RHEL 6:chromium-browser (RHSA-2020: 0514)

high Nessus Plugin ID 133749

概要

遠端 Red Hat 主機缺少一個或多個安全性更新。

說明

遠端 Redhat Enterprise Linux 6 主機上安裝的套件受到 RHSA-2020: 0514 公告中提及的多個弱點影響。

- libxslt:在 transform.c 的 xsltCopyText 中存在釋放後使用弱點,可導致資訊外洩 (CVE-2019-18197)

- sqlite:CVE-2019-19926 修復不完整而導致的錯誤不當處理 (CVE-2019-19880)

- sqlite:在 select.c 的 flattenSubquery 中,未正確處理涉及 LEFT JOIN 的特定 SELECT DISTINCT 用法,導致 NULL 指標解除參照 (CVE-2019-19923)

- sqlite:ZIP 封存更新期間,ext/misc/zipfile.c 中的 zipfileUpdate 未正確處理 NULL 路徑名稱 (CVE-2019-19925)

- sqlite:CVE-2019-19880 修正不完整而導致的錯誤不當處理 (CVE-2019-19926)

- chromium-browser:JavaScript 中存在整數溢位 (CVE-2020-6381)

- chromium-browser:JavaScript 中存在類型混淆 (CVE-2020-6382)

- chromium-browser:儲存空間中存在原則強制執行不足問題 (CVE-2020-6385)

- chromium-browser:WebRTC 中存在超出邊界寫入 (CVE-2020-6387、CVE-2020-6389)

- chromium-browser:WebAudio 中存在超出邊界記憶體存取 (CVE-2020-6388)

- chromium-browser:資料流中存在超出邊界記憶體存取 (CVE-2020-6390)

- chromium-browser:Blink 中非受信任的輸入驗證不足 (CVE-2020-6391)

- chromium-browser:延伸模組中的原則強制執行不足 (CVE-2020-6392)

- chromium-browser:Blink 中存在原則強制執行不足 (CVE-2020-6393、CVE-2020-6394)

- chromium-browser:JavaScript 中存在超出邊界讀取 (CVE-2020-6395)

- chromium-browser:Skia 中存在不當實作問題 (CVE-2020-6396)

- chromium-browser:共用中存在不正確的安全性 UI (CVE-2020-6397)

- chromium-browser:PDFium 中存在未初始化使用問題 (CVE-2020-6398)

- chromium-browser:AppCache 中存在原則強制執行不足問題 (CVE-2020-6399)

- chromium-browser:CORS 中存在不當實作問題 (CVE-2020-6400)

- chromium-browser:Omnibox 中非受信任的輸入驗證不足 (CVE-2020-6401、CVE-2020-6411、CVE-2020-6412)

- chromium-browser:下載中存在原則強制執行不足問題 (CVE-2020-6402)

- chromium-browser:Omnibox 中存在不正確的安全性 UI (CVE-2020-6403)

- chromium-browser:Blink 中存在不當實作問題 (CVE-2020-6404、CVE-2020-6413)

- sqlite:使用 ON/USING 子句的 SELECT 中存在超出邊界讀取 (CVE-2020-6405)

- chromium-browser:音訊中存在釋放後使用 (CVE-2020-6406)

- chromium-browser:CORS 中存在原則強制執行不足 (CVE-2020-6408)

- chromium-browser:Omnibox 中存在不當實作問題 (CVE-2020-6409)

- chromium-browser:導覽中存在原則強制執行不足 (CVE-2020-6410)

- chromium-browser:安全瀏覽中存在原則強制執行不足 (CVE-2020-6414)

- chromium-browser:JavaScript 中存在不當實作問題 (CVE-2020-6415)

- chromium-browser:資料流中存在資料驗證不充分問題 (CVE-2020-6416)

- chromium-browser:安裝程式中存在不當實作 (CVE-2020-6417)

- chromium-browser:AppCache 中存在不當實作問題 (CVE-2020-6499)

- chromium-browser:插入式中存在不當實作問題 (CVE-2020-6500)

- chromium-browser:CSP 中存在原則強制執行不足 (CVE-2020-6501)

- chromium-browser:權限中存在不正確的安全性 UI (CVE-2020-6502)

請注意,Nessus 並未測試這些問題,而是僅依據應用程式自我報告的版本號碼作出判斷。

解決方案

更新受影響的 chromium-browser 套件。

另請參閱

https://access.redhat.com/security/cve/CVE-2020-6395

https://access.redhat.com/security/cve/CVE-2020-6396

https://access.redhat.com/security/cve/CVE-2020-6397

https://access.redhat.com/security/cve/CVE-2020-6398

https://access.redhat.com/security/cve/CVE-2020-6399

https://access.redhat.com/security/cve/CVE-2020-6400

https://access.redhat.com/security/cve/CVE-2020-6401

https://access.redhat.com/security/cve/CVE-2020-6402

https://access.redhat.com/security/cve/CVE-2020-6403

https://access.redhat.com/security/cve/CVE-2020-6404

https://access.redhat.com/security/cve/CVE-2020-6405

https://access.redhat.com/security/cve/CVE-2020-6406

https://access.redhat.com/security/cve/CVE-2020-6408

https://access.redhat.com/security/cve/CVE-2020-6409

https://access.redhat.com/security/cve/CVE-2020-6410

https://access.redhat.com/security/cve/CVE-2020-6411

https://access.redhat.com/security/cve/CVE-2020-6412

https://access.redhat.com/security/cve/CVE-2020-6413

https://access.redhat.com/security/cve/CVE-2020-6414

https://access.redhat.com/security/cve/CVE-2020-6415

https://access.redhat.com/security/cve/CVE-2020-6416

https://access.redhat.com/security/cve/CVE-2020-6417

https://access.redhat.com/security/cve/CVE-2020-6499

https://access.redhat.com/security/cve/CVE-2020-6500

https://access.redhat.com/security/cve/CVE-2020-6501

https://access.redhat.com/security/cve/CVE-2020-6502

https://bugzilla.redhat.com/1801186

https://bugzilla.redhat.com/1801187

https://bugzilla.redhat.com/1801188

https://bugzilla.redhat.com/1801189

https://bugzilla.redhat.com/1801190

https://bugzilla.redhat.com/1801191

https://bugzilla.redhat.com/1801192

https://access.redhat.com/security/cve/CVE-2019-18197

https://access.redhat.com/security/cve/CVE-2019-19880

https://access.redhat.com/security/cve/CVE-2019-19923

https://access.redhat.com/security/cve/CVE-2019-19925

https://access.redhat.com/security/cve/CVE-2019-19926

https://access.redhat.com/security/cve/CVE-2020-6381

https://access.redhat.com/security/cve/CVE-2020-6382

https://access.redhat.com/security/cve/CVE-2020-6385

https://access.redhat.com/security/cve/CVE-2020-6387

https://access.redhat.com/security/cve/CVE-2020-6388

https://access.redhat.com/security/cve/CVE-2020-6389

https://access.redhat.com/security/cve/CVE-2020-6390

https://access.redhat.com/security/cve/CVE-2020-6391

https://access.redhat.com/security/cve/CVE-2020-6392

https://access.redhat.com/security/cve/CVE-2020-6393

https://access.redhat.com/security/cve/CVE-2020-6394

https://access.redhat.com/errata/RHSA-2020:0514

https://bugzilla.redhat.com/1770768

https://bugzilla.redhat.com/1787032

https://bugzilla.redhat.com/1788846

https://bugzilla.redhat.com/1788866

https://bugzilla.redhat.com/1789364

https://bugzilla.redhat.com/1801160

https://bugzilla.redhat.com/1801161

https://bugzilla.redhat.com/1801162

https://bugzilla.redhat.com/1801163

https://bugzilla.redhat.com/1801164

https://bugzilla.redhat.com/1801165

https://bugzilla.redhat.com/1801166

https://bugzilla.redhat.com/1801167

https://bugzilla.redhat.com/1801168

https://bugzilla.redhat.com/1801169

https://bugzilla.redhat.com/1801170

https://bugzilla.redhat.com/1801171

https://bugzilla.redhat.com/1801172

https://bugzilla.redhat.com/1801173

https://bugzilla.redhat.com/1801174

https://bugzilla.redhat.com/1801175

https://bugzilla.redhat.com/1801176

https://bugzilla.redhat.com/1801177

https://bugzilla.redhat.com/1801178

https://bugzilla.redhat.com/1801179

https://bugzilla.redhat.com/1801180

https://bugzilla.redhat.com/1801181

https://bugzilla.redhat.com/1801182

https://bugzilla.redhat.com/1801184

https://bugzilla.redhat.com/1801185

https://bugzilla.redhat.com/1801193

https://bugzilla.redhat.com/1844539

https://bugzilla.redhat.com/1844542

https://bugzilla.redhat.com/1844546

https://bugzilla.redhat.com/1844549

Plugin 詳細資訊

嚴重性: High

ID: 133749

檔案名稱: redhat-RHSA-2020-0514.nasl

版本: 1.10

類型: local

代理程式: unix

已發布: 2020/2/18

已更新: 2023/1/23

支援的感應器: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

風險資訊

VPR

風險因素: Medium

分數: 6.7

CVSS v2

風險因素: Medium

基本分數: 6.8

時間分數: 5.3

媒介: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS 評分資料來源: CVE-2020-6416

CVSS v3

風險因素: High

基本分數: 8.8

時間分數: 7.9

媒介: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

時間媒介: CVSS:3.0/E:P/RL:O/RC:C

弱點資訊

CPE: cpe:/o:redhat:enterprise_linux:6, cpe:/o:redhat:rhel_els:6, cpe:/o:redhat:rhel_eus:6.0, p-cpe:/a:redhat:enterprise_linux:chromium-browser

必要的 KB 項目: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

可被惡意程式利用: true

可輕鬆利用: Exploits are available

修補程式發佈日期: 2020/2/17

弱點發布日期: 2019/10/18

參考資訊

CVE: CVE-2019-18197, CVE-2019-19880, CVE-2019-19923, CVE-2019-19925, CVE-2019-19926, CVE-2020-6381, CVE-2020-6382, CVE-2020-6385, CVE-2020-6387, CVE-2020-6388, CVE-2020-6389, CVE-2020-6390, CVE-2020-6391, CVE-2020-6392, CVE-2020-6393, CVE-2020-6394, CVE-2020-6395, CVE-2020-6396, CVE-2020-6397, CVE-2020-6398, CVE-2020-6399, CVE-2020-6400, CVE-2020-6401, CVE-2020-6402, CVE-2020-6403, CVE-2020-6404, CVE-2020-6405, CVE-2020-6406, CVE-2020-6408, CVE-2020-6409, CVE-2020-6410, CVE-2020-6411, CVE-2020-6412, CVE-2020-6413, CVE-2020-6414, CVE-2020-6415, CVE-2020-6416, CVE-2020-6417

CWE: 125, 20, 416, 476

IAVA: 2020-A-0051-S

RHSA: 2020:0514