Advisories » MGASA-2020-0123

Updated chromium-browser-stable packages fix security vulnerabilities

Publication date: 06 Mar 2020
Modification date: 06 Mar 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2019-19923 , CVE-2019-19925 , CVE-2019-19926 , CVE-2020-6381 , CVE-2020-6382 , CVE-2020-6383 , CVE-2020-6384 , CVE-2020-6385 , CVE-2020-6386 , CVE-2020-6387 , CVE-2020-6388 , CVE-2020-6389 , CVE-2020-6390 , CVE-2020-6391 , CVE-2020-6392 , CVE-2020-6393 , CVE-2020-6394 , CVE-2020-6395 , CVE-2020-6396 , CVE-2020-6397 , CVE-2020-6398 , CVE-2020-6399 , CVE-2020-6400 , CVE-2020-6401 , CVE-2020-6402 , CVE-2020-6403 , CVE-2020-6404 , CVE-2020-6405 , CVE-2020-6406 , CVE-2020-6407 , CVE-2020-6408 , CVE-2020-6409 , CVE-2020-6410 , CVE-2020-6411 , CVE-2020-6412 , CVE-2020-6413 , CVE-2020-6414 , CVE-2020-6415 , CVE-2020-6416 , CVE-2020-6418 , CVE-2019-1819

Description

Chromium-browser 80.0.3987.122 fixes security issues:

Multiple flaws were found in the way Chromium 79.0.3945.130 processes
various types of web content, where loading a web page containing malicious
content could cause Chromium to crash, execute arbitrary code, or disclose
sensitive information. (CVE-2020-6381, CVE-2020-6382, CVE-2020-6383,
CVE-2020-6384, CVE-2020-6385, CVE-2020-6386, CVE-2020-6387, CVE-2020-6388,
CVE-2020-6389, CVE-2020-6390, CVE-2020-6391, CVE-2020-6392, CVE-2020-6393,
CVE-2020-6394, CVE-2020-6395, CVE-2020-6396, CVE-2020-6397, CVE-2020-6398,
CVE-2020-6399, CVE-2020-6400, CVE-2020-6401, CVE-2020-6402, CVE-2020-6403,
CVE-2020-6404, CVE-2020-6405, CVE-2020-6406, CVE-2020-6407, CVE-2020-6408,
CVE-2020-6409, CVE-2020-6410, CVE-2020-6411, CVE-2020-6412, CVE-2020-6413,
CVE-2020-6414, CVE-2020-6415, CVE-2020-6416, CVE-2020-6418, CVE-2019-18197,
CVE-2019-19923, CVE-2019-19925, CVE-2019-19926)

Upstream chromium 80.0.3987.122 also includes a fix for an integer overflow
issue in ICU. Since the chromium-browser-stable package is linked against
the icu packages instead of using the ICU source code bundled with chromium
upstream, this issue is fixed in the icu package.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=26269
• https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html
• https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_11.html
• https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_13.html
• https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_18.html
• https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_24.html
• https://unicode-org.atlassian.net/browse/ICU-20958
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19923
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19925
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19926
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6381
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6382
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6383
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6384
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6385
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6386
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6387
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6388
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6389
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6390
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6391
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6392
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6393
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6394
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6395
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6396
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6397
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6398
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6399
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6400
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6401
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6402
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6403
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6404
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6405
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6406
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6407
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6408
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6409
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6410
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6411
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6412
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6413
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6414
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6415
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6416
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6418
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1819

SRPMS

7/core

• chromium-browser-stable-80.0.3987.122-1.mga7
• icu-63.1-1.2.mga7