Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-announce

From: Sam James <sam@g.o>
To: gentoo-announce@l.g.o
Subject: [gentoo-announce] [ GLSA 202010-01 ] Chromium, Google Chrome: Multiple vulnerabilities
Date: Sat, 17 Oct 2020 09:08:30
Message-Id: 565A5564-7E2A-4471-A484-E8F3844D7E63@gentoo.org
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 202010-01
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 https://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: Normal
8 Title: Chromium, Google Chrome: Multiple vulnerabilities
9 Date: October 17, 2020
10 Bugs: #747013
11 ID: 202010-01
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Multiple vulnerabilities have been found in Chromium and Google Chrome,
19 the worst of which could result in the arbitrary execution of code.
20
21 Background
22 ==========
23
24 Chromium is an open-source browser project that aims to build a safer,
25 faster, and more stable way for all users to experience the web.
26
27 Google Chrome is one fast, simple, and secure browser for all your
28 devices.
29
30 Affected packages
31 =================
32
33 -------------------------------------------------------------------
34 Package / Vulnerable / Unaffected
35 -------------------------------------------------------------------
36 1 www-client/chromium < 86.0.4240.75 >= 86.0.4240.75
37 2 www-client/google-chrome
38 < 86.0.4240.75 >= 86.0.4240.75
39 -------------------------------------------------------------------
40 2 affected packages
41
42 Description
43 ===========
44
45 Multiple vulnerabilities have been discovered in Chromium and Google
46 Chrome. Please review the CVE identifiers referenced below for details.
47
48 Impact
49 ======
50
51 Please review the referenced CVE identifiers for details.
52
53 Workaround
54 ==========
55
56 There is no known workaround at this time.
57
58 Resolution
59 ==========
60
61 All Chromium users should upgrade to the latest version:
62
63 # emerge --sync
64 # emerge --ask --oneshot -v ">=www-client/chromium-86.0.4240.75"
65
66 All Google Chrome users should upgrade to the latest version:
67
68 # emerge --sync
69 # emerge --ask --oneshot -v ">=www-client/google-chrome-86.0.4240.75"
70
71 References
72 ==========
73
74 [ 1 ] CVE-2020-15967
75 https://nvd.nist.gov/vuln/detail/CVE-2020-15967
76 [ 2 ] CVE-2020-15968
77 https://nvd.nist.gov/vuln/detail/CVE-2020-15968
78 [ 3 ] CVE-2020-15969
79 https://nvd.nist.gov/vuln/detail/CVE-2020-15969
80 [ 4 ] CVE-2020-15970
81 https://nvd.nist.gov/vuln/detail/CVE-2020-15970
82 [ 5 ] CVE-2020-15971
83 https://nvd.nist.gov/vuln/detail/CVE-2020-15971
84 [ 6 ] CVE-2020-15972
85 https://nvd.nist.gov/vuln/detail/CVE-2020-15972
86 [ 7 ] CVE-2020-15973
87 https://nvd.nist.gov/vuln/detail/CVE-2020-15973
88 [ 8 ] CVE-2020-15974
89 https://nvd.nist.gov/vuln/detail/CVE-2020-15974
90 [ 9 ] CVE-2020-15975
91 https://nvd.nist.gov/vuln/detail/CVE-2020-15975
92 [ 10 ] CVE-2020-15976
93 https://nvd.nist.gov/vuln/detail/CVE-2020-15976
94 [ 11 ] CVE-2020-15977
95 https://nvd.nist.gov/vuln/detail/CVE-2020-15977
96 [ 12 ] CVE-2020-15978
97 https://nvd.nist.gov/vuln/detail/CVE-2020-15978
98 [ 13 ] CVE-2020-15979
99 https://nvd.nist.gov/vuln/detail/CVE-2020-15979
100 [ 14 ] CVE-2020-15980
101 https://nvd.nist.gov/vuln/detail/CVE-2020-15980
102 [ 15 ] CVE-2020-15981
103 https://nvd.nist.gov/vuln/detail/CVE-2020-15981
104 [ 16 ] CVE-2020-15982
105 https://nvd.nist.gov/vuln/detail/CVE-2020-15982
106 [ 17 ] CVE-2020-15983
107 https://nvd.nist.gov/vuln/detail/CVE-2020-15983
108 [ 18 ] CVE-2020-15984
109 https://nvd.nist.gov/vuln/detail/CVE-2020-15984
110 [ 19 ] CVE-2020-15985
111 https://nvd.nist.gov/vuln/detail/CVE-2020-15985
112 [ 20 ] CVE-2020-15986
113 https://nvd.nist.gov/vuln/detail/CVE-2020-15986
114 [ 21 ] CVE-2020-15987
115 https://nvd.nist.gov/vuln/detail/CVE-2020-15987
116 [ 22 ] CVE-2020-15988
117 https://nvd.nist.gov/vuln/detail/CVE-2020-15988
118 [ 23 ] CVE-2020-15989
119 https://nvd.nist.gov/vuln/detail/CVE-2020-15989
120 [ 24 ] CVE-2020-15990
121 https://nvd.nist.gov/vuln/detail/CVE-2020-15990
122 [ 25 ] CVE-2020-15991
123 https://nvd.nist.gov/vuln/detail/CVE-2020-15991
124 [ 26 ] CVE-2020-15992
125 https://nvd.nist.gov/vuln/detail/CVE-2020-15992
126 [ 27 ] CVE-2020-6557
127 https://nvd.nist.gov/vuln/detail/CVE-2020-6557
128
129 Availability
130 ============
131
132 This GLSA and any updates to it are available for viewing at
133 the Gentoo Security Website:
134
135 https://security.gentoo.org/glsa/202010-01
136
137 Concerns?
138 =========
139
140 Security is a primary focus of Gentoo Linux and ensuring the
141 confidentiality and security of our users' machines is of utmost
142 importance to us. Any security concerns should be addressed to
143 security@g.o or alternatively, you may file a bug at
144 https://bugs.gentoo.org.
145
146 License
147 =======
148
149 Copyright 2020 Gentoo Foundation, Inc; referenced text
150 belongs to its owner(s).
151
152 The contents of this document are licensed under the
153 Creative Commons - Attribution / Share Alike license.
154
155 https://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature
Report Message
Find on MARC Find on Google Groups