---

Log

AVG-1118 created at 19 Mar 2020 09:25:56
Packages	+ chromium
Issues	+ CVE-2019-20503 + CVE-2020-6422 + CVE-2020-6424 + CVE-2020-6425 + CVE-2020-6426 + CVE-2020-6427 + CVE-2020-6428 + CVE-2020-6429 + CVE-2020-6449
Status	+ Fixed
Severity	+ Medium
Affected	+ 80.0.3987.132-2
Fixed	+ 80.0.3987.149-1
Ticket
Advisory qualified	+ Yes
References	+ https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_18.html
Notes

CVE-2020-6429 created at 19 Mar 2020 09:25:56

AVG-1118 created at 19 Mar 2020 09:25:56
Packages	+ chromium
Issues	+ CVE-2019-20503 + CVE-2020-6422 + CVE-2020-6424 + CVE-2020-6425 + CVE-2020-6426 + CVE-2020-6427 + CVE-2020-6428 + CVE-2020-6429 + CVE-2020-6449
Status	+ Fixed
Severity	+ Medium
Affected	+ 80.0.3987.132-2
Fixed	+ 80.0.3987.149-1
Ticket
Advisory qualified	+ Yes
References	+ https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_18.html
Notes

CVE-2020-6427 created at 19 Mar 2020 09:25:56

AVG-1118 created at 19 Mar 2020 09:25:56
Packages	+ chromium
Issues	+ CVE-2019-20503 + CVE-2020-6422 + CVE-2020-6424 + CVE-2020-6425 + CVE-2020-6426 + CVE-2020-6427 + CVE-2020-6428 + CVE-2020-6429 + CVE-2020-6449
Status	+ Fixed
Severity	+ Medium
Affected	+ 80.0.3987.132-2
Fixed	+ 80.0.3987.149-1
Ticket
Advisory qualified	+ Yes
References	+ https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_18.html
Notes

CVE-2020-6428 created at 19 Mar 2020 09:25:56

AVG-1118 created at 19 Mar 2020 09:25:56
Packages	+ chromium
Issues	+ CVE-2019-20503 + CVE-2020-6422 + CVE-2020-6424 + CVE-2020-6425 + CVE-2020-6426 + CVE-2020-6427 + CVE-2020-6428 + CVE-2020-6429 + CVE-2020-6449
Status	+ Fixed
Severity	+ Medium
Affected	+ 80.0.3987.132-2
Fixed	+ 80.0.3987.149-1
Ticket
Advisory qualified	+ Yes
References	+ https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_18.html
Notes

CVE-2020-6449 created at 19 Mar 2020 09:25:56

AVG-1118 created at 19 Mar 2020 09:25:56
Packages	+ chromium
Issues	+ CVE-2019-20503 + CVE-2020-6422 + CVE-2020-6424 + CVE-2020-6425 + CVE-2020-6426 + CVE-2020-6427 + CVE-2020-6428 + CVE-2020-6429 + CVE-2020-6449
Status	+ Fixed
Severity	+ Medium
Affected	+ 80.0.3987.132-2
Fixed	+ 80.0.3987.149-1
Ticket
Advisory qualified	+ Yes
References	+ https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_18.html
Notes

CVE-2020-6426 created at 19 Mar 2020 09:25:56

AVG-1117 edited at 19 Mar 2020 09:22:14
Severity	- Unknown + Medium

CVE-2020-10648 edited at 19 Mar 2020 09:22:14
Severity	- Unknown + Medium
Remote	- Unknown + Local
Type	- Unknown + Insufficient validation
Description	+ An insufficient validation issue has been found in U-Boot versions 2018.03 and 2020.0. Versions prior to 2018.03 may be affected as well. An attacker having a properly signed FIT image is able to craft arbitrary FIT images that would pass signature validation, resulting in booting and execution of untrusted code. The exploitation relies on the fact that the crafted configuration will be chosen to be booted. This may occur, for example, when the attacker is able to modify the default property of the configurations node and the setup does not explicitly choose to boot a specific configuration.
References	+ https://www.openwall.com/lists/oss-security/2020/03/18/5 + https://labs.f-secure.com/advisories/das-u-boot-verified-boot-bypass/ + https://lists.denx.de/pipermail/u-boot/2020-March/403409.html
Notes

AVG-1117 created at 19 Mar 2020 09:19:44
Packages	+ uboot-tools
Issues	+ CVE-2020-10648
Status	+ Vulnerable
Severity	+ Unknown
Affected	+ 2020.01-1
Fixed
Ticket
Advisory qualified	+ Yes
References	+ https://www.openwall.com/lists/oss-security/2020/03/18/5
Notes

CVE-2020-10648 created at 19 Mar 2020 09:19:44

AVG-1116 edited at 17 Mar 2020 13:20:29
Severity	- Unknown + High

CVE-2020-0556 edited at 17 Mar 2020 13:20:29
Severity	- Unknown + High
Remote	- Unknown + Remote
Type	- Unknown + Access restriction bypass
Description	+ It was discovered that the HID and HOGP profiles implementations in bluez before 5.54 don't specifically require bonding between the device and the host. This creates an opportunity for a malicious device to connect to a target host to either impersonate an existing HID device without security or to cause an SDP or GATT service discovery to take place which would allow HID reports to be injected to the input subsystem froma non-bonded source. + This potentially enables escalation of privilege and denial of service via adjacent access.
References	+ https://lore.kernel.org/linux-bluetooth/20200310023516.209146-1-alainm@chromium.org/ + https://patchwork.kernel.org/patch/11428317/ + https://patchwork.kernel.org/patch/11428319/ + https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=8cdbd3b09f29da29374e2f83369df24228da0ad1 + https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=3cccdbab2324086588df4ccf5f892fb3ce1f1787
Notes

AVG-1116 created at 17 Mar 2020 13:17:04
Packages	+ bluez
Issues	+ CVE-2020-0556
Status	+ Fixed
Severity	+ Unknown
Affected	+ 5.53-1
Fixed	+ 5.54-1
Ticket
Advisory qualified	+ Yes
References	+ https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00352.html + https://www.openwall.com/lists/oss-security/2020/03/12/4
Notes

CVE-2020-0556 created at 17 Mar 2020 13:17:04

ASA-202003-11 edited at 16 Mar 2020 16:30:12