CVE-2017-5029
high
CVSS v3
8.8
CVSS v2
6.8
VIR risk
8.8
Description
multiple issues in chromium
Predictions
Exploit likelihood
92%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2017-5029
Vendor advisory: suse — https://www.suse.com/security/cve/CVE-2017-5029.html
Vendor advisory: arch — https://security.archlinux.org/ASA-201703-5
Vendor advisory: arch — https://security.archlinux.org/ASA-201703-4
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| arch | fixed | 57.0.2987.98-1 | |
| sles | affected | | |
| debian | bookworm | fixed | 1.1.29-2.1 |
| debian | bullseye | fixed | 1.1.29-2.1 |
| debian | forky | fixed | 1.1.29-2.1 |
| debian | sid | fixed | 1.1.29-2.1 |
| debian | trixie | fixed | 1.1.29-2.1 |
| rhel | 6.0 | affected | |
| debian | 8.0 | affected | |
| debian | 9.0 | affected | |
| linux-kernel | - | not-affected | |
| macos | - | not-affected | |
References
- https://github.com/sparklemotion/nokogiri/issues/1634
- https://security.archlinux.org/ASA-201703-4
- https://security.archlinux.org/ASA-201703-5
- http://rhn.redhat.com/errata/RHSA-2017-0499.html
- http://www.debian.org/security/2017/dsa-3810
- http://www.securityfocus.com/bid/96767
- http://www.securitytracker.com/id/1038157
- https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html
- https://crbug.com/676623
- https://git.gnome.org/browse/libxslt/commit/?id=08ab2774b870de1c7b5a48693df75e8154addae5
- https://www.suse.com/security/cve/CVE-2017-5029.html
- https://security-tracker.debian.org/tracker/CVE-2017-5029
- https://nvd.nist.gov/vuln/detail/CVE-2017-5029
- https://github.com/advisories/GHSA-pf6m-fxpq-fg8v
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2017-5029.yml
- https://github.com/sparklemotion/nokogiri
- https://ubuntu.com/security/CVE-2017-5029
- https://ubuntu.com/security/notices/USN-3271-1
CWEs
CWE-787
Verify integrity in audit chain (admin only). AS-IS.