Arch Linux Security Advisory ASA-201703-4 ========================================= Severity: Critical Date : 2017-03-11 CVE-ID : CVE-2017-5029 CVE-2017-5030 CVE-2017-5031 CVE-2017-5032 CVE-2017-5033 CVE-2017-5034 CVE-2017-5035 CVE-2017-5036 CVE-2017-5037 CVE-2017-5038 CVE-2017-5039 CVE-2017-5040 CVE-2017-5042 CVE-2017-5043 CVE-2017-5044 CVE-2017-5045 CVE-2017-5046 Package : chromium Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-197 Summary ======= The package chromium before version 57.0.2987.98-1 is vulnerable to multiple issues including arbitrary code execution, content spoofing, access restriction bypass and information disclosure. Resolution ========== Upgrade to 57.0.2987.98-1. # pacman -Syu "chromium>=57.0.2987.98-1" The problems have been fixed upstream in version 57.0.2987.98. Workaround ========== None. Description =========== - CVE-2017-5029 (arbitrary code execution) An integer overflow issue has been found in libxslt, leading to an out of bounds write on 64-bit systems. - CVE-2017-5030 (arbitrary code execution) A memory corruption flaw was found in the V8 component of the Chromium browser. - CVE-2017-5031 (arbitrary code execution) A use-after-free flaw has been found in the ANGLE component of the Chromium browser. - CVE-2017-5032 (arbitrary code execution) An out of bounds write flaw has been found in the PDFium component of the Chromium browser. - CVE-2017-5033 (access restriction bypass) A flaw allowing to bypass the content security policy has been found in the Blink component of the Chromium browser. - CVE-2017-5034 (arbitrary code execution) A use after free flaw has been found in the PDFium component of the Chromium browser. - CVE-2017-5035 (content spoofing) An incorrect security ui flaw was found in the Omnibox component of the Chromium browser. - CVE-2017-5036 (arbitrary code execution) A use after free flaw has been found in the PDFium component of the Chromium browser. - CVE-2017-5037 (arbitrary code execution) Multiple out of bounds writes have been found in the ChunkDemuxer component of the Chromium browser. - CVE-2017-5038 (arbitrary code execution) A use after free flaw has been found in the GuestView component of the Chromium browser. - CVE-2017-5039 (arbitrary code execution) A use after free flaw has been found in the PDFium component of the Chromium browser. - CVE-2017-5040 (information disclosure) An information disclosure flaw has been found in the V8 component of the Chromium browser. - CVE-2017-5042 (information disclosure) An issue resulting from incorrect handling of cookies has been found in the Cast component of the Chromium browser. - CVE-2017-5043 (arbitrary code execution) A use after free flaw has been found in the GuestView component of the Chromium browser. - CVE-2017-5044 (arbitrary code execution) A heap overflow flaw has been found in the Skia component of the Chromium browser. - CVE-2017-5045 (information disclosure) An information disclosure flaw has been found in the XSS Auditor component of the Chromium browser. - CVE-2017-5046 (information disclosure) An information disclosure flaw has been found in the Blink component of the Chromium browser. Impact ====== A remote attacker can spoof an address in omnibox, bypass the content security policy, access sensitive information and execute arbitrary code on the affected host. References ========== https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html https://git.gnome.org/browse/libxslt/commit/?id=08ab2774b870de1c7b5a48693df75e8154addae5 https://crbug.com/676623 https://crbug.com/682194 https://crbug.com/682020 https://crbug.com/668724 https://crbug.com/669086 https://crbug.com/678461 https://crbug.com/688425 https://crbug.com/691371 https://crbug.com/679640 https://crbug.com/695476 https://crbug.com/679649 https://crbug.com/691323 https://crbug.com/671932 https://crbug.com/683523 https://crbug.com/688987 https://crbug.com/667079 https://crbug.com/680409 https://security.archlinux.org/CVE-2017-5029 https://security.archlinux.org/CVE-2017-5030 https://security.archlinux.org/CVE-2017-5031 https://security.archlinux.org/CVE-2017-5032 https://security.archlinux.org/CVE-2017-5033 https://security.archlinux.org/CVE-2017-5034 https://security.archlinux.org/CVE-2017-5035 https://security.archlinux.org/CVE-2017-5036 https://security.archlinux.org/CVE-2017-5037 https://security.archlinux.org/CVE-2017-5038 https://security.archlinux.org/CVE-2017-5039 https://security.archlinux.org/CVE-2017-5040 https://security.archlinux.org/CVE-2017-5042 https://security.archlinux.org/CVE-2017-5043 https://security.archlinux.org/CVE-2017-5044 https://security.archlinux.org/CVE-2017-5045 https://security.archlinux.org/CVE-2017-5046