Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-announce

From: Sam James <sam@g.o>
To: gentoo-announce@l.g.o
Subject: [gentoo-announce] [ GLSA 202007-08 ] Chromium, Google Chrome: Multiple vulnerabilities
Date: Sun, 26 Jul 2020 23:41:14
Message-Id: 19D24BFF-0A1C-4276-B8DB-35C882239018@gentoo.org
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 202007-08
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 https://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: Normal
8 Title: Chromium, Google Chrome: Multiple vulnerabilities
9 Date: July 26, 2020
10 Bugs: #728418, #729310, #732588
11 ID: 202007-08
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Multiple vulnerabilities have been found in Chromium and Google Chrome,
19 the worst of which could result in the arbitrary execution of code.
20
21 Background
22 ==========
23
24 Chromium is an open-source browser project that aims to build a safer,
25 faster, and more stable way for all users to experience the web.
26
27 Google Chrome is one fast, simple, and secure browser for all your
28 devices.
29
30 Affected packages
31 =================
32
33 -------------------------------------------------------------------
34 Package / Vulnerable / Unaffected
35 -------------------------------------------------------------------
36 1 www-client/chromium < 84.0.4147.89 >= 84.0.4147.89
37 2 www-client/google-chrome
38 < 84.0.4147.89 >= 84.0.4147.89
39 -------------------------------------------------------------------
40 2 affected packages
41
42 Description
43 ===========
44
45 Multiple vulnerabilities have been discovered in Chromium and Google
46 Chrome. Please review the CVE identifiers referenced below for details.
47
48 Impact
49 ======
50
51 Please review the referenced CVE identifiers for details.
52
53 Workaround
54 ==========
55
56 There is no known workaround at this time.
57
58 Resolution
59 ==========
60
61 All Chromium users should upgrade to the latest version:
62
63 # emerge --sync
64 # emerge --ask --oneshot -v ">=www-client/chromium-84.0.4147.89"
65
66 All Google Chrome users should upgrade to the latest version:
67
68 # emerge --sync
69 # emerge --ask --oneshot -v ">=www-client/google-chrome-84.0.4147.89"
70
71 References
72 ==========
73
74 [ 1 ] CVE-2020-6505
75 https://nvd.nist.gov/vuln/detail/CVE-2020-6505
76 [ 2 ] CVE-2020-6506
77 https://nvd.nist.gov/vuln/detail/CVE-2020-6506
78 [ 3 ] CVE-2020-6507
79 https://nvd.nist.gov/vuln/detail/CVE-2020-6507
80 [ 4 ] CVE-2020-6509
81 https://nvd.nist.gov/vuln/detail/CVE-2020-6509
82 [ 5 ] CVE-2020-6510
83 https://nvd.nist.gov/vuln/detail/CVE-2020-6510
84 [ 6 ] CVE-2020-6511
85 https://nvd.nist.gov/vuln/detail/CVE-2020-6511
86 [ 7 ] CVE-2020-6512
87 https://nvd.nist.gov/vuln/detail/CVE-2020-6512
88 [ 8 ] CVE-2020-6513
89 https://nvd.nist.gov/vuln/detail/CVE-2020-6513
90 [ 9 ] CVE-2020-6514
91 https://nvd.nist.gov/vuln/detail/CVE-2020-6514
92 [ 10 ] CVE-2020-6515
93 https://nvd.nist.gov/vuln/detail/CVE-2020-6515
94 [ 11 ] CVE-2020-6516
95 https://nvd.nist.gov/vuln/detail/CVE-2020-6516
96 [ 12 ] CVE-2020-6517
97 https://nvd.nist.gov/vuln/detail/CVE-2020-6517
98 [ 13 ] CVE-2020-6518
99 https://nvd.nist.gov/vuln/detail/CVE-2020-6518
100 [ 14 ] CVE-2020-6519
101 https://nvd.nist.gov/vuln/detail/CVE-2020-6519
102 [ 15 ] CVE-2020-6520
103 https://nvd.nist.gov/vuln/detail/CVE-2020-6520
104 [ 16 ] CVE-2020-6521
105 https://nvd.nist.gov/vuln/detail/CVE-2020-6521
106 [ 17 ] CVE-2020-6522
107 https://nvd.nist.gov/vuln/detail/CVE-2020-6522
108 [ 18 ] CVE-2020-6523
109 https://nvd.nist.gov/vuln/detail/CVE-2020-6523
110 [ 19 ] CVE-2020-6524
111 https://nvd.nist.gov/vuln/detail/CVE-2020-6524
112 [ 20 ] CVE-2020-6525
113 https://nvd.nist.gov/vuln/detail/CVE-2020-6525
114 [ 21 ] CVE-2020-6526
115 https://nvd.nist.gov/vuln/detail/CVE-2020-6526
116 [ 22 ] CVE-2020-6527
117 https://nvd.nist.gov/vuln/detail/CVE-2020-6527
118 [ 23 ] CVE-2020-6528
119 https://nvd.nist.gov/vuln/detail/CVE-2020-6528
120 [ 24 ] CVE-2020-6529
121 https://nvd.nist.gov/vuln/detail/CVE-2020-6529
122 [ 25 ] CVE-2020-6530
123 https://nvd.nist.gov/vuln/detail/CVE-2020-6530
124 [ 26 ] CVE-2020-6531
125 https://nvd.nist.gov/vuln/detail/CVE-2020-6531
126 [ 27 ] CVE-2020-6533
127 https://nvd.nist.gov/vuln/detail/CVE-2020-6533
128 [ 28 ] CVE-2020-6534
129 https://nvd.nist.gov/vuln/detail/CVE-2020-6534
130 [ 29 ] CVE-2020-6535
131 https://nvd.nist.gov/vuln/detail/CVE-2020-6535
132 [ 30 ] CVE-2020-6536
133 https://nvd.nist.gov/vuln/detail/CVE-2020-6536
134
135 Availability
136 ============
137
138 This GLSA and any updates to it are available for viewing at
139 the Gentoo Security Website:
140
141 https://security.gentoo.org/glsa/202007-08
142
143 Concerns?
144 =========
145
146 Security is a primary focus of Gentoo Linux and ensuring the
147 confidentiality and security of our users' machines is of utmost
148 importance to us. Any security concerns should be addressed to
149 security@g.o or alternatively, you may file a bug at
150 https://bugs.gentoo.org.
151
152 License
153 =======
154
155 Copyright 2020 Gentoo Foundation, Inc; referenced text
156 belongs to its owner(s).
157
158 The contents of this document are licensed under the
159 Creative Commons - Attribution / Share Alike license.
160
161 https://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature
Report Message
Find on MARC Find on Google Groups