MGASA-2020-0123 - Updated chromium-browser-stable packages fix security vulnerabilities

Publication date: 06 Mar 2020
URL: https://advisories.mageia.org/MGASA-2020-0123.html
Type: security
Affected Mageia releases: 7
CVE: CVE-2019-19923,
     CVE-2019-19925,
     CVE-2019-19926,
     CVE-2020-6381,
     CVE-2020-6382,
     CVE-2020-6383,
     CVE-2020-6384,
     CVE-2020-6385,
     CVE-2020-6386,
     CVE-2020-6387,
     CVE-2020-6388,
     CVE-2020-6389,
     CVE-2020-6390,
     CVE-2020-6391,
     CVE-2020-6392,
     CVE-2020-6393,
     CVE-2020-6394,
     CVE-2020-6395,
     CVE-2020-6396,
     CVE-2020-6397,
     CVE-2020-6398,
     CVE-2020-6399,
     CVE-2020-6400,
     CVE-2020-6401,
     CVE-2020-6402,
     CVE-2020-6403,
     CVE-2020-6404,
     CVE-2020-6405,
     CVE-2020-6406,
     CVE-2020-6407,
     CVE-2020-6408,
     CVE-2020-6409,
     CVE-2020-6410,
     CVE-2020-6411,
     CVE-2020-6412,
     CVE-2020-6413,
     CVE-2020-6414,
     CVE-2020-6415,
     CVE-2020-6416,
     CVE-2020-6418,
     CVE-2019-1819

Chromium-browser 80.0.3987.122 fixes security issues:

Multiple flaws were found in the way Chromium 79.0.3945.130 processes
various types of web content, where loading a web page containing malicious
content could cause Chromium to crash, execute arbitrary code, or disclose
sensitive information. (CVE-2020-6381, CVE-2020-6382, CVE-2020-6383,
CVE-2020-6384, CVE-2020-6385, CVE-2020-6386, CVE-2020-6387, CVE-2020-6388,
CVE-2020-6389, CVE-2020-6390, CVE-2020-6391, CVE-2020-6392, CVE-2020-6393,
CVE-2020-6394, CVE-2020-6395, CVE-2020-6396, CVE-2020-6397, CVE-2020-6398,
CVE-2020-6399, CVE-2020-6400, CVE-2020-6401, CVE-2020-6402, CVE-2020-6403,
CVE-2020-6404, CVE-2020-6405, CVE-2020-6406, CVE-2020-6407, CVE-2020-6408,
CVE-2020-6409, CVE-2020-6410, CVE-2020-6411, CVE-2020-6412, CVE-2020-6413,
CVE-2020-6414, CVE-2020-6415, CVE-2020-6416, CVE-2020-6418, CVE-2019-18197,
CVE-2019-19923, CVE-2019-19925, CVE-2019-19926)

Upstream chromium 80.0.3987.122 also includes a fix for an integer overflow
issue in ICU. Since the chromium-browser-stable package is linked against
the icu packages instead of using the ICU source code bundled with chromium
upstream, this issue is fixed in the icu package.

References:
- https://bugs.mageia.org/show_bug.cgi?id=26269
- https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html
- https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_11.html
- https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_13.html
- https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_18.html
- https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_24.html
- https://unicode-org.atlassian.net/browse/ICU-20958
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19923
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19925
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19926
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6381
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6382
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6383
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6384
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6385
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6386
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6387
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6388
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6389
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6390
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6391
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6392
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6393
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6394
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6395
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6396
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6397
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6398
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6399
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6400
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6401
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6402
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6403
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6404
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6405
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6406
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6407
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6408
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6409
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6410
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6411
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6412
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6413
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6414
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6415
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6416
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6418
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1819

SRPMS:
- 7/core/chromium-browser-stable-80.0.3987.122-1.mga7
- 7/core/icu-63.1-1.2.mga7

Mageia 2020-0123: chromium-browser-stable security update

Chromium-browser 80.0.3987.122 fixes security issues: Multiple flaws were found in the way Chromium 79.0.3945.130 processes various types of web content, where loading a web page ...

Summary

Chromium-browser 80.0.3987.122 fixes security issues:
Multiple flaws were found in the way Chromium 79.0.3945.130 processes various types of web content, where loading a web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information. (CVE-2020-6381, CVE-2020-6382, CVE-2020-6383, CVE-2020-6384, CVE-2020-6385, CVE-2020-6386, CVE-2020-6387, CVE-2020-6388, CVE-2020-6389, CVE-2020-6390, CVE-2020-6391, CVE-2020-6392, CVE-2020-6393, CVE-2020-6394, CVE-2020-6395, CVE-2020-6396, CVE-2020-6397, CVE-2020-6398, CVE-2020-6399, CVE-2020-6400, CVE-2020-6401, CVE-2020-6402, CVE-2020-6403, CVE-2020-6404, CVE-2020-6405, CVE-2020-6406, CVE-2020-6407, CVE-2020-6408, CVE-2020-6409, CVE-2020-6410, CVE-2020-6411, CVE-2020-6412, CVE-2020-6413, CVE-2020-6414, CVE-2020-6415, CVE-2020-6416, CVE-2020-6418, CVE-2019-18197, CVE-2019-19923, CVE-2019-19925, CVE-2019-19926)
Upstream chromium 80.0.3987.122 also includes a fix for an integer overflow issue in ICU. Since the chromium-browser-stable package is linked against the icu packages instead of using the ICU source code bundled with chromium upstream, this issue is fixed in the icu package.

References

- https://bugs.mageia.org/show_bug.cgi?id=26269

- https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html

- https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_11.html

- https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_13.html

- https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_18.html

- https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_24.html

- https://unicode-org.atlassian.net/browse/ICU-20958

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19923

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19925

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19926

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6381

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6382

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6383

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6384

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6385

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6386

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6387

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6388

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6389

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6390

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6391

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6392

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6393

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6394

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6395

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6396

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6397

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6398

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6399

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6400

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6401

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6402

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6403

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6404

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6405

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6406

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6407

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6408

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6409

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6410

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6411

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6412

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6413

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6414

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6415

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6416

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6418

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1819

Resolution

MGASA-2020-0123 - Updated chromium-browser-stable packages fix security vulnerabilities

SRPMS

- 7/core/chromium-browser-stable-80.0.3987.122-1.mga7

- 7/core/icu-63.1-1.2.mga7

Severity
Publication date: 06 Mar 2020
URL: https://advisories.mageia.org/MGASA-2020-0123.html
Type: security
CVE: CVE-2019-19923, CVE-2019-19925, CVE-2019-19926, CVE-2020-6381, CVE-2020-6382, CVE-2020-6383, CVE-2020-6384, CVE-2020-6385, CVE-2020-6386, CVE-2020-6387, CVE-2020-6388, CVE-2020-6389, CVE-2020-6390, CVE-2020-6391, CVE-2020-6392, CVE-2020-6393, CVE-2020-6394, CVE-2020-6395, CVE-2020-6396, CVE-2020-6397, CVE-2020-6398, CVE-2020-6399, CVE-2020-6400, CVE-2020-6401, CVE-2020-6402, CVE-2020-6403, CVE-2020-6404, CVE-2020-6405, CVE-2020-6406, CVE-2020-6407, CVE-2020-6408, CVE-2020-6409, CVE-2020-6410, CVE-2020-6411, CVE-2020-6412, CVE-2020-6413, CVE-2020-6414, CVE-2020-6415, CVE-2020-6416, CVE-2020-6418, CVE-2019-1819

Related News

23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved