ASA-202005-2 log original external raw

[ASA-202005-2] chromium: arbitrary code execution
Arch Linux Security Advisory ASA-202005-2 ========================================= Severity: High Date : 2020-05-06 CVE-ID : CVE-2020-6464 CVE-2020-6831 Package : chromium Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-1149 Summary ======= The package chromium before version 81.0.4044.138-1 is vulnerable to arbitrary code execution. Resolution ========== Upgrade to 81.0.4044.138-1. # pacman -Syu "chromium>=81.0.4044.138-1" The problems have been fixed upstream in version 81.0.4044.138. Workaround ========== None. Description =========== - CVE-2020-6464 (arbitrary code execution) A type confusion issue has been found in the Blink component of the chromium browser before 81.0.4044.138. - CVE-2020-6831 (arbitrary code execution) A buffer overflow could occur when parsing and validating SCTP chunks in WebRTC, in Firefox before 76.0, Thunderbird before 68.8.0 and chromium before 81.0.4044.138. This could have led to memory corruption and a potentially exploitable crash. Impact ====== A remote attacker can execute arbitrary code on the affected host. References ========== https://chromereleases.googleblog.com/2020/05/stable-channel-update-for-desktop.html https://crbug.com/1071059 https://bugzilla.mozilla.org/show_bug.cgi?id=1632241 https://crbug.com/1073602 https://www.mozilla.org/en-US/security/advisories/mfsa2020-16/#CVE-2020-6831 https://www.mozilla.org/en-US/security/advisories/mfsa2020-18/#CVE-2020-6831 https://security.archlinux.org/CVE-2020-6464 https://security.archlinux.org/CVE-2020-6831

[ASA-202005-2] chromium: arbitrary code execution

Arch Linux Security Advisory ASA-202005-2 ========================================= Severity: High Date : 2020-05-06 CVE-ID : CVE-2020-6464 CVE-2020-6831 Package : chromium Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-1149 Summary ======= The package chromium before version 81.0.4044.138-1 is vulnerable to arbitrary code execution. Resolution ========== Upgrade to 81.0.4044.138-1. # pacman -Syu "chromium>=81.0.4044.138-1" The problems have been fixed upstream in version 81.0.4044.138. Workaround ========== None. Description =========== - CVE-2020-6464 (arbitrary code execution) A type confusion issue has been found in the Blink component of the chromium browser before 81.0.4044.138. - CVE-2020-6831 (arbitrary code execution) A buffer overflow could occur when parsing and validating SCTP chunks in WebRTC, in Firefox before 76.0, Thunderbird before 68.8.0 and chromium before 81.0.4044.138. This could have led to memory corruption and a potentially exploitable crash. Impact ====== A remote attacker can execute arbitrary code on the affected host. References ========== https://chromereleases.googleblog.com/2020/05/stable-channel-update-for-desktop.html https://crbug.com/1071059 https://bugzilla.mozilla.org/show_bug.cgi?id=1632241 https://crbug.com/1073602 https://www.mozilla.org/en-US/security/advisories/mfsa2020-16/#CVE-2020-6831 https://www.mozilla.org/en-US/security/advisories/mfsa2020-18/#CVE-2020-6831 https://security.archlinux.org/CVE-2020-6464 https://security.archlinux.org/CVE-2020-6831