Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-announce

From: Aaron Bauman <bman@g.o>
To: gentoo-announce@l.g.o
Subject: [gentoo-announce] [ GLSA 202006-02 ] Chromium, Google Chrome: Multiple vulnerabilities
Date: Sat, 13 Jun 2020 01:43:48
Message-Id: 20200613010143.GA17996@bubba
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 202006-02
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 https://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: Normal
8 Title: Chromium, Google Chrome: Multiple vulnerabilities
9 Date: June 10, 2020
10 Bugs: #724008
11 ID: 202006-02
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Multiple vulnerabilities have been found in Chromium and Google Chrome,
19 the worst of which could result in the arbitrary execution of code.
20
21 Background
22 ==========
23
24 Chromium is an open-source browser project that aims to build a safer,
25 faster, and more stable way for all users to experience the web.
26
27 Google Chrome is one fast, simple, and secure browser for all your
28 devices.
29
30 Affected packages
31 =================
32
33 -------------------------------------------------------------------
34 Package / Vulnerable / Unaffected
35 -------------------------------------------------------------------
36 1 www-client/chromium < 83.0.4103.97 >= 83.0.4103.97
37 2 www-client/google-chrome
38 < 83.0.4103.97 >= 83.0.4103.97
39 -------------------------------------------------------------------
40 2 affected packages
41
42 Description
43 ===========
44
45 Multiple vulnerabilities have been discovered in Chromium and Google
46 Chrome. Please review the CVE identifiers referenced below for details.
47
48 Impact
49 ======
50
51 Please review the referenced CVE identifiers for details.
52
53 Workaround
54 ==========
55
56 There is no known workaround at this time.
57
58 Resolution
59 ==========
60
61 All chromium users should upgrade to the latest version:
62
63 # emerge --sync
64 # emerge --ask --oneshot -v ">=www-client/chromium-83.0.4103.97"
65
66 All google-chrome users should upgrade to the latest version:
67
68 # emerge --sync
69 # emerge --ask --oneshot -v ">=www-client/google-chrome-83.0.4103.97"
70
71 References
72 ==========
73
74 [ 1 ] CVE-2020-6465
75 https://nvd.nist.gov/vuln/detail/CVE-2020-6465
76 [ 2 ] CVE-2020-6466
77 https://nvd.nist.gov/vuln/detail/CVE-2020-6466
78 [ 3 ] CVE-2020-6467
79 https://nvd.nist.gov/vuln/detail/CVE-2020-6467
80 [ 4 ] CVE-2020-6468
81 https://nvd.nist.gov/vuln/detail/CVE-2020-6468
82 [ 5 ] CVE-2020-6469
83 https://nvd.nist.gov/vuln/detail/CVE-2020-6469
84 [ 6 ] CVE-2020-6470
85 https://nvd.nist.gov/vuln/detail/CVE-2020-6470
86 [ 7 ] CVE-2020-6471
87 https://nvd.nist.gov/vuln/detail/CVE-2020-6471
88 [ 8 ] CVE-2020-6472
89 https://nvd.nist.gov/vuln/detail/CVE-2020-6472
90 [ 9 ] CVE-2020-6473
91 https://nvd.nist.gov/vuln/detail/CVE-2020-6473
92 [ 10 ] CVE-2020-6474
93 https://nvd.nist.gov/vuln/detail/CVE-2020-6474
94 [ 11 ] CVE-2020-6475
95 https://nvd.nist.gov/vuln/detail/CVE-2020-6475
96 [ 12 ] CVE-2020-6476
97 https://nvd.nist.gov/vuln/detail/CVE-2020-6476
98 [ 13 ] CVE-2020-6477
99 https://nvd.nist.gov/vuln/detail/CVE-2020-6477
100 [ 14 ] CVE-2020-6478
101 https://nvd.nist.gov/vuln/detail/CVE-2020-6478
102 [ 15 ] CVE-2020-6479
103 https://nvd.nist.gov/vuln/detail/CVE-2020-6479
104 [ 16 ] CVE-2020-6480
105 https://nvd.nist.gov/vuln/detail/CVE-2020-6480
106 [ 17 ] CVE-2020-6481
107 https://nvd.nist.gov/vuln/detail/CVE-2020-6481
108 [ 18 ] CVE-2020-6482
109 https://nvd.nist.gov/vuln/detail/CVE-2020-6482
110 [ 19 ] CVE-2020-6483
111 https://nvd.nist.gov/vuln/detail/CVE-2020-6483
112 [ 20 ] CVE-2020-6484
113 https://nvd.nist.gov/vuln/detail/CVE-2020-6484
114 [ 21 ] CVE-2020-6485
115 https://nvd.nist.gov/vuln/detail/CVE-2020-6485
116 [ 22 ] CVE-2020-6486
117 https://nvd.nist.gov/vuln/detail/CVE-2020-6486
118 [ 23 ] CVE-2020-6487
119 https://nvd.nist.gov/vuln/detail/CVE-2020-6487
120 [ 24 ] CVE-2020-6488
121 https://nvd.nist.gov/vuln/detail/CVE-2020-6488
122 [ 25 ] CVE-2020-6489
123 https://nvd.nist.gov/vuln/detail/CVE-2020-6489
124 [ 26 ] CVE-2020-6490
125 https://nvd.nist.gov/vuln/detail/CVE-2020-6490
126 [ 27 ] CVE-2020-6491
127 https://nvd.nist.gov/vuln/detail/CVE-2020-6491
128 [ 28 ] CVE-2020-6493
129 https://nvd.nist.gov/vuln/detail/CVE-2020-6493
130 [ 29 ] CVE-2020-6494
131 https://nvd.nist.gov/vuln/detail/CVE-2020-6494
132 [ 30 ] CVE-2020-6495
133 https://nvd.nist.gov/vuln/detail/CVE-2020-6495
134 [ 31 ] CVE-2020-6496
135 https://nvd.nist.gov/vuln/detail/CVE-2020-6496
136
137 Availability
138 ============
139
140 This GLSA and any updates to it are available for viewing at
141 the Gentoo Security Website:
142
143 https://security.gentoo.org/glsa/202006-02
144
145 Concerns?
146 =========
147
148 Security is a primary focus of Gentoo Linux and ensuring the
149 confidentiality and security of our users' machines is of utmost
150 importance to us. Any security concerns should be addressed to
151 security@g.o or alternatively, you may file a bug at
152 https://bugs.gentoo.org.
153
154 License
155 =======
156
157 Copyright 2020 Gentoo Foundation, Inc; referenced text
158 belongs to its owner(s).
159
160 The contents of this document are licensed under the
161 Creative Commons - Attribution / Share Alike license.
162
163 https://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature
Report Message
Find on MARC Find on Google Groups