MGASA-2020-0123 - Updated chromium-browser-stable packages fix security vulnerabilities

Publication date: 06 Mar 2020
URL: https://advisories.mageia.org/MGASA-2020-0123.html
Type: security
Affected Mageia releases: 7
CVE: CVE-2019-19923,
     CVE-2019-19925,
     CVE-2019-19926,
     CVE-2020-6381,
     CVE-2020-6382,
     CVE-2020-6383,
     CVE-2020-6384,
     CVE-2020-6385,
     CVE-2020-6386,
     CVE-2020-6387,
     CVE-2020-6388,
     CVE-2020-6389,
     CVE-2020-6390,
     CVE-2020-6391,
     CVE-2020-6392,
     CVE-2020-6393,
     CVE-2020-6394,
     CVE-2020-6395,
     CVE-2020-6396,
     CVE-2020-6397,
     CVE-2020-6398,
     CVE-2020-6399,
     CVE-2020-6400,
     CVE-2020-6401,
     CVE-2020-6402,
     CVE-2020-6403,
     CVE-2020-6404,
     CVE-2020-6405,
     CVE-2020-6406,
     CVE-2020-6407,
     CVE-2020-6408,
     CVE-2020-6409,
     CVE-2020-6410,
     CVE-2020-6411,
     CVE-2020-6412,
     CVE-2020-6413,
     CVE-2020-6414,
     CVE-2020-6415,
     CVE-2020-6416,
     CVE-2020-6418,
     CVE-2019-1819

Chromium-browser 80.0.3987.122 fixes security issues:

Multiple flaws were found in the way Chromium 79.0.3945.130 processes
various types of web content, where loading a web page containing malicious
content could cause Chromium to crash, execute arbitrary code, or disclose
sensitive information. (CVE-2020-6381, CVE-2020-6382, CVE-2020-6383,
CVE-2020-6384, CVE-2020-6385, CVE-2020-6386, CVE-2020-6387, CVE-2020-6388,
CVE-2020-6389, CVE-2020-6390, CVE-2020-6391, CVE-2020-6392, CVE-2020-6393,
CVE-2020-6394, CVE-2020-6395, CVE-2020-6396, CVE-2020-6397, CVE-2020-6398,
CVE-2020-6399, CVE-2020-6400, CVE-2020-6401, CVE-2020-6402, CVE-2020-6403,
CVE-2020-6404, CVE-2020-6405, CVE-2020-6406, CVE-2020-6407, CVE-2020-6408,
CVE-2020-6409, CVE-2020-6410, CVE-2020-6411, CVE-2020-6412, CVE-2020-6413,
CVE-2020-6414, CVE-2020-6415, CVE-2020-6416, CVE-2020-6418, CVE-2019-18197,
CVE-2019-19923, CVE-2019-19925, CVE-2019-19926)

Upstream chromium 80.0.3987.122 also includes a fix for an integer overflow
issue in ICU. Since the chromium-browser-stable package is linked against
the icu packages instead of using the ICU source code bundled with chromium
upstream, this issue is fixed in the icu package.

References:
- https://bugs.mageia.org/show_bug.cgi?id=26269
- https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html
- https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_11.html
- https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_13.html
- https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_18.html
- https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_24.html
- https://unicode-org.atlassian.net/browse/ICU-20958
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19923
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19925
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19926
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6381
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6382
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6383
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6384
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6385
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6386
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6387
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6388
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6389
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6390
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6391
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6392
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6393
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6394
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6395
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6396
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6397
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6398
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6399
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6400
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6401
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6402
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6403
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6404
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6405
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6406
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6407
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6408
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6409
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6410
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6411
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6412
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6413
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6414
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6415
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6416
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6418
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1819

SRPMS:
- 7/core/chromium-browser-stable-80.0.3987.122-1.mga7
- 7/core/icu-63.1-1.2.mga7

Mageia 2020-0123: chromium-browser-stable security update

Chromium-browser 80.0.3987.122 fixes security issues: Multiple flaws were found in the way Chromium 79.0.3945.130 processes various types of web content, where loading a web page ...

Summary

Chromium-browser 80.0.3987.122 fixes security issues:
Multiple flaws were found in the way Chromium 79.0.3945.130 processes various types of web content, where loading a web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information. (CVE-2020-6381, CVE-2020-6382, CVE-2020-6383, CVE-2020-6384, CVE-2020-6385, CVE-2020-6386, CVE-2020-6387, CVE-2020-6388, CVE-2020-6389, CVE-2020-6390, CVE-2020-6391, CVE-2020-6392, CVE-2020-6393, CVE-2020-6394, CVE-2020-6395, CVE-2020-6396, CVE-2020-6397, CVE-2020-6398, CVE-2020-6399, CVE-2020-6400, CVE-2020-6401, CVE-2020-6402, CVE-2020-6403, CVE-2020-6404, CVE-2020-6405, CVE-2020-6406, CVE-2020-6407, CVE-2020-6408, CVE-2020-6409, CVE-2020-6410, CVE-2020-6411, CVE-2020-6412, CVE-2020-6413, CVE-2020-6414, CVE-2020-6415, CVE-2020-6416, CVE-2020-6418, CVE-2019-18197, CVE-2019-19923, CVE-2019-19925, CVE-2019-19926)
Upstream chromium 80.0.3987.122 also includes a fix for an integer overflow iss...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=26269

- https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html

- https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_11.html

- https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_13.html

- https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_18.html

- https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_24.html

- https://unicode-org.atlassian.net/browse/ICU-20958

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19923

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19925

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19926

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6381

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6382

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6383

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6384

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6385

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6386

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6387

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6388

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6389

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6390

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6391

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6392

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6393

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6394

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6395

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6396

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6397

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6398

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6399

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6400

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6401

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6402

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6403

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6404

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6405

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6406

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6407

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6408

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6409

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6410

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6411

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6412

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6413

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6414

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6415

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6416

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6418

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1819

Resolution

MGASA-2020-0123 - Updated chromium-browser-stable packages fix security vulnerabilities

SRPMS

- 7/core/chromium-browser-stable-80.0.3987.122-1.mga7

- 7/core/icu-63.1-1.2.mga7

Severity
Publication date: 06 Mar 2020
URL: https://advisories.mageia.org/MGASA-2020-0123.html
Type: security
CVE: CVE-2019-19923, CVE-2019-19925, CVE-2019-19926, CVE-2020-6381, CVE-2020-6382, CVE-2020-6383, CVE-2020-6384, CVE-2020-6385, CVE-2020-6386, CVE-2020-6387, CVE-2020-6388, CVE-2020-6389, CVE-2020-6390, CVE-2020-6391, CVE-2020-6392, CVE-2020-6393, CVE-2020-6394, CVE-2020-6395, CVE-2020-6396, CVE-2020-6397, CVE-2020-6398, CVE-2020-6399, CVE-2020-6400, CVE-2020-6401, CVE-2020-6402, CVE-2020-6403, CVE-2020-6404, CVE-2020-6405, CVE-2020-6406, CVE-2020-6407, CVE-2020-6408, CVE-2020-6409, CVE-2020-6410, CVE-2020-6411, CVE-2020-6412, CVE-2020-6413, CVE-2020-6414, CVE-2020-6415, CVE-2020-6416, CVE-2020-6418, CVE-2019-1819

Related News

The End of the Road for Linux 6.11: A Call to Upgrade to Kernel 6.12
3 - 5 min read
The Linux kernel community recently issued an EOL announcement regarding the 6.11 kernel series, urging sysadmins to upgrade quickly to 6.12 . This
A Linux Admin
3 - 6 min read
As 2025 approaches, we Linux admins are facing new and often unseen cloud-native security obstacles. While skilled at mitigating known risks,
Leveraging Insights from the Linux Foundation
3 - 5 min read
The Linux Foundation's recent Census III report provides critical insights for Linux administrators, information security professionals, and anyone
Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns
3 - 6 min read
Google recently unveiled a critical security update to their popular web browser, Google Chrome, addressing over a dozen significant security
From Wayland Fixes to Security Boosts: Examining Qt 6.8.1
3 - 6 min read
The recent Qt 6.8.1 release brings significant updates and improvements, strengthening its reputation as a secure and reliable application
Exploring Arch Linux 2024.12.01: Security Implications & Notable Enhancements for Linux Admins
3 - 6 min read
The Arch Linux 2024.12.01 ISO release marks an impressive milestone, offering cutting-edge updates that enhance functionality, streamline
Deck the Halls with Enhanced Security: Linux Kernel 6.13
3 - 5 min read
As Linux admins and infosec professionals prepare for the holiday season, there's much cause for celebration this year! Linus Torvalds recently made
Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions
3 - 5 min read
New Linux security threats mark critical junctures that challenge existing policies and test security protocols to their limit. One such milestone

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved