5.8.0-1 is vulnerable to multiple issues including access restriction bypass, arbitrary code execution, arbitrary filesystem access, cross-site scripting, same- origin policy bypass, content spoofing, information disclosure and insufficient validation. Resolution ========== Upgrade to 5.8.0-1. # pacman -Syu "qt5-webengine>=5.8.0-1" The problems have been fixed upstream in version 5.8.0. Workaround ========== None. Description =========== - CVE-2016-5182 (arbitrary code execution) A heap overflow flaw was found in the Blink component of the Chromium browser. - CVE-2016-5183 (arbitrary code execution) An use after free flaw was found in the PDFium component of the Chromium browser. - CVE-2016-5189 (content spoofing) An URL spoofing flaw was found in the Chromium browser. - CVE-2016-5199 (arbitrary code execution) FFMPEG MP4 decoder contains an off-by-one error resulting in an allocation of size 0, followed by corrupting an arbitrary number of pointers out of bounds on the heap, where each is pointing to controllable or uninitialized data. A remote attacker can potentially use this flaw to exploit heap corruption via a crafted video file. - CVE-2016-5201 (information disclosure) An information disclosure flaw was found in the extensions component of the Chromium browser before 54.0.2840.100. - CVE-2016-5203 (arbitrary code execution) An use after free flaw was found in the PDFium component of the Chromium browser. - CVE-2016-5204 (cross-site scripting) An universal XSS flaw was found in the Blink component of the Chromium browser. - CVE-2016-5205 (cross-site scripting) An universal XSS flaw was found in the Blink component of the Chromium browser. - CVE-2016-5206 (same-origin policy bypass) A same-origin bypass flaw was found in the PDFium component of the Chromium browser. - CVE-2016-5207 (cross-site scripting) An universal XSS flaw was found in the Blink component of the Chromium browser. - CVE-2016-5208 (cross-site scripting) An universal XSS flaw was found in the Blink component of the Chromium browser. - CVE-2016-5210 (arbitrary code execution) An out of bounds write flaw was found in the PDFium component of the Chromium browser. - CVE-2016-5211 (arbitrary code execution) An use after free flaw was found in the PDFium component of the Chromium browser. - CVE-2016-5212 (arbitrary filesystem access) A local file disclosure flaw was found in the DevTools component of the Chromium browser. - CVE-2016-5213 (arbitrary code execution) An use after free flaw was found in the V8 component of the Chromium browser. - CVE-2016-5214 (insufficient validation) A file download protection bypass was discovered in the Chromium browser. - CVE-2016-5215 (arbitrary code execution) An use after free flaw was found in the Webaudio component of the Chromium browser. - CVE-2016-5216 (arbitrary code execution) An use after free flaw was found in the PDFium component of the Chromium browser. - CVE-2016-5217 (insufficient validation) An use of unvalidated data flaw was found in the PDFium component of the Chromium browser. - CVE-2016-5218 (content spoofing) An address spoofing flaw was found in the Omnibox component of the Chromium browser. - CVE-2016-5219 (arbitrary code execution) An use after free flaw was found in the V8 component of the Chromium browser. - CVE-2016-5221 (arbitrary code execution) An integer overflow flaw was found in the ANGLE component of the Chromium browser. - CVE-2016-5222 (content spoofing) An address spoofing flaw was found in the Omnibox component of the Chromium browser. - CVE-2016-5223 (arbitrary code execution) An integer overflow flaw was found in the PDFium component of the Chromium browser. - CVE-2016-5224 (same-origin policy bypass) A same-origin bypass flaw was found in the SVG component of the Chromium browser. - CVE-2016-5225 (access restriction bypass) A CSP bypass flaw was found in the Blink component of the Chromium browser. - CVE-2016-9650 (information disclosure) A CSP referrer disclosure vulnerability has been discovered in the Chromium browser. - CVE-2016-9651 (access restriction bypass) A private property access flaw was found in the V8 component of the Chromium browser. Impact ====== A remote attacker might be able to bypass access restrictions, access sensitive information or files, and execute arbitrary code on the affected host. References ========== https://code.qt.io/cgit/qt/qtwebengine.git/tree/dist/changes-5.8.0 https://googlechromereleases.blogspot.fr/2016/10/stable-channel-update-for-desktop.html https://chromereleases.googleblog.com/2016/11/stable-channel-update-for-desktop_9.html https://bugs.chromium.org/p/chromium/issues/detail?id=643948 https://bugs.chromium.org/p/chromium/issues/detail?id=660678 https://googlechromereleases.blogspot.fr/2016/12/stable-channel-update-for-desktop.html https://security.archlinux.org/CVE-2016-5182 https://security.archlinux.org/CVE-2016-5183 https://security.archlinux.org/CVE-2016-5189 https://security.archlinux.org/CVE-2016-5199 https://security.archlinux.org/CVE-2016-5201 https://security.archlinux.org/CVE-2016-5203 https://security.archlinux.org/CVE-2016-5204 https://security.archlinux.org/CVE-2016-5205 https://security.archlinux.org/CVE-2016-5206 https://security.archlinux.org/CVE-2016-5207 https://security.archlinux.org/CVE-2016-5208 https://security.archlinux.org/CVE-2016-5210 https://security.archlinux.org/CVE-2016-5211 https://security.archlinux.org/CVE-2016-5212 https://security.archlinux.org/CVE-2016-5213 https://security.archlinux.org/CVE-2016-5214 https://security.archlinux.org/CVE-2016-5215 https://security.archlinux.org/CVE-2016-5216 https://security.archlinux.org/CVE-2016-5217 https://security.archlinux.org/CVE-2016-5218 https://security.archlinux.org/CVE-2016-5219 https://security.archlinux.org/CVE-2016-5221 https://security.archlinux.org/CVE-2016-5222 https://security.archlinux.org/CVE-2016-5223 https://security.archlinux.org/CVE-2016-5224 https://security.archlinux.org/CVE-2016-5225 https://security.archlinux.org/CVE-2016-9650 https://security.archlinux.org/CVE-2016-9651