Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-announce

From: Aaron Bauman <bman@g.o>
To: gentoo-announce@l.g.o
Subject: [gentoo-announce] [ GLSA 201911-06 ] Chromium, Google Chrome: Multiple vulnerabilities
Date: Mon, 25 Nov 2019 00:23:48
Message-Id: 20191125001427.GE6630@bubba.lan
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 201911-06
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 https://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: Normal
8 Title: Chromium, Google Chrome: Multiple vulnerabilities
9 Date: November 25, 2019
10 Bugs: #692916, #694002, #694954, #697506, #698398, #699068
11 ID: 201911-06
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Multiple vulnerabilities have been found in Chromium and Google Chrome,
19 the worst of which could result in the arbitrary execution of code.
20
21 Background
22 ==========
23
24 Chromium is an open-source browser project that aims to build a safer,
25 faster, and more stable way for all users to experience the web.
26
27 Google Chrome is one fast, simple, and secure browser for all your
28 devices.
29
30 Affected packages
31 =================
32
33 -------------------------------------------------------------------
34 Package / Vulnerable / Unaffected
35 -------------------------------------------------------------------
36 1 www-client/chromium < 78.0.3904.87 >= 78.0.3904.87
37 2 www-client/google-chrome
38 < 78.0.3904.87 >= 78.0.3904.87
39 -------------------------------------------------------------------
40 2 affected packages
41
42 Description
43 ===========
44
45 Multiple vulnerabilities have been discovered in Chromium and Google
46 Chrome. Please review the CVE identifiers referenced below for details.
47
48 Impact
49 ======
50
51 Please review the referenced CVE identifiers for details.
52
53 Workaround
54 ==========
55
56 There is no known workaround at this time.
57
58 Resolution
59 ==========
60
61 All Chromium users should upgrade to the latest version:
62
63 # emerge --sync
64 # emerge --ask --oneshot -v ">=www-client/chromium-78.0.3904.87"
65
66 All Google Chrome users should upgrade to the latest version:
67
68 # emerge --sync
69 # emerge --ask --oneshot -v ">=www-client/google-chrome-78.0.3904.87"
70
71 References
72 ==========
73
74 [ 1 ] CVE-2019-13659
75 https://nvd.nist.gov/vuln/detail/CVE-2019-13659
76 [ 2 ] CVE-2019-13660
77 https://nvd.nist.gov/vuln/detail/CVE-2019-13660
78 [ 3 ] CVE-2019-13661
79 https://nvd.nist.gov/vuln/detail/CVE-2019-13661
80 [ 4 ] CVE-2019-13662
81 https://nvd.nist.gov/vuln/detail/CVE-2019-13662
82 [ 5 ] CVE-2019-13663
83 https://nvd.nist.gov/vuln/detail/CVE-2019-13663
84 [ 6 ] CVE-2019-13664
85 https://nvd.nist.gov/vuln/detail/CVE-2019-13664
86 [ 7 ] CVE-2019-13665
87 https://nvd.nist.gov/vuln/detail/CVE-2019-13665
88 [ 8 ] CVE-2019-13666
89 https://nvd.nist.gov/vuln/detail/CVE-2019-13666
90 [ 9 ] CVE-2019-13667
91 https://nvd.nist.gov/vuln/detail/CVE-2019-13667
92 [ 10 ] CVE-2019-13668
93 https://nvd.nist.gov/vuln/detail/CVE-2019-13668
94 [ 11 ] CVE-2019-13669
95 https://nvd.nist.gov/vuln/detail/CVE-2019-13669
96 [ 12 ] CVE-2019-13670
97 https://nvd.nist.gov/vuln/detail/CVE-2019-13670
98 [ 13 ] CVE-2019-13671
99 https://nvd.nist.gov/vuln/detail/CVE-2019-13671
100 [ 14 ] CVE-2019-13673
101 https://nvd.nist.gov/vuln/detail/CVE-2019-13673
102 [ 15 ] CVE-2019-13674
103 https://nvd.nist.gov/vuln/detail/CVE-2019-13674
104 [ 16 ] CVE-2019-13675
105 https://nvd.nist.gov/vuln/detail/CVE-2019-13675
106 [ 17 ] CVE-2019-13676
107 https://nvd.nist.gov/vuln/detail/CVE-2019-13676
108 [ 18 ] CVE-2019-13677
109 https://nvd.nist.gov/vuln/detail/CVE-2019-13677
110 [ 19 ] CVE-2019-13678
111 https://nvd.nist.gov/vuln/detail/CVE-2019-13678
112 [ 20 ] CVE-2019-13679
113 https://nvd.nist.gov/vuln/detail/CVE-2019-13679
114 [ 21 ] CVE-2019-13680
115 https://nvd.nist.gov/vuln/detail/CVE-2019-13680
116 [ 22 ] CVE-2019-13681
117 https://nvd.nist.gov/vuln/detail/CVE-2019-13681
118 [ 23 ] CVE-2019-13682
119 https://nvd.nist.gov/vuln/detail/CVE-2019-13682
120 [ 24 ] CVE-2019-13683
121 https://nvd.nist.gov/vuln/detail/CVE-2019-13683
122 [ 25 ] CVE-2019-13685
123 https://nvd.nist.gov/vuln/detail/CVE-2019-13685
124 [ 26 ] CVE-2019-13686
125 https://nvd.nist.gov/vuln/detail/CVE-2019-13686
126 [ 27 ] CVE-2019-13687
127 https://nvd.nist.gov/vuln/detail/CVE-2019-13687
128 [ 28 ] CVE-2019-13688
129 https://nvd.nist.gov/vuln/detail/CVE-2019-13688
130 [ 29 ] CVE-2019-13693
131 https://nvd.nist.gov/vuln/detail/CVE-2019-13693
132 [ 30 ] CVE-2019-13694
133 https://nvd.nist.gov/vuln/detail/CVE-2019-13694
134 [ 31 ] CVE-2019-13695
135 https://nvd.nist.gov/vuln/detail/CVE-2019-13695
136 [ 32 ] CVE-2019-13696
137 https://nvd.nist.gov/vuln/detail/CVE-2019-13696
138 [ 33 ] CVE-2019-13697
139 https://nvd.nist.gov/vuln/detail/CVE-2019-13697
140 [ 34 ] CVE-2019-13699
141 https://nvd.nist.gov/vuln/detail/CVE-2019-13699
142 [ 35 ] CVE-2019-13700
143 https://nvd.nist.gov/vuln/detail/CVE-2019-13700
144 [ 36 ] CVE-2019-13701
145 https://nvd.nist.gov/vuln/detail/CVE-2019-13701
146 [ 37 ] CVE-2019-13703
147 https://nvd.nist.gov/vuln/detail/CVE-2019-13703
148 [ 38 ] CVE-2019-13704
149 https://nvd.nist.gov/vuln/detail/CVE-2019-13704
150 [ 39 ] CVE-2019-13705
151 https://nvd.nist.gov/vuln/detail/CVE-2019-13705
152 [ 40 ] CVE-2019-13706
153 https://nvd.nist.gov/vuln/detail/CVE-2019-13706
154 [ 41 ] CVE-2019-13707
155 https://nvd.nist.gov/vuln/detail/CVE-2019-13707
156 [ 42 ] CVE-2019-13708
157 https://nvd.nist.gov/vuln/detail/CVE-2019-13708
158 [ 43 ] CVE-2019-13709
159 https://nvd.nist.gov/vuln/detail/CVE-2019-13709
160 [ 44 ] CVE-2019-13710
161 https://nvd.nist.gov/vuln/detail/CVE-2019-13710
162 [ 45 ] CVE-2019-13711
163 https://nvd.nist.gov/vuln/detail/CVE-2019-13711
164 [ 46 ] CVE-2019-13713
165 https://nvd.nist.gov/vuln/detail/CVE-2019-13713
166 [ 47 ] CVE-2019-13714
167 https://nvd.nist.gov/vuln/detail/CVE-2019-13714
168 [ 48 ] CVE-2019-13715
169 https://nvd.nist.gov/vuln/detail/CVE-2019-13715
170 [ 49 ] CVE-2019-13716
171 https://nvd.nist.gov/vuln/detail/CVE-2019-13716
172 [ 50 ] CVE-2019-13717
173 https://nvd.nist.gov/vuln/detail/CVE-2019-13717
174 [ 51 ] CVE-2019-13718
175 https://nvd.nist.gov/vuln/detail/CVE-2019-13718
176 [ 52 ] CVE-2019-13719
177 https://nvd.nist.gov/vuln/detail/CVE-2019-13719
178 [ 53 ] CVE-2019-13721
179 https://nvd.nist.gov/vuln/detail/CVE-2019-13721
180 [ 54 ] CVE-2019-5869
181 https://nvd.nist.gov/vuln/detail/CVE-2019-5869
182 [ 55 ] CVE-2019-5870
183 https://nvd.nist.gov/vuln/detail/CVE-2019-5870
184 [ 56 ] CVE-2019-5871
185 https://nvd.nist.gov/vuln/detail/CVE-2019-5871
186 [ 57 ] CVE-2019-5872
187 https://nvd.nist.gov/vuln/detail/CVE-2019-5872
188 [ 58 ] CVE-2019-5873
189 https://nvd.nist.gov/vuln/detail/CVE-2019-5873
190 [ 59 ] CVE-2019-5874
191 https://nvd.nist.gov/vuln/detail/CVE-2019-5874
192 [ 60 ] CVE-2019-5875
193 https://nvd.nist.gov/vuln/detail/CVE-2019-5875
194 [ 61 ] CVE-2019-5876
195 https://nvd.nist.gov/vuln/detail/CVE-2019-5876
196 [ 62 ] CVE-2019-5877
197 https://nvd.nist.gov/vuln/detail/CVE-2019-5877
198 [ 63 ] CVE-2019-5878
199 https://nvd.nist.gov/vuln/detail/CVE-2019-5878
200 [ 64 ] CVE-2019-5879
201 https://nvd.nist.gov/vuln/detail/CVE-2019-5879
202 [ 65 ] CVE-2019-5880
203 https://nvd.nist.gov/vuln/detail/CVE-2019-5880
204 [ 66 ] CVE-2019-5881
205 https://nvd.nist.gov/vuln/detail/CVE-2019-5881
206
207 Availability
208 ============
209
210 This GLSA and any updates to it are available for viewing at
211 the Gentoo Security Website:
212
213 https://security.gentoo.org/glsa/201911-06
214
215 Concerns?
216 =========
217
218 Security is a primary focus of Gentoo Linux and ensuring the
219 confidentiality and security of our users' machines is of utmost
220 importance to us. Any security concerns should be addressed to
221 security@g.o or alternatively, you may file a bug at
222 https://bugs.gentoo.org.
223
224 License
225 =======
226
227 Copyright 2019 Gentoo Foundation, Inc; referenced text
228 belongs to its owner(s).
229
230 The contents of this document are licensed under the
231 Creative Commons - Attribution / Share Alike license.
232
233 https://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature
Report Message
Find on MARC Find on Google Groups