Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.FEDORA_2020-F6271D7AFA.NASL
HistoryMar 20, 2020 - 12:00 a.m.

Fedora 31 : chromium (2020-f6271d7afa)

2020-03-2000:00:00
This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
13
JSON

Update to 80.0.3987.132. Lots of security fixes here. VAAPI re-enabled by default except on NVIDIA.

List of CVEs fixed (since last update) :

  • CVE-2019-20446

  • CVE-2020-6381

  • CVE-2020-6382

  • CVE-2020-6383

  • CVE-2020-6384

  • CVE-2020-6385

  • CVE-2020-6386

  • CVE-2020-6387

  • CVE-2020-6388

  • CVE-2020-6389

  • CVE-2020-6390

  • CVE-2020-6391

  • CVE-2020-6392

  • CVE-2020-6393

  • CVE-2020-6394

  • CVE-2020-6395

  • CVE-2020-6396

  • CVE-2020-6397

  • CVE-2020-6398

  • CVE-2020-6399

  • CVE-2020-6400

  • CVE-2020-6401

  • CVE-2020-6402

  • CVE-2020-6403

  • CVE-2020-6404

  • CVE-2020-6405

  • CVE-2020-6406

  • CVE-2020-6407

  • CVE-2020-6408

  • CVE-2020-6409

  • CVE-2020-6410

  • CVE-2020-6411

  • CVE-2020-6412

  • CVE-2020-6413

  • CVE-2020-6414

  • CVE-2020-6415

  • CVE-2020-6416

  • CVE-2020-6417

  • CVE-2020-6418

  • CVE-2020-6420

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory FEDORA-2020-f6271d7afa.
#

include('deprecated_nasl_level.inc');
include("compat.inc");

if (description)
{
  script_id(134718);
  script_version("1.9");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/12/06");

  script_cve_id("CVE-2019-20446", "CVE-2020-10531", "CVE-2020-6381", "CVE-2020-6382", "CVE-2020-6383", "CVE-2020-6384", "CVE-2020-6385", "CVE-2020-6386", "CVE-2020-6387", "CVE-2020-6388", "CVE-2020-6389", "CVE-2020-6390", "CVE-2020-6391", "CVE-2020-6392", "CVE-2020-6393", "CVE-2020-6394", "CVE-2020-6395", "CVE-2020-6396", "CVE-2020-6397", "CVE-2020-6398", "CVE-2020-6399", "CVE-2020-6400", "CVE-2020-6401", "CVE-2020-6402", "CVE-2020-6403", "CVE-2020-6404", "CVE-2020-6405", "CVE-2020-6406", "CVE-2020-6407", "CVE-2020-6408", "CVE-2020-6409", "CVE-2020-6410", "CVE-2020-6411", "CVE-2020-6412", "CVE-2020-6413", "CVE-2020-6414", "CVE-2020-6415", "CVE-2020-6416", "CVE-2020-6417", "CVE-2020-6418", "CVE-2020-6420");
  script_xref(name:"FEDORA", value:"2020-f6271d7afa");
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/05/03");
  script_xref(name:"CEA-ID", value:"CEA-2020-0023");

  script_name(english:"Fedora 31 : chromium (2020-f6271d7afa)");
  script_summary(english:"Checks rpm output for the updated package.");

  script_set_attribute(
    attribute:"synopsis",
    value:"The remote Fedora host is missing a security update."
  );
  script_set_attribute(
    attribute:"description",
    value:
"Update to 80.0.3987.132. Lots of security fixes here. VAAPI re-enabled
by default except on NVIDIA.

List of CVEs fixed (since last update) :

  - CVE-2019-20446

  - CVE-2020-6381 

  - CVE-2020-6382 

  - CVE-2020-6383 

  - CVE-2020-6384

  - CVE-2020-6385 

  - CVE-2020-6386

  - CVE-2020-6387 

  - CVE-2020-6388

  - CVE-2020-6389

  - CVE-2020-6390 

  - CVE-2020-6391

  - CVE-2020-6392 

  - CVE-2020-6393

  - CVE-2020-6394

  - CVE-2020-6395

  - CVE-2020-6396 

  - CVE-2020-6397 

  - CVE-2020-6398

  - CVE-2020-6399 

  - CVE-2020-6400 

  - CVE-2020-6401 

  - CVE-2020-6402 

  - CVE-2020-6403 

  - CVE-2020-6404 

  - CVE-2020-6405 

  - CVE-2020-6406 

  - CVE-2020-6407

  - CVE-2020-6408 

  - CVE-2020-6409 

  - CVE-2020-6410 

  - CVE-2020-6411 

  - CVE-2020-6412 

  - CVE-2020-6413 

  - CVE-2020-6414 

  - CVE-2020-6415 

  - CVE-2020-6416 

  - CVE-2020-6417

  - CVE-2020-6418

  - CVE-2020-6420

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bodhi.fedoraproject.org/updates/FEDORA-2020-f6271d7afa"
  );
  script_set_attribute(
    attribute:"solution",
    value:"Update the affected chromium package."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-6420");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Google Chrome 80 JSCreate side-effect type confusion exploit');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:chromium");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:31");

  script_set_attribute(attribute:"vuln_publication_date", value:"2020/02/02");
  script_set_attribute(attribute:"patch_publication_date", value:"2020/03/20");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/03/20");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Fedora Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! preg(pattern:"^31([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 31", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);


flag = 0;
if (rpm_check(release:"FC31", reference:"chromium-80.0.3987.132-1.fc31", allowmaj:TRUE)) flag++;


if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "chromium");
}
VendorProductVersionCPE
fedoraprojectfedorachromiump-cpe:/a:fedoraproject:fedora:chromium
fedoraprojectfedora31cpe:/o:fedoraproject:fedora:31

References

Related

openvas 15
fedora 2
debian 1
nessus 27
mageia 2
archlinux 2
suse 6
osv 4
redhat 3
chrome 3
kaspersky 5
gentoo 1
googleprojectzero 1
thn 1
threatpost 1
cve 25
ubuntucve 23
oraclelinux 1
freebsd 1
alpinelinux 1
debiancve 23
exploitdb 1
zdt 1
redhatcve 21
prion 21
almalinux 1
rocky 1
packetstorm 1
exploitpack 1
veracode 1
checkpoint_advisories 2
openvas
openvas
Fedora: Security Advisory for chromium (FEDORA-2020-f6271d7afa)
2020-03-20 00:00:00
Debian: Security Advisory for chromium (DSA-4638-1)
2020-03-18 00:00:00
Google Chrome Security Updates(stable-channel-update-for-desktop-2020-02)-Linux
2020-02-05 00:00:00
fedora
fedora
[SECURITY] Fedora 31 Update: chromium-80.0.3987.132-1.fc31
2020-03-20 01:51:25
[SECURITY] Fedora 30 Update: chromium-80.0.3987.149-1.fc30
2020-03-27 10:46:23
debian
debian
[SECURITY] [DSA 4638-1] chromium security update
2020-03-11 00:54:05
nessus
nessus
Debian DSA-4638-1 : chromium - security update
2020-03-12 00:00:00
Google Chrome < 80.0.3987.87 Multiple Vulnerabilities
2020-02-04 00:00:00
Google Chrome < 80.0.3987.87 Multiple Vulnerabilities
2020-02-04 00:00:00
mageia
mageia
Updated chromium-browser-stable packages fix security vulnerabilities
2020-03-06 19:13:58
Updated librsvg packages fix security vulnerability
2020-04-05 20:07:15
archlinux
archlinux
[ASA-202002-3] chromium: multiple issues
2020-02-06 00:00:00
[ASA-202002-11] chromium: multiple issues
2020-02-25 00:00:00
suse
suse
Security update for chromium (important)
2020-02-09 00:00:00
Security update for chromium (important)
2020-02-12 00:00:00
Security update for chromium, re2 (important)
2020-02-19 00:00:00
osv
osv
chromium - security update
2020-03-10 00:00:00
Moderate: librsvg2 security update
2020-11-03 12:29:09
CVE-2019-20446
2020-02-02 14:15:10
redhat
redhat
(RHSA-2020:0514) Important: chromium-browser security update
2020-02-17 08:02:41
(RHSA-2020:0738) Important: chromium-browser security update
2020-03-09 08:03:29
(RHSA-2020:4709) Moderate: librsvg2 security update
2020-11-03 12:29:09
chrome
chrome
Stable Channel Update for Desktop
2020-02-04 00:00:00
Stable Channel Update for Desktop
2020-02-18 00:00:00
Stable Channel Update for Desktop
2020-02-24 00:00:00
kaspersky
kaspersky
KLA11660 Multiple vulnerabilities in Google Chrome
2020-02-04 00:00:00
KLA11721 Multiple vulnerabilities in Opera
2020-02-14 00:00:00
KLA11677 Multiple vulnerabilities in Google Chrome
2020-02-18 00:00:00
gentoo
gentoo
Chromium, Google Chrome: Multiple vulnerabilities
2020-03-13 00:00:00
googleprojectzero
googleprojectzero
Exploiting Android Messengers with WebRTC: Part 1
2020-08-03 00:00:00
thn
thn
Install Latest Chrome Update to Patch 0-Day Bug Under Active Attacks
2020-02-25 11:47:00
threatpost
threatpost
Google Patches Chrome Browser Zero-Day Bug, Under Attack
2020-02-25 18:34:52
cve
cve
CVE-2020-6390
2020-02-11 15:15:00
CVE-2020-6411
2020-02-11 15:15:00
CVE-2020-6413
2020-02-11 15:15:00
ubuntucve
ubuntucve
CVE-2020-6401
2020-02-11 00:00:00
CVE-2020-6390
2020-02-11 00:00:00
CVE-2020-6398
2020-02-11 00:00:00
oraclelinux
oraclelinux
librsvg2 security update
2020-11-10 00:00:00
freebsd
freebsd
librsvg2 -- multiple vulnerabilities
2020-02-26 00:00:00
alpinelinux
alpinelinux
CVE-2019-20446
2020-02-02 14:15:00
debiancve
debiancve
CVE-2020-6390
2020-02-11 15:15:00
CVE-2020-6404
2020-02-11 15:15:00
CVE-2020-6398
2020-02-11 15:15:00
exploitdb
exploitdb
Google Chrome 80.0.3987.87 - Heap-Corruption Remote Denial of Service (PoC)
2020-03-23 00:00:00
zdt
zdt
Google Chrome 80.0.3987.87 - Heap-Corruption Remote Denial of Service Exploit
2020-03-23 00:00:00
redhatcve
redhatcve
CVE-2020-6403
2020-02-10 12:15:24
CVE-2020-6404
2020-02-10 12:15:20
CVE-2019-20446
2020-02-03 14:18:18
prion
prion
Design/Logic Flaw
2020-02-11 15:15:00
Design/Logic Flaw
2020-02-27 23:15:00
Design/Logic Flaw
2020-02-11 15:15:00
almalinux
almalinux
Moderate: librsvg2 security update
2020-11-03 12:29:09
rocky
rocky
librsvg2 security update
2020-11-03 12:29:09
packetstorm
packetstorm
Google Chrome 80.0.3987.87 Denial Of Service
2020-03-23 00:00:00
exploitpack
exploitpack
Google Chrome 80.0.3987.87 - Heap-Corruption Remote Denial of Service (PoC)
2020-03-23 00:00:00
veracode
veracode
Denial Of Service (DoS)
2020-11-05 03:18:39
checkpoint_advisories
checkpoint_advisories
Google Chrome Out of Bounds Read (CVE-2020-6390)
2021-03-30 00:00:00
Google Chrome Speech Use After Free (CVE-2020-6386)
2020-10-19 00:00:00
JSON
Related for FEDORA_2020-F6271D7AFA.NASL
openvas15fedora2debian1nessus27mageia2archlinux2suse6osv4redhat3chrome3kaspersky5gentoo1googleprojectzero1thn1threatpost1cve25ubuntucve23oraclelinux1freebsd1alpinelinux1debiancve23exploitdb1zdt1redhatcve21prion21almalinux1rocky1packetstorm1exploitpack1veracode1checkpoint_advisories2