Gentoo Archives: gentoo-announce

From: Sam James <sam@g.o>
To: gentoo-announce@l.g.o
Subject: [gentoo-announce] [ GLSA 202011-12 ] Chromium, Google Chrome: Multiple vulnerabilities
Date: Wed, 11 Nov 2020 04:03:02
Message-Id: EC0D166C-89C7-429D-9BF8-D54D3063D962@gentoo.org
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 202011-12
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 https://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: Normal
8 Title: Chromium, Google Chrome: Multiple vulnerabilities
9 Date: November 11, 2020
10 Bugs: #750854, #752375, #753848
11 ID: 202011-12
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Multiple vulnerabilities have been found in Chromium and Google Chrome,
19 the worst of which could result in the arbitrary execution of code.
20
21 Background
22 ==========
23
24 Chromium is an open-source browser project that aims to build a safer,
25 faster, and more stable way for all users to experience the web.
26
27 Google Chrome is one fast, simple, and secure browser for all your
28 devices.
29
30 Affected packages
31 =================
32
33 -------------------------------------------------------------------
34 Package / Vulnerable / Unaffected
35 -------------------------------------------------------------------
36 1 www-client/chromium < 86.0.4240.193 >= 86.0.4240.193
37 2 www-client/google-chrome
38 < 86.0.4240.193 >= 86.0.4240.193
39 -------------------------------------------------------------------
40 2 affected packages
41
42 Description
43 ===========
44
45 Multiple vulnerabilities have been discovered in Chromium and Google
46 Chrome. Please review the CVE identifiers referenced below for details.
47
48 Impact
49 ======
50
51 Please review the referenced CVE identifiers for details.
52
53 Workaround
54 ==========
55
56 There is no known workaround at this time.
57
58 Resolution
59 ==========
60
61 All Chromium users should upgrade to the latest version:
62
63 # emerge --sync
64 # emerge --ask --oneshot -v ">=www-client/chromium-86.0.4240.193"
65
66 All Google Chrome users should upgrade to the latest version:
67
68 # emerge --sync
69 # emerge -a --oneshot -v ">=www-client/google-chrome-86.0.4240.193"
70
71 References
72 ==========
73
74 [ 1 ] CVE-2020-15999
75 https://nvd.nist.gov/vuln/detail/CVE-2020-15999
76 [ 2 ] CVE-2020-16004
77 https://nvd.nist.gov/vuln/detail/CVE-2020-16004
78 [ 3 ] CVE-2020-16005
79 https://nvd.nist.gov/vuln/detail/CVE-2020-16005
80 [ 4 ] CVE-2020-16006
81 https://nvd.nist.gov/vuln/detail/CVE-2020-16006
82 [ 5 ] CVE-2020-16008
83 https://nvd.nist.gov/vuln/detail/CVE-2020-16008
84 [ 6 ] CVE-2020-16009
85 https://nvd.nist.gov/vuln/detail/CVE-2020-16009
86 [ 7 ] CVE-2020-16016
87 https://nvd.nist.gov/vuln/detail/CVE-2020-16016
88
89 Availability
90 ============
91
92 This GLSA and any updates to it are available for viewing at
93 the Gentoo Security Website:
94
95 https://security.gentoo.org/glsa/202011-12
96
97 Concerns?
98 =========
99
100 Security is a primary focus of Gentoo Linux and ensuring the
101 confidentiality and security of our users' machines is of utmost
102 importance to us. Any security concerns should be addressed to
103 security@g.o or alternatively, you may file a bug at
104 https://bugs.gentoo.org.
105
106 License
107 =======
108
109 Copyright 2020 Gentoo Foundation, Inc; referenced text
110 belongs to its owner(s).
111
112 The contents of this document are licensed under the
113 Creative Commons - Attribution / Share Alike license.
114
115 https://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature