https://helpx.adobe.com/security/products/flash-player/apsb19-30.html

FEDORA-2020-10ec8aca61

FEDORA-2020-3e005ce2e0

DSA-4824

This update for chromium fixes the following issues :

  - Update to 87.0.4280.66 (boo#1178923)

  - Wayland support by default

  - CVE-2020-16018: Use after free in payments. 

  - CVE-2020-16019: Inappropriate implementation in     filesystem. 

  - CVE-2020-16020: Inappropriate implementation in     cryptohome. 

  - CVE-2020-16021: Race in ImageBurner. 

  - CVE-2020-16022: Insufficient policy enforcement in     networking. 

  - CVE-2020-16015: Insufficient data validation in WASM. R

  - CVE-2020-16014: Use after free in PPAPI. 

  - CVE-2020-16023: Use after free in WebCodecs. 

  - CVE-2020-16024: Heap buffer overflow in UI.

  - CVE-2020-16025: Heap buffer overflow in clipboard. 

  - CVE-2020-16026: Use after free in WebRTC. 

  - CVE-2020-16027: Insufficient policy enforcement in     developer tools. R

  - CVE-2020-16028: Heap buffer overflow in WebRTC. 

  - CVE-2020-16029: Inappropriate implementation in PDFium. 

  - CVE-2020-16030: Insufficient data validation in Blink. 

  - CVE-2019-8075: Insufficient data validation in Flash. 

  - CVE-2020-16031: Incorrect security UI in tab preview. 

  - CVE-2020-16032: Incorrect security UI in sharing.

  - CVE-2020-16033: Incorrect security UI in WebUSB. 

  - CVE-2020-16034: Inappropriate implementation in WebRTC. 

  - CVE-2020-16035: Insufficient data validation in     cros-disks.

  - CVE-2020-16012: Side-channel information leakage in     graphics. 

  - CVE-2020-16036: Inappropriate implementation in cookies.

Update to 87.0.4280.66. Fixes bugs and security holes. Yay!

CVE-2020-16012 CVE-2020-16018 CVE-2020-16019 CVE-2020-16020 CVE-2020-16021 CVE-2020-16022 CVE-2020-16015 CVE-2020-16014 CVE-2020-16023 CVE-2020-16024 CVE-2020-16025 CVE-2020-16026 CVE-2020-16027 CVE-2020-16028 CVE-2020-16029 CVE-2020-16030 CVE-2020-16031 CVE-2020-16032 CVE-2020-16033 CVE-2020-16034 CVE-2020-16035 CVE-2020-16036

----

Update to 86.0.4240.198. Fixes the following security issues :

CVE-2020-16013 CVE-2020-16016 CVE-2020-16017

----

Update to 86.0.4240.183.

Fixes the following security issues: CVE-2020-16004 CVE-2020-16005 CVE-2020-16006 CVE-2020-16008 CVE-2020-16009

Also disables the very verbose output going to stdout.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Update to 87.0.4280.66. Fixes bugs and security holes. Yay!

CVE-2020-16012 CVE-2020-16018 CVE-2020-16019 CVE-2020-16020 CVE-2020-16021 CVE-2020-16022 CVE-2020-16015 CVE-2020-16014 CVE-2020-16023 CVE-2020-16024 CVE-2020-16025 CVE-2020-16026 CVE-2020-16027 CVE-2020-16028 CVE-2020-16029 CVE-2020-16030 CVE-2020-16031 CVE-2020-16032 CVE-2020-16033 CVE-2020-16034 CVE-2020-16035 CVE-2020-16036

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The version of Microsoft Edge installed on the remote Windows host is prior to 87.0.664.41. It is, therefore, affected by multiple vulnerabilities as referenced in the ADV200002-11-19-2020 advisory.

  - Adobe Flash Player version 32.0.0.192 and earlier versions have a Same Origin Policy Bypass vulnerability.
    Successful exploitation could lead to Information Disclosure in the context of the current user.
    (CVE-2019-8075)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Google Chrome installed on the remote host is prior to 87.0.4280.66. It is, therefore, affected by multiple vulnerabilities as referenced in the 2020_11_stable-channel-update-for-desktop_17 advisory. Note that Nessus Network Monitor has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Google Chrome installed on the remote Windows host is prior to 87.0.4280.66. It is, therefore, affected by multiple vulnerabilities as referenced in the 2020_11_stable-channel-update-for-desktop_17 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Google Chrome installed on the remote macOS host is prior to 87.0.4280.66. It is, therefore, affected by multiple vulnerabilities as referenced in the 2020_11_stable-channel-update-for-desktop_17 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Adobe Flash Player installed on the remote Windows host is equal or prior to version 32.0.0.192. It is therefore affected by the following vulnerabilities :

  - An unspecified flaw exists that allows an unspecified     use-after-free to occur. An unauthenticated, remote     attacker could exploit this to execute arbitrary code     (CVE-2019-7845)

  - An unspecified flaw exists that allows same origin     policy bypass leading to information disclosure.
    (CVE-2019-8075)

The version of Adobe Flash Player installed on the remote macOS or Mac OS X host is equal or prior to version 32.0.0.192. It is therefore affected by the following vulnerabilities :

  - An unspecified flaw exists that allows an unspecified     use-after-free to occur. An unauthenticated, remote     attacker could exploit this to execute arbitrary code     (CVE-2019-7845)

  - An unspecified flaw exists that allows same origin     policy bypass leading to information disclosure.
    (CVE-2019-8075)

ID	Name	Product	Family	Severity
143333	openSUSE Security Update : chromium (openSUSE-2020-2021)	Nessus	SuSE Local Security Checks	high
143303	openSUSE Security Update : chromium (openSUSE-2020-2032)	Nessus	SuSE Local Security Checks	high
143227	Fedora 32 : chromium (2020-3e005ce2e0)	Nessus	Fedora Local Security Checks	high
143176	Fedora 33 : chromium (2020-10ec8aca61)	Nessus	Fedora Local Security Checks	high
143156	Microsoft Edge (Chromium) < 87.0.664.41 Multiple Vulnerabilities	Nessus	Windows	high
701293	Google Chrome < 87.0.4280.66 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	high
142971	Google Chrome < 87.0.4280.66 Multiple Vulnerabilities	Nessus	Windows	high
142970	Google Chrome < 87.0.4280.66 Multiple Vulnerabilities	Nessus	MacOS X Local Security Checks	high
125815	Adobe Flash Player <= 32.0.0.192 (APSB19-30)	Nessus	Windows	high
125814	Adobe Flash Player for Mac <= 32.0.0.192 (APSB19-30)	Nessus	MacOS X Local Security Checks	high

CVE-2019-8075

high

New! CVE Severity Now Using CVSS v3

Description

References

Details

Risk Information

CVSS v2

CVSS v3

Vulnerable Software

Configuration 1

Configuration 2

Configuration 3

Tenable Plugins

high

high

high

high

high

high

high

high

high

high