UBUNTU-CVE-2017-5042

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2017-5042

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2017/UBUNTU-CVE-2017-5042.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2017-5042

Upstream

CVE-2017-5042

Published

2017-04-24T23:59:00Z

Modified

2025-09-08T16:44:05Z

Severity

5.7 (Medium) CVSS_V3 - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
5.7 (Medium) CVSS_V3 - CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Ubuntu - medium

Summary

[none]

Details

Cast in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android sent cookies to sites discovered via SSDP, which allowed an attacker on the local network segment to initiate connections to arbitrary URLs and observe any plaintext cookies sent.

References

Affected packages

Ubuntu:14.04:LTS / chromium-browser

Package

Name: chromium-browser
Purl: pkg:deb/ubuntu/chromium-browser@58.0.3029.81-0ubuntu0.14.04.1172?arch=source&distro=trusty

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

58.0.3029.81-0ubuntu0.14.04.1172

Affected versions

29.*

29.0.1547.65-0ubuntu2

31.*

31.0.1650.63-0ubuntu1~20131204.1

32.*

32.0.1700.107-0ubuntu1~20140204.977.1

33.*

33.0.1750.152-0ubuntu1~pkg995.1

34.*

34.0.1847.116-0ubuntu2

36.*

36.0.1985.125-0ubuntu1.14.04.0~pkg1029

37.*

37.0.2062.94-0ubuntu0.14.04.1~pkg1042

37.0.2062.120-0ubuntu0.14.04.1~pkg1049

38.*

38.0.2125.111-0ubuntu0.14.04.1.1061

39.*

39.0.2171.65-0ubuntu0.14.04.1.1064

40.*

40.0.2214.94-0ubuntu0.14.04.1.1068

40.0.2214.111-0ubuntu0.14.04.1.1069

41.*

41.0.2272.76-0ubuntu0.14.04.1.1076

43.*

43.0.2357.81-0ubuntu0.14.04.1.1089

43.0.2357.130-0ubuntu0.14.04.1.1092

44.*

44.0.2403.89-0ubuntu0.14.04.1.1095

45.*

45.0.2454.85-0ubuntu0.14.04.1.1097

45.0.2454.101-0ubuntu0.14.04.1.1099

47.*

47.0.2526.73-0ubuntu0.14.04.1.1106

47.0.2526.106-0ubuntu0.14.04.1.1107

48.*

48.0.2564.82-0ubuntu0.14.04.1.1108

48.0.2564.116-0ubuntu0.14.04.1.1111

49.*

49.0.2623.87-0ubuntu0.14.04.1.1112

49.0.2623.108-0ubuntu0.14.04.1.1113

50.*

50.0.2661.102-0ubuntu0.14.04.1.1117

51.*

51.0.2704.79-0ubuntu0.14.04.1.1121

52.*

52.0.2743.116-0ubuntu0.14.04.1.1134

53.*

53.0.2785.143-0ubuntu0.14.04.1.1142

53.0.2785.143-0ubuntu0.14.04.1.1145

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_name": "chromium-browser",
            "binary_version": "58.0.3029.81-0ubuntu0.14.04.1172"
        },
        {
            "binary_name": "chromium-browser-l10n",
            "binary_version": "58.0.3029.81-0ubuntu0.14.04.1172"
        },
        {
            "binary_name": "chromium-chromedriver",
            "binary_version": "58.0.3029.81-0ubuntu0.14.04.1172"
        },
        {
            "binary_name": "chromium-codecs-ffmpeg",
            "binary_version": "58.0.3029.81-0ubuntu0.14.04.1172"
        },
        {
            "binary_name": "chromium-codecs-ffmpeg-extra",
            "binary_version": "58.0.3029.81-0ubuntu0.14.04.1172"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2017/UBUNTU-CVE-2017-5042.json"

Ubuntu:16.04:LTS / chromium-browser

Package

Name: chromium-browser
Purl: pkg:deb/ubuntu/chromium-browser@57.0.2987.98-0ubuntu0.16.04.1276?arch=source&distro=xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

57.0.2987.98-0ubuntu0.16.04.1276

Affected versions

45.*

45.0.2454.101-0ubuntu1.1201

47.*

47.0.2526.73-0ubuntu1.1218

47.0.2526.106-0ubuntu1.1221

48.*

48.0.2564.82-0ubuntu1.1222

48.0.2564.116-0ubuntu1.1229

49.*

49.0.2623.87-0ubuntu1.1232

49.0.2623.108-0ubuntu1.1233

50.*

50.0.2661.102-0ubuntu0.16.04.1.1237

51.*

51.0.2704.79-0ubuntu0.16.04.1.1242

52.*

52.0.2743.116-0ubuntu0.16.04.1.1250

53.*

53.0.2785.143-0ubuntu0.16.04.1.1254

53.0.2785.143-0ubuntu0.16.04.1.1257

55.*

55.0.2883.87-0ubuntu0.16.04.1263

56.*

56.0.2924.76-0ubuntu0.16.04.1268

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_name": "chromium-browser",
            "binary_version": "57.0.2987.98-0ubuntu0.16.04.1276"
        },
        {
            "binary_name": "chromium-browser-l10n",
            "binary_version": "57.0.2987.98-0ubuntu0.16.04.1276"
        },
        {
            "binary_name": "chromium-chromedriver",
            "binary_version": "57.0.2987.98-0ubuntu0.16.04.1276"
        },
        {
            "binary_name": "chromium-codecs-ffmpeg",
            "binary_version": "57.0.2987.98-0ubuntu0.16.04.1276"
        },
        {
            "binary_name": "chromium-codecs-ffmpeg-extra",
            "binary_version": "57.0.2987.98-0ubuntu0.16.04.1276"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2017/UBUNTU-CVE-2017-5042.json"