Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2021.0024
chromium security update
4 January 2021
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: chromium
Publisher: Debian
Operating System: Debian GNU/Linux
Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated
Denial of Service -- Remote/Unauthenticated
Access Confidential Data -- Remote/Unauthenticated
Reduced Security -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2020-16042 CVE-2020-16041 CVE-2020-16040
CVE-2020-16039 CVE-2020-16038 CVE-2020-16037
CVE-2020-16036 CVE-2020-16035 CVE-2020-16034
CVE-2020-16033 CVE-2020-16032 CVE-2020-16031
CVE-2020-16030 CVE-2020-16029 CVE-2020-16028
CVE-2020-16027 CVE-2020-16026 CVE-2020-16025
CVE-2020-16024 CVE-2020-16023 CVE-2020-16022
CVE-2020-16021 CVE-2020-16020 CVE-2020-16019
CVE-2020-16018 CVE-2020-16017 CVE-2020-16016
CVE-2020-16015 CVE-2020-16014 CVE-2020-16013
CVE-2020-16012 CVE-2020-16011 CVE-2020-16009
CVE-2020-16008 CVE-2020-16007 CVE-2020-16006
CVE-2020-16005 CVE-2020-16004 CVE-2020-16003
CVE-2020-16002 CVE-2020-16001 CVE-2020-16000
CVE-2020-15999 CVE-2020-15992 CVE-2020-15991
CVE-2020-15990 CVE-2020-15989 CVE-2020-15988
CVE-2020-15987 CVE-2020-15986 CVE-2020-15985
CVE-2020-15984 CVE-2020-15983 CVE-2020-15982
CVE-2020-15981 CVE-2020-15980 CVE-2020-15979
CVE-2020-15978 CVE-2020-15977 CVE-2020-15976
CVE-2020-15975 CVE-2020-15974 CVE-2020-15973
CVE-2020-15972 CVE-2020-15971 CVE-2020-15970
CVE-2020-15969 CVE-2020-15968 CVE-2020-15967
CVE-2020-15966 CVE-2020-15965 CVE-2020-15964
CVE-2020-15963 CVE-2020-15962 CVE-2020-15961
CVE-2020-15960 CVE-2020-15959 CVE-2020-6576
CVE-2020-6575 CVE-2020-6574 CVE-2020-6573
CVE-2020-6571 CVE-2020-6570 CVE-2020-6569
CVE-2020-6568 CVE-2020-6567 CVE-2020-6566
CVE-2020-6565 CVE-2020-6564 CVE-2020-6563
CVE-2020-6562 CVE-2020-6561 CVE-2020-6560
CVE-2020-6559 CVE-2020-6558 CVE-2020-6557
CVE-2020-6556 CVE-2020-6555 CVE-2020-6554
CVE-2020-6553 CVE-2020-6552 CVE-2020-6551
CVE-2020-6550 CVE-2020-6549 CVE-2020-6548
CVE-2020-6547 CVE-2020-6546 CVE-2020-6545
CVE-2020-6544 CVE-2020-6543 CVE-2020-6542
CVE-2020-6541 CVE-2020-6540 CVE-2020-6539
CVE-2020-6538 CVE-2020-6537 CVE-2020-6536
CVE-2020-6535 CVE-2020-6534 CVE-2020-6533
CVE-2020-6532 CVE-2020-6531 CVE-2020-6530
CVE-2020-6529 CVE-2020-6528 CVE-2020-6527
CVE-2020-6526 CVE-2020-6525 CVE-2020-6524
CVE-2020-6523 CVE-2020-6522 CVE-2020-6521
CVE-2020-6520 CVE-2020-6519 CVE-2020-6518
CVE-2020-6517 CVE-2020-6516 CVE-2020-6515
CVE-2020-6514 CVE-2020-6513 CVE-2020-6512
CVE-2020-6511 CVE-2020-6510 CVE-2019-8075
Reference: ESB-2020.4524
ESB-2020.4523
ESB-2020.4515
Original Bulletin:
http://www.debian.org/security/2021/dsa-4824
- --------------------------BEGIN INCLUDED TEXT--------------------
- - -------------------------------------------------------------------------
Debian Security Advisory DSA-4824-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
January 01, 2021 https://www.debian.org/security/faq
- - -------------------------------------------------------------------------
Package : chromium
CVE ID : CVE-2019-8075 CVE-2020-6510 CVE-2020-6511 CVE-2020-6512
CVE-2020-6513 CVE-2020-6514 CVE-2020-6515 CVE-2020-6516
CVE-2020-6517 CVE-2020-6518 CVE-2020-6519 CVE-2020-6520
CVE-2020-6521 CVE-2020-6522 CVE-2020-6523 CVE-2020-6524
CVE-2020-6525 CVE-2020-6526 CVE-2020-6527 CVE-2020-6528
CVE-2020-6529 CVE-2020-6530 CVE-2020-6531 CVE-2020-6532
CVE-2020-6533 CVE-2020-6534 CVE-2020-6535 CVE-2020-6536
CVE-2020-6537 CVE-2020-6538 CVE-2020-6539 CVE-2020-6540
CVE-2020-6541 CVE-2020-6542 CVE-2020-6543 CVE-2020-6544
CVE-2020-6545 CVE-2020-6546 CVE-2020-6547 CVE-2020-6548
CVE-2020-6549 CVE-2020-6550 CVE-2020-6551 CVE-2020-6552
CVE-2020-6553 CVE-2020-6554 CVE-2020-6555 CVE-2020-6556
CVE-2020-6557 CVE-2020-6558 CVE-2020-6559 CVE-2020-6560
CVE-2020-6561 CVE-2020-6562 CVE-2020-6563 CVE-2020-6564
CVE-2020-6565 CVE-2020-6566 CVE-2020-6567 CVE-2020-6568
CVE-2020-6569 CVE-2020-6570 CVE-2020-6571 CVE-2020-6573
CVE-2020-6574 CVE-2020-6575 CVE-2020-6576 CVE-2020-15959
CVE-2020-15960 CVE-2020-15961 CVE-2020-15962 CVE-2020-15963
CVE-2020-15964 CVE-2020-15965 CVE-2020-15966 CVE-2020-15967
CVE-2020-15968 CVE-2020-15969 CVE-2020-15970 CVE-2020-15971
CVE-2020-15972 CVE-2020-15973 CVE-2020-15974 CVE-2020-15975
CVE-2020-15976 CVE-2020-15977 CVE-2020-15978 CVE-2020-15979
CVE-2020-15980 CVE-2020-15981 CVE-2020-15982 CVE-2020-15983
CVE-2020-15984 CVE-2020-15985 CVE-2020-15986 CVE-2020-15987
CVE-2020-15988 CVE-2020-15989 CVE-2020-15990 CVE-2020-15991
CVE-2020-15992 CVE-2020-15999 CVE-2020-16000 CVE-2020-16001
CVE-2020-16002 CVE-2020-16003 CVE-2020-16004 CVE-2020-16005
CVE-2020-16006 CVE-2020-16007 CVE-2020-16008 CVE-2020-16009
CVE-2020-16011 CVE-2020-16012 CVE-2020-16013 CVE-2020-16014
CVE-2020-16015 CVE-2020-16016 CVE-2020-16017 CVE-2020-16018
CVE-2020-16019 CVE-2020-16020 CVE-2020-16021 CVE-2020-16022
CVE-2020-16023 CVE-2020-16024 CVE-2020-16025 CVE-2020-16026
CVE-2020-16027 CVE-2020-16028 CVE-2020-16029 CVE-2020-16030
CVE-2020-16031 CVE-2020-16032 CVE-2020-16033 CVE-2020-16034
CVE-2020-16035 CVE-2020-16036 CVE-2020-16037 CVE-2020-16038
CVE-2020-16039 CVE-2020-16040 CVE-2020-16041 CVE-2020-16042
Multiple security issues were discovered in the Chromium web browser, which
could result in the execution of arbitrary code, denial of service
or information disclosure.
For the stable distribution (buster), these problems have been fixed in
version 87.0.4280.88-0.4~deb10u1.
We recommend that you upgrade your chromium packages.
For the detailed security status of chromium please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/chromium
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl/vbOYACgkQEMKTtsN8
TjZ50xAAhZSmLpG4R8V7GruUaREAgbaxrpwMwEo2U0v87qe0okMFsdRPgQjDDswF
cAgfyd5Ily5TjnhFTjY5+O523v92cTDsRL7sI+9g3fVk03Nuzlb3uEPU9te/smGj
1jr9LHseh+PpGxq+VvXs78yHs5OmgFLUsk5dd4MtGqdc9gDuOro5ssf4QuGZdmMs
OtJtRgDNGNTaaS9IouGImfrSULFSSR4A+/RKhRfCAZCigQTdvfHpFjVVvOBG8+Rr
7Vj2QBkX9RI9k6u0k+5Op3uLUeWZkEOvXHFdduGdg6FCk8hNdmILfA/V1hvVCkUP
/3S688CrHbarT1oCiJxr50zmXNRP0lXY2NHyW+VytGL5d9yUL5C9lrN74EUwEAp9
/S0/kWg8MdTX+3VlaO8E6rduZfIRswddJ8zLOtP+ZUlm7P4K83ukCgwFhfuoi4Ut
AguW5sNKTvTmuudKcO+aSb9hTZS+NCcEyyPnYCBMqH7YConmkqEWWWiryXGkSTSw
bs+DOI9ufG6aToQmIVDpa3F8ECF+cwzeaHNHVzgCfndJ4/7ScA0h/Z8NHrk7TgB0
dj7YE6j12SQTR1UpUecWXxz8ZKECc9dULuEAi5dCuwVG+v8HTjvNSUDBojtPP4Ge
R2LYlv9ZBAw5IyV987wmJcf6cBK0MsOEtY+7FGGmu8wPiQkc/MQ=
=p5Di
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBX/KZTuNLKJtyKPYoAQglHBAAmdzOaB3CDESYsYHjKVe186RdwpzYKq3q
HZgH6lIk6TDPfqgF6/JWR5jmc48OsAusanSc5GrHmyCjVT69c0G411/iV8iBnnYE
VPt5QrJjBsl8Xn4Hgt/hSzjJxS7E7PP3idwZZbQUjvNTznlzgLqMDYOWXd0aotRE
T4RVxRDIyrTxJnF+Tr7ZII4GuRKKQ85eBKK1RHk0/n/XYSLyUQ78B0+NuVWrEwsB
PVvmdDikOM5qJtw+cxdYQlSQe7NeOIMd1ygaXJcRA+Pyg9WT2K9vwVz628GIQnW5
e9FW/FH3tRkxF5NYPaUnTKlQVNbBCbOg8BMuLVX3AhpDqb+RMaWCE1n1JpD0SDZC
1J3tq10UPZ6Ma1k4J0nE4nmDRMOQkAf3F2j0V8nGQoJcltAUFSpUKqqQfaGA+J4+
h0437UEpjZe2hIfK8AwE8nel2hPmMRzScV+7rSP6f1YGYETULk9QirJ9jEPo1/7K
k7tIKJ6i+DgVcV7rJj62eYllugvd58PBGsrglwFQNK/BLWJNQeOEBVniB+3cHJQx
g/FGghG9FhvuNmHZsbIhgzQR2hG55TQbkie4RanSku8m/umePdhG5Xmn38Oe9Rqp
sWuxZZ7AV8iBGthgi+1tGGemIZEou8btnUF6kbKaU0BkNiYRdaRJDvKCkzRFDuRl
8vXQnLfcIgc=
=ORlp
-----END PGP SIGNATURE-----