Test Kennung:	1.3.6.1.4.1.25623.1.0.853294
Kategorie:	SuSE Local Security Checks
Titel:	openSUSE: Security Advisory for chromium (openSUSE-SU-2020:1021-1)
Zusammenfassung:	The remote host is missing an update for the 'chromium'; package(s) announced via the openSUSE-SU-2020:1021-1 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'chromium' package(s) announced via the openSUSE-SU-2020:1021-1 advisory. Vulnerability Insight: This update for chromium fixes the following issues: - Update to 84.0.4147.89 boo#1174189: * Critical CVE-2020-6510: Heap buffer overflow in background fetch. * High CVE-2020-6511: Side-channel information leakage in content security policy. * High CVE-2020-6512: Type Confusion in V8. * High CVE-2020-6513: Heap buffer overflow in PDFium. * High CVE-2020-6514: Inappropriate implementation in WebRTC. * High CVE-2020-6515: Use after free in tab strip. * High CVE-2020-6516: Policy bypass in CORS. * High CVE-2020-6517: Heap buffer overflow in history. * Medium CVE-2020-6518: Use after free in developer tools. * Medium CVE-2020-6519: Policy bypass in CSP. * Medium CVE-2020-6520: Heap buffer overflow in Skia. * Medium CVE-2020-6521: Side-channel information leakage in autofill. * Medium CVE-2020-6522: Inappropriate implementation in external protocol handlers. * Medium CVE-2020-6523: Out of bounds write in Skia. * Medium CVE-2020-6524: Heap buffer overflow in WebAudio. * Medium CVE-2020-6525: Heap buffer overflow in Skia. * Low CVE-2020-6526: Inappropriate implementation in iframe sandbox. * Low CVE-2020-6527: Insufficient policy enforcement in CSP. * Low CVE-2020-6528: Incorrect security UI in basic auth. * Low CVE-2020-6529: Inappropriate implementation in WebRTC. * Low CVE-2020-6530: Out of bounds memory access in developer tools. * Low CVE-2020-6531: Side-channel information leakage in scroll to text. * Low CVE-2020-6533: Type Confusion in V8. * Low CVE-2020-6534: Heap buffer overflow in WebRTC. * Low CVE-2020-6535: Insufficient data validation in WebUI. * Low CVE-2020-6536: Incorrect security UI in PWAs. - Use bundled xcb-proto as we need to generate py2 bindings - Try to fix non-wayland build for Leap builds Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'. Alternatively you can run the command listed for your product: - openSUSE Leap 15.1: zypper in -t patch openSUSE-2020-1021=1 Affected Software/OS: 'chromium' package(s) on openSUSE Leap 15.1. Solution: Please install the updated package(s). CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2020-6510 Debian Security Information: DSA-4824 (Google Search) https://www.debian.org/security/2021/dsa-4824 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MYIDWCHG24ZTFD4P42D4A4WWPPA74BCG/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MTRPPTKZ2RKVH2XGQCWNFZ7FOGQ5LLCA/ https://security.gentoo.org/glsa/202007-08 https://security.gentoo.org/glsa/202101-30 https://chromereleases.googleblog.com/2020/07/stable-channel-update-for-desktop.html https://crbug.com/1103195 SuSE Security Announcement: openSUSE-SU-2020:1048 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00041.html SuSE Security Announcement: openSUSE-SU-2020:1061 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00069.html SuSE Security Announcement: openSUSE-SU-2020:1148 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00007.html SuSE Security Announcement: openSUSE-SU-2020:1172 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00018.html Common Vulnerability Exposure (CVE) ID: CVE-2020-6511 https://crbug.com/1074317 Common Vulnerability Exposure (CVE) ID: CVE-2020-6512 https://crbug.com/1084820 Common Vulnerability Exposure (CVE) ID: CVE-2020-6513 https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1092 https://crbug.com/1091404 Common Vulnerability Exposure (CVE) ID: CVE-2020-6514 Debian Security Information: DSA-4736 (Google Search) https://www.debian.org/security/2020/dsa-4736 Debian Security Information: DSA-4740 (Google Search) https://www.debian.org/security/2020/dsa-4740 https://security.gentoo.org/glsa/202007-64 http://packetstormsecurity.com/files/158697/WebRTC-usrsctp-Incorrect-Call.html https://crbug.com/1076703 https://lists.debian.org/debian-lts-announce/2020/07/msg00027.html https://lists.debian.org/debian-lts-announce/2020/08/msg00006.html SuSE Security Announcement: openSUSE-SU-2020:1147 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00008.html SuSE Security Announcement: openSUSE-SU-2020:1155 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00011.html SuSE Security Announcement: openSUSE-SU-2020:1179 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00022.html SuSE Security Announcement: openSUSE-SU-2020:1189 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00025.html SuSE Security Announcement: openSUSE-SU-2020:1205 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00032.html https://usn.ubuntu.com/4443-1/ Common Vulnerability Exposure (CVE) ID: CVE-2020-6515 https://crbug.com/1082755 Common Vulnerability Exposure (CVE) ID: CVE-2020-6516 https://crbug.com/1092449 Common Vulnerability Exposure (CVE) ID: CVE-2020-6517 https://crbug.com/1095560 Common Vulnerability Exposure (CVE) ID: CVE-2020-6518 https://crbug.com/986051 Common Vulnerability Exposure (CVE) ID: CVE-2020-6519 http://packetstormsecurity.com/files/160353/Chromium-83-CSP-Bypass.html https://crbug.com/1064676 Common Vulnerability Exposure (CVE) ID: CVE-2020-6520 https://crbug.com/1092274 Common Vulnerability Exposure (CVE) ID: CVE-2020-6521 https://crbug.com/1075734 Common Vulnerability Exposure (CVE) ID: CVE-2020-6522 https://crbug.com/1052093 Common Vulnerability Exposure (CVE) ID: CVE-2020-6523 https://crbug.com/1080481 Common Vulnerability Exposure (CVE) ID: CVE-2020-6524 https://crbug.com/1081722 Common Vulnerability Exposure (CVE) ID: CVE-2020-6525 https://crbug.com/1091670 Common Vulnerability Exposure (CVE) ID: CVE-2020-6526 https://crbug.com/1074340 Common Vulnerability Exposure (CVE) ID: CVE-2020-6527 https://crbug.com/992698 Common Vulnerability Exposure (CVE) ID: CVE-2020-6528 https://crbug.com/1063690 Common Vulnerability Exposure (CVE) ID: CVE-2020-6529 https://crbug.com/978779 Common Vulnerability Exposure (CVE) ID: CVE-2020-6530 https://crbug.com/1016278 Common Vulnerability Exposure (CVE) ID: CVE-2020-6531 https://crbug.com/1042986 Common Vulnerability Exposure (CVE) ID: CVE-2020-6533 https://crbug.com/1069964 Common Vulnerability Exposure (CVE) ID: CVE-2020-6534 https://crbug.com/1072412 Common Vulnerability Exposure (CVE) ID: CVE-2020-6535 https://crbug.com/1073409 Common Vulnerability Exposure (CVE) ID: CVE-2020-6536 https://crbug.com/1080934
Copyright	Copyright (C) 2020 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.