Operating System:

[Debian]

Published:

04 January 2021

Protect yourself against future threats.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.0024
                         chromium security update
                              4 January 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           chromium
Publisher:         Debian
Operating System:  Debian GNU/Linux
Impact/Access:     Execute Arbitrary Code/Commands -- Remote/Unauthenticated
                   Denial of Service               -- Remote/Unauthenticated
                   Access Confidential Data        -- Remote/Unauthenticated
                   Reduced Security                -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-16042 CVE-2020-16041 CVE-2020-16040
                   CVE-2020-16039 CVE-2020-16038 CVE-2020-16037
                   CVE-2020-16036 CVE-2020-16035 CVE-2020-16034
                   CVE-2020-16033 CVE-2020-16032 CVE-2020-16031
                   CVE-2020-16030 CVE-2020-16029 CVE-2020-16028
                   CVE-2020-16027 CVE-2020-16026 CVE-2020-16025
                   CVE-2020-16024 CVE-2020-16023 CVE-2020-16022
                   CVE-2020-16021 CVE-2020-16020 CVE-2020-16019
                   CVE-2020-16018 CVE-2020-16017 CVE-2020-16016
                   CVE-2020-16015 CVE-2020-16014 CVE-2020-16013
                   CVE-2020-16012 CVE-2020-16011 CVE-2020-16009
                   CVE-2020-16008 CVE-2020-16007 CVE-2020-16006
                   CVE-2020-16005 CVE-2020-16004 CVE-2020-16003
                   CVE-2020-16002 CVE-2020-16001 CVE-2020-16000
                   CVE-2020-15999 CVE-2020-15992 CVE-2020-15991
                   CVE-2020-15990 CVE-2020-15989 CVE-2020-15988
                   CVE-2020-15987 CVE-2020-15986 CVE-2020-15985
                   CVE-2020-15984 CVE-2020-15983 CVE-2020-15982
                   CVE-2020-15981 CVE-2020-15980 CVE-2020-15979
                   CVE-2020-15978 CVE-2020-15977 CVE-2020-15976
                   CVE-2020-15975 CVE-2020-15974 CVE-2020-15973
                   CVE-2020-15972 CVE-2020-15971 CVE-2020-15970
                   CVE-2020-15969 CVE-2020-15968 CVE-2020-15967
                   CVE-2020-15966 CVE-2020-15965 CVE-2020-15964
                   CVE-2020-15963 CVE-2020-15962 CVE-2020-15961
                   CVE-2020-15960 CVE-2020-15959 CVE-2020-6576
                   CVE-2020-6575 CVE-2020-6574 CVE-2020-6573
                   CVE-2020-6571 CVE-2020-6570 CVE-2020-6569
                   CVE-2020-6568 CVE-2020-6567 CVE-2020-6566
                   CVE-2020-6565 CVE-2020-6564 CVE-2020-6563
                   CVE-2020-6562 CVE-2020-6561 CVE-2020-6560
                   CVE-2020-6559 CVE-2020-6558 CVE-2020-6557
                   CVE-2020-6556 CVE-2020-6555 CVE-2020-6554
                   CVE-2020-6553 CVE-2020-6552 CVE-2020-6551
                   CVE-2020-6550 CVE-2020-6549 CVE-2020-6548
                   CVE-2020-6547 CVE-2020-6546 CVE-2020-6545
                   CVE-2020-6544 CVE-2020-6543 CVE-2020-6542
                   CVE-2020-6541 CVE-2020-6540 CVE-2020-6539
                   CVE-2020-6538 CVE-2020-6537 CVE-2020-6536
                   CVE-2020-6535 CVE-2020-6534 CVE-2020-6533
                   CVE-2020-6532 CVE-2020-6531 CVE-2020-6530
                   CVE-2020-6529 CVE-2020-6528 CVE-2020-6527
                   CVE-2020-6526 CVE-2020-6525 CVE-2020-6524
                   CVE-2020-6523 CVE-2020-6522 CVE-2020-6521
                   CVE-2020-6520 CVE-2020-6519 CVE-2020-6518
                   CVE-2020-6517 CVE-2020-6516 CVE-2020-6515
                   CVE-2020-6514 CVE-2020-6513 CVE-2020-6512
                   CVE-2020-6511 CVE-2020-6510 CVE-2019-8075

Reference:         ESB-2020.4524
                   ESB-2020.4523
                   ESB-2020.4515

Original Bulletin: 
   http://www.debian.org/security/2021/dsa-4824

- --------------------------BEGIN INCLUDED TEXT--------------------

- - -------------------------------------------------------------------------
Debian Security Advisory DSA-4824-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
January 01, 2021                      https://www.debian.org/security/faq
- - -------------------------------------------------------------------------

Package        : chromium
CVE ID         : CVE-2019-8075 CVE-2020-6510 CVE-2020-6511 CVE-2020-6512 
                 CVE-2020-6513 CVE-2020-6514 CVE-2020-6515 CVE-2020-6516 
                 CVE-2020-6517 CVE-2020-6518 CVE-2020-6519 CVE-2020-6520 
                 CVE-2020-6521 CVE-2020-6522 CVE-2020-6523 CVE-2020-6524 
                 CVE-2020-6525 CVE-2020-6526 CVE-2020-6527 CVE-2020-6528 
                 CVE-2020-6529 CVE-2020-6530 CVE-2020-6531 CVE-2020-6532 
                 CVE-2020-6533 CVE-2020-6534 CVE-2020-6535 CVE-2020-6536 
                 CVE-2020-6537 CVE-2020-6538 CVE-2020-6539 CVE-2020-6540 
                 CVE-2020-6541 CVE-2020-6542 CVE-2020-6543 CVE-2020-6544 
                 CVE-2020-6545 CVE-2020-6546 CVE-2020-6547 CVE-2020-6548 
                 CVE-2020-6549 CVE-2020-6550 CVE-2020-6551 CVE-2020-6552 
                 CVE-2020-6553 CVE-2020-6554 CVE-2020-6555 CVE-2020-6556 
                 CVE-2020-6557 CVE-2020-6558 CVE-2020-6559 CVE-2020-6560 
                 CVE-2020-6561 CVE-2020-6562 CVE-2020-6563 CVE-2020-6564 
                 CVE-2020-6565 CVE-2020-6566 CVE-2020-6567 CVE-2020-6568 
                 CVE-2020-6569 CVE-2020-6570 CVE-2020-6571 CVE-2020-6573 
                 CVE-2020-6574 CVE-2020-6575 CVE-2020-6576 CVE-2020-15959 
                 CVE-2020-15960 CVE-2020-15961 CVE-2020-15962 CVE-2020-15963 
                 CVE-2020-15964 CVE-2020-15965 CVE-2020-15966 CVE-2020-15967 
                 CVE-2020-15968 CVE-2020-15969 CVE-2020-15970 CVE-2020-15971 
                 CVE-2020-15972 CVE-2020-15973 CVE-2020-15974 CVE-2020-15975 
                 CVE-2020-15976 CVE-2020-15977 CVE-2020-15978 CVE-2020-15979 
                 CVE-2020-15980 CVE-2020-15981 CVE-2020-15982 CVE-2020-15983 
                 CVE-2020-15984 CVE-2020-15985 CVE-2020-15986 CVE-2020-15987 
                 CVE-2020-15988 CVE-2020-15989 CVE-2020-15990 CVE-2020-15991 
                 CVE-2020-15992 CVE-2020-15999 CVE-2020-16000 CVE-2020-16001 
                 CVE-2020-16002 CVE-2020-16003 CVE-2020-16004 CVE-2020-16005 
                 CVE-2020-16006 CVE-2020-16007 CVE-2020-16008 CVE-2020-16009 
                 CVE-2020-16011 CVE-2020-16012 CVE-2020-16013 CVE-2020-16014 
                 CVE-2020-16015 CVE-2020-16016 CVE-2020-16017 CVE-2020-16018 
                 CVE-2020-16019 CVE-2020-16020 CVE-2020-16021 CVE-2020-16022 
                 CVE-2020-16023 CVE-2020-16024 CVE-2020-16025 CVE-2020-16026 
                 CVE-2020-16027 CVE-2020-16028 CVE-2020-16029 CVE-2020-16030 
                 CVE-2020-16031 CVE-2020-16032 CVE-2020-16033 CVE-2020-16034 
                 CVE-2020-16035 CVE-2020-16036 CVE-2020-16037 CVE-2020-16038 
                 CVE-2020-16039 CVE-2020-16040 CVE-2020-16041 CVE-2020-16042

Multiple security issues were discovered in the Chromium web browser, which
could result in the execution of arbitrary code, denial of service
or information disclosure.

For the stable distribution (buster), these problems have been fixed in
version 87.0.4280.88-0.4~deb10u1.

We recommend that you upgrade your chromium packages.

For the detailed security status of chromium please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/chromium

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl/vbOYACgkQEMKTtsN8
TjZ50xAAhZSmLpG4R8V7GruUaREAgbaxrpwMwEo2U0v87qe0okMFsdRPgQjDDswF
cAgfyd5Ily5TjnhFTjY5+O523v92cTDsRL7sI+9g3fVk03Nuzlb3uEPU9te/smGj
1jr9LHseh+PpGxq+VvXs78yHs5OmgFLUsk5dd4MtGqdc9gDuOro5ssf4QuGZdmMs
OtJtRgDNGNTaaS9IouGImfrSULFSSR4A+/RKhRfCAZCigQTdvfHpFjVVvOBG8+Rr
7Vj2QBkX9RI9k6u0k+5Op3uLUeWZkEOvXHFdduGdg6FCk8hNdmILfA/V1hvVCkUP
/3S688CrHbarT1oCiJxr50zmXNRP0lXY2NHyW+VytGL5d9yUL5C9lrN74EUwEAp9
/S0/kWg8MdTX+3VlaO8E6rduZfIRswddJ8zLOtP+ZUlm7P4K83ukCgwFhfuoi4Ut
AguW5sNKTvTmuudKcO+aSb9hTZS+NCcEyyPnYCBMqH7YConmkqEWWWiryXGkSTSw
bs+DOI9ufG6aToQmIVDpa3F8ECF+cwzeaHNHVzgCfndJ4/7ScA0h/Z8NHrk7TgB0
dj7YE6j12SQTR1UpUecWXxz8ZKECc9dULuEAi5dCuwVG+v8HTjvNSUDBojtPP4Ge
R2LYlv9ZBAw5IyV987wmJcf6cBK0MsOEtY+7FGGmu8wPiQkc/MQ=
=p5Di
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBX/KZTuNLKJtyKPYoAQglHBAAmdzOaB3CDESYsYHjKVe186RdwpzYKq3q
HZgH6lIk6TDPfqgF6/JWR5jmc48OsAusanSc5GrHmyCjVT69c0G411/iV8iBnnYE
VPt5QrJjBsl8Xn4Hgt/hSzjJxS7E7PP3idwZZbQUjvNTznlzgLqMDYOWXd0aotRE
T4RVxRDIyrTxJnF+Tr7ZII4GuRKKQ85eBKK1RHk0/n/XYSLyUQ78B0+NuVWrEwsB
PVvmdDikOM5qJtw+cxdYQlSQe7NeOIMd1ygaXJcRA+Pyg9WT2K9vwVz628GIQnW5
e9FW/FH3tRkxF5NYPaUnTKlQVNbBCbOg8BMuLVX3AhpDqb+RMaWCE1n1JpD0SDZC
1J3tq10UPZ6Ma1k4J0nE4nmDRMOQkAf3F2j0V8nGQoJcltAUFSpUKqqQfaGA+J4+
h0437UEpjZe2hIfK8AwE8nel2hPmMRzScV+7rSP6f1YGYETULk9QirJ9jEPo1/7K
k7tIKJ6i+DgVcV7rJj62eYllugvd58PBGsrglwFQNK/BLWJNQeOEBVniB+3cHJQx
g/FGghG9FhvuNmHZsbIhgzQR2hG55TQbkie4RanSku8m/umePdhG5Xmn38Oe9Rqp
sWuxZZ7AV8iBGthgi+1tGGemIZEou8btnUF6kbKaU0BkNiYRdaRJDvKCkzRFDuRl
8vXQnLfcIgc=
=ORlp
-----END PGP SIGNATURE-----