Arch Linux 811 Published by

The following updates has been released for Arch Linux:

ASA-201906-19: firefox-developer-edition: arbitrary code execution
ASA-201906-20: firefox: sandbox escape
ASA-201906-21: libarchive: multiple issues
ASA-201906-22: vlc: arbitrary code execution



ASA-201906-19: firefox-developer-edition: arbitrary code execution

Arch Linux Security Advisory ASA-201906-19
==========================================

Severity: Critical
Date : 2019-06-19
CVE-ID : CVE-2019-11707
Package : firefox-developer-edition
Type : arbitrary code execution
Remote : Yes
Link : https://security.archlinux.org/AVG-995

Summary
=======

The package firefox-developer-edition before version 68.0b11-1 is
vulnerable to arbitrary code execution.

Resolution
==========

Upgrade to 68.0b11-1.

# pacman -Syu "firefox-developer-edition>=68.0b11-1"

The problem has been fixed upstream in version 68.0b11.

Workaround
==========

None.

Description
===========

A type confusion vulnerability can occur when manipulating JavaScript
objects due to issues in Array.pop, in Firefox before 67.0.3. This can
allow for an exploitable crash. Mozilla has been made aware of targeted
attacks in the wild abusing this flaw.

Impact
======

A remote attacker can execute arbitrary code via crafted Javascript
code.

References
==========

https://www.mozilla.org/en-US/security/advisories/mfsa2019-18
https://www.mozilla.org/en-US/security/advisories/mfsa2019-18/#CVE-2019-11707
https://bugzilla.mozilla.org/show_bug.cgi?id=1544386
https://security.archlinux.org/CVE-2019-11707


ASA-201906-20: firefox: sandbox escape

Arch Linux Security Advisory ASA-201906-20
==========================================

Severity: High
Date : 2019-06-25
CVE-ID : CVE-2019-11708
Package : firefox
Type : sandbox escape
Remote : Yes
Link : https://security.archlinux.org/AVG-997

Summary
=======

The package firefox before version 67.0.4-1 is vulnerable to sandbox
escape.

Resolution
==========

Upgrade to 67.0.4-1.

# pacman -Syu "firefox>=67.0.4-1"

The problem has been fixed upstream in version 67.0.4.

Workaround
==========

None.

Description
===========

An issue has been found in Firefox before 67.0.4, where an insufficient
vetting of parameters passed with the Prompt:Open IPC message between
child and parent processes can result in the non-sandboxed parent
process opening web content chosen by a compromised child process. When
combined with additional vulnerabilities this could result in executing
arbitrary code on the user's computer.

Impact
======

An attacker could use this vulnerability, combined with another one, to
bypass the sandbox and execute arbitrary code on the host.

References
==========

https://www.mozilla.org/en-US/security/advisories/mfsa2019-19/#CVE-2019-11708
https://bugzilla.mozilla.org/show_bug.cgi?id=1559858
https://security.archlinux.org/CVE-2019-11708


ASA-201906-21: libarchive: multiple issues

Arch Linux Security Advisory ASA-201906-21
==========================================

Severity: High
Date : 2019-06-25
CVE-ID : CVE-2018-1000877 CVE-2018-1000878 CVE-2018-1000879 CVE-2018-1000880
CVE-2019-1000019 CVE-2019-1000020
Package : libarchive
Type : multiple issues
Remote : No
Link : https://security.archlinux.org/AVG-837

Summary
=======

The package libarchive before version 3.4.0-1 is vulnerable to multiple
issues including arbitrary code execution, denial of service and
information disclosure.

Resolution
==========

Upgrade to 3.4.0-1.

# pacman -Syu "libarchive>=3.4.0-1"

The problems have been fixed upstream in version 3.4.0.

Workaround
==========

None.

Description
===========

- CVE-2018-1000877 (arbitrary code execution)

A double-free issue has been found in libarchive >= 3.1.0 and = 3.1.0 and
= 3.3.0
and = 3.2.0 and
=v3.0.2 contains a CWE-125: Out-of-bounds Read
vulnerability in 7zip decompression,
archive_read_support_format_7zip.c, header_bytes() that can result in a
crash (denial of service). This attack appears to be exploitable via
the victim opening a specially crafted 7zip file.

- CVE-2019-1000020 (denial of service)

libarchive version >=v2.8.0 contains a CWE-835: Loop with Unreachable
Exit Condition ('Infinite Loop') vulnerability in ISO9660 parser,
archive_read_support_format_iso9660.c, read_CE()/parse_rockridge() that
can result in DoS by infinite loop. This attack appears to be
exploitable via the victim opening a specially crafted ISO9660 file.

Impact
======

A local attacker is capable of crashing the process, leak information
or execute arbitrary code on the host with a maliciously crafted file.

References
==========

https://bugs.launchpad.net/ubuntu/+source/libarchive/+bug/1794909
https://github.com/libarchive/libarchive/pull/1105
https://github.com/libarchive/libarchive/pull/1120
https://github.com/libarchive/libarchive/commit/021efa522ad729ff0f5806c4ce53e4a6cc1daa31
https://github.com/libarchive/libarchive/commit/bfcfe6f04ed20db2504db8a254d1f40a1d84eb28
https://github.com/libarchive/libarchive/commit/15bf44fd2c1ad0e3fd87048b3fcc90c4dcff1175
https://github.com/libarchive/libarchive/commit/9c84b7426660c09c18cc349f6d70b5f8168b5680
https://github.com/libarchive/libarchive/pull/1120/commits/65a23f5dbee4497064e9bb467f81138a62b0dae1
https://github.com/libarchive/libarchive/pull/1120/commits/8312eaa576014cd9b965012af51bc1f967b12423
https://security.archlinux.org/CVE-2018-1000877
https://security.archlinux.org/CVE-2018-1000878
https://security.archlinux.org/CVE-2018-1000879
https://security.archlinux.org/CVE-2018-1000880
https://security.archlinux.org/CVE-2019-1000019
https://security.archlinux.org/CVE-2019-1000020


ASA-201906-22: vlc: arbitrary code execution

Arch Linux Security Advisory ASA-201906-22
==========================================

Severity: Critical
Date : 2019-06-25
CVE-ID : CVE-2019-5439 CVE-2019-12874
Package : vlc
Type : arbitrary code execution
Remote : Yes
Link : https://security.archlinux.org/AVG-998

Summary
=======

The package vlc before version 3.0.7.1-1 is vulnerable to arbitrary
code execution.

Resolution
==========

Upgrade to 3.0.7.1-1.

# pacman -Syu "vlc>=3.0.7.1-1"

The problems have been fixed upstream in version 3.0.7.1.

Workaround
==========

None.

Description
===========

- CVE-2019-5439 (arbitrary code execution)

VideoLAN VLC media player 3.0.6 and earlier has a out-of-bounds write
has been found in the ReadFrame function of the AVI decoder.

- CVE-2019-12874 (arbitrary code execution)

VideoLAN VLC media player 3.0.6 and earlier has a double-free in the
zlib_decompress_extra function of the Matroska demuxer in
modules/demux/mkv/util.cpp.

Impact
======

A remote attacker is able to execute arbitrary code on the host by
providing a maliciously-crafted media file to VLC.

References
==========

https://www.videolan.org/security/sa1901.html
https://hackerone.com/reports/484398
https://git.videolan.org/?p=vlc.git;a=commit;h=81023659c7de5ac2637b4a879195efef50846102
https://security.archlinux.org/CVE-2019-5439
https://security.archlinux.org/CVE-2019-12874