{"id": "REDHAT-RHSA-2020-4351.NASL", "bulletinFamily": "scanner", "title": "RHEL 6 : chromium-browser (RHSA-2020:4351)", "description": "The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:4351 advisory.\n\n - freetype: Heap-based buffer overflow due to integer truncation in Load_SBit_Png (CVE-2020-15999)\n\n - chromium-browser: Inappropriate implementation in Blink (CVE-2020-16000)\n\n - chromium-browser: Use after free in media (CVE-2020-16001)\n\n - chromium-browser: Use after free in PDFium (CVE-2020-16002)\n\n - chromium-browser: Use after free in printing (CVE-2020-16003)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "published": "2020-10-28T00:00:00", "modified": "2020-10-28T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "href": "https://www.tenable.com/plugins/nessus/142008", "reporter": "This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://bugzilla.redhat.com/1890266", "https://bugzilla.redhat.com/1890268", "https://bugzilla.redhat.com/1890210", "https://access.redhat.com/security/cve/CVE-2020-16001", "https://access.redhat.com/security/cve/CVE-2020-16003", "https://access.redhat.com/errata/RHSA-2020:4351", "https://access.redhat.com/security/cve/CVE-2020-16000", "https://cwe.mitre.org/data/definitions/190.html", "https://cwe.mitre.org/data/definitions/122.html", "https://access.redhat.com/security/cve/CVE-2020-16002", "https://bugzilla.redhat.com/1890267", "https://bugzilla.redhat.com/1890269", "https://access.redhat.com/security/cve/CVE-2020-15999"], "cvelist": ["CVE-2020-16000", "CVE-2020-15999", "CVE-2020-16002", "CVE-2020-16001", "CVE-2020-16003"], "type": "nessus", "lastseen": "2020-11-21T06:05:40", "edition": 4, "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "suse", "idList": ["OPENSUSE-SU-2020:1829-1", "OPENSUSE-SU-2020:1718-1", "OPENSUSE-SU-2020:1737-1", "OPENSUSE-SU-2020:1731-1", "OPENSUSE-SU-2020:1744-1", "OPENSUSE-SU-2020:1734-1"]}, {"type": "nessus", "idList": ["MICROSOFT_EDGE_CHROMIUM_86_0_622_51.NASL", "SUSE_SU-2020-2998-1.NASL", "FREEBSD_PKG_F4722927137511EB87113065EC8FD3EC.NASL", "REDHAT-RHSA-2020-4949.NASL", "OPENSUSE-2020-1952.NASL", "OPENSUSE-2020-1737.NASL", "GOOGLE_CHROME_86_0_4240_111.NASL", "REDHAT-RHSA-2020-4951.NASL", "OPENSUSE-2020-1718.NASL", "MACOSX_GOOGLE_CHROME_86_0_4240_111.NASL"]}, {"type": "kaspersky", "idList": ["KLA11986"]}, {"type": "redhat", "idList": ["RHSA-2020:5194", "RHSA-2020:4951", "RHSA-2020:4351", "RHSA-2020:4949", "RHSA-2020:4907", "RHSA-2020:4952", "RHSA-2020:4950"]}, {"type": "freebsd", "idList": ["458DF97F-1440-11EB-AAEC-E0D55E2A8BF9", "F4722927-1375-11EB-8711-3065EC8FD3EC"]}, {"type": "cve", "idList": ["CVE-2020-16003", "CVE-2020-16000", "CVE-2020-16002", "CVE-2020-16001", "CVE-2020-15999"]}, {"type": "threatpost", "idList": ["THREATPOST:D48D061BB27415A9A171838BA457EB0E", "THREATPOST:B94C72282597270B568FB72191A99385", "THREATPOST:DF87733B74489628AB9F2C89704380A9", "THREATPOST:6F7E512F15913694CF17A906715FE678"]}, {"type": "attackerkb", "idList": ["AKB:B72B19ED-8E0B-4C11-9C2D-95A25BCC42A6", "AKB:C6F99915-AA1F-419E-A866-FCD1140D6667"]}, {"type": "gentoo", "idList": ["GLSA-202010-07", "GLSA-202011-12"]}, {"type": "debian", "idList": ["DEBIAN:DSA-4777-1:E3B2F", "DEBIAN:DLA-2415-1:46C29"]}, {"type": "archlinux", "idList": ["ASA-202010-10", "ASA-202010-11"]}, {"type": "ubuntu", "idList": ["USN-4593-2", "USN-4593-1"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:40B6CEF3C04EE6E976C145960F0C4FEE", "MALWAREBYTES:79956B6DF02C5841171B3AEE17565978"]}, {"type": "fedora", "idList": ["FEDORA:9A29D35BA6A6", "FEDORA:6F705313E07A", "FEDORA:53B8A30C6A0B", "FEDORA:EEAC030B0FC3", "FEDORA:B7E3531099A9", "FEDORA:8B8553055E91"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:96DCE4C98C4BF0770916E3FFC1290807"]}, {"type": "amazon", "idList": ["ALAS2-2020-1565"]}, {"type": "oraclelinux", "idList": ["ELSA-2020-4952", "ELSA-2020-4907"]}, {"type": "slackware", "idList": ["SSA-2020-294-01"]}, {"type": "thn", "idList": ["THN:955CBC4C8C3F414A1ED3D5F7CAA08A9F", "THN:DAE548E4C591A2718BC3A3D2C9440FB1", "THN:89153A67BADBEDB4D309DCACBFF2EA7F", "THN:1CAE17F613AA7CBF6F4E99804811C608", "THN:7AD5261E90CC5E52D9933B8F13139A3E"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:D18C016FED8F2EC566E781EC4B141FB0"]}, {"type": "centos", "idList": ["CESA-2020:4907"]}, {"type": "github", "idList": ["GHSA-PV36-H7JH-QM62"]}, {"type": "krebs", "idList": ["KREBS:613A537780BD40A6F8E0047CE8D3E6EC"]}], "modified": "2020-11-21T06:05:40", "rev": 2}, "score": {"value": 5.6, "vector": "NONE", "modified": "2020-11-21T06:05:40", "rev": 2}, "vulnersScore": 5.6}, "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:4351. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142008);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/19\");\n\n script_cve_id(\n \"CVE-2020-15999\",\n \"CVE-2020-16000\",\n \"CVE-2020-16001\",\n \"CVE-2020-16002\",\n \"CVE-2020-16003\"\n );\n script_xref(name:\"RHSA\", value:\"2020:4351\");\n\n script_name(english:\"RHEL 6 : chromium-browser (RHSA-2020:4351)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:4351 advisory.\n\n - freetype: Heap-based buffer overflow due to integer truncation in Load_SBit_Png (CVE-2020-15999)\n\n - chromium-browser: Inappropriate implementation in Blink (CVE-2020-16000)\n\n - chromium-browser: Use after free in media (CVE-2020-16001)\n\n - chromium-browser: Use after free in PDFium (CVE-2020-16002)\n\n - chromium-browser: Use after free in printing (CVE-2020-16003)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/122.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/190.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-15999\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-16000\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-16001\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-16002\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-16003\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:4351\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1890210\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1890266\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1890267\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1890268\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1890269\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected chromium-browser package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-16003\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(122, 190);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:rhel_extras:6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:chromium-browser\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Red Hat 6.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nrepositories = {\n 'rhel_extras_6': [\n 'rhel-6-desktop-supplementary-debuginfo',\n 'rhel-6-desktop-supplementary-rpms',\n 'rhel-6-desktop-supplementary-source-rpms',\n 'rhel-6-for-hpc-node-supplementary-debuginfo',\n 'rhel-6-for-hpc-node-supplementary-rpms',\n 'rhel-6-for-hpc-node-supplementary-source-rpms',\n 'rhel-6-server-aus-supplementary-debuginfo',\n 'rhel-6-server-aus-supplementary-rpms',\n 'rhel-6-server-aus-supplementary-source-rpms',\n 'rhel-6-server-eus-supplementary-debuginfo',\n 'rhel-6-server-eus-supplementary-rpms',\n 'rhel-6-server-eus-supplementary-source-rpms',\n 'rhel-6-server-supplementary-debuginfo',\n 'rhel-6-server-supplementary-rpms',\n 'rhel-6-server-supplementary-source-rpms',\n 'rhel-6-workstation-supplementary-debuginfo',\n 'rhel-6-workstation-supplementary-rpms',\n 'rhel-6-workstation-supplementary-source-rpms',\n 'rhel-hpc-node-6-eus-supplementary-debug-rpms',\n 'rhel-hpc-node-6-eus-supplementary-rpms',\n 'rhel-hpc-node-6-eus-supplementary-source-rpms'\n ]\n};\n\nfound_repos = NULL;\nhost_repo_list = get_kb_list('Host/RedHat/repo-list/*');\nif (!(empty_or_null(host_repo_list))) {\n found_repos = make_list();\n foreach repo_key (keys(repositories)) {\n foreach repo ( repositories[repo_key] ) {\n if (get_kb_item('Host/RedHat/repo-list/' + repo)) {\n append_element(var:found_repos, value:repo_key);\n break;\n }\n }\n }\n if(empty_or_null(found_repos)) audit(AUDIT_RHSA_NOT_AFFECTED, 'RHSA-2020:4351');\n}\n\npkgs = [\n {'reference':'chromium-browser-86.0.4240.111-1.el6_10', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'repo_list':['rhel_extras_6']},\n {'reference':'chromium-browser-86.0.4240.111-1.el6_10', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'repo_list':['rhel_extras_6']}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n repocheck = FALSE;\n if (empty_or_null(found_repos))\n {\n repocheck = TRUE;\n }\n else\n {\n foreach repo (repo_list) {\n if (contains_element(var:found_repos, value:repo))\n {\n repocheck = TRUE;\n break;\n }\n }\n }\n if (repocheck && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n if (empty_or_null(host_repo_list)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'chromium-browser');\n}\n", "naslFamily": "Red Hat Local Security Checks", "pluginID": "142008", "cpe": ["cpe:/a:redhat:rhel_extras:6", "p-cpe:/a:redhat:enterprise_linux:chromium-browser", "cpe:/o:redhat:enterprise_linux:6"], "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "scheme": null}

{"nessus": [{"lastseen": "2020-11-21T05:01:02", "description": "This update for chromium fixes the following issues :\n\n - Update to 86.0.4240.111 boo#1177936\n\n - CVE-2020-16000: Inappropriate implementation in Blink.\n\n - CVE-2020-16001: Use after free in media.\n\n - CVE-2020-16002: Use after free in PDFium.\n\n - CVE-2020-15999: Heap buffer overflow in Freetype.\n\n - CVE-2020-16003: Use after free in printing.", "edition": 5, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-10-26T00:00:00", "title": "openSUSE Security Update : chromium (openSUSE-2020-1718)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-16000", "CVE-2020-15999", "CVE-2020-16002", "CVE-2020-16001", "CVE-2020-16003"], "modified": "2020-10-26T00:00:00", "cpe": ["cpe:/o:novell:opensuse:15.1", "p-cpe:/a:novell:opensuse:chromedriver-debuginfo", "p-cpe:/a:novell:opensuse:chromium", "p-cpe:/a:novell:opensuse:chromedriver", "p-cpe:/a:novell:opensuse:chromium-debuginfo"], "id": "OPENSUSE-2020-1718.NASL", "href": "https://www.tenable.com/plugins/nessus/141888", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-1718.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(141888);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/20\");\n\n script_cve_id(\"CVE-2020-15999\", \"CVE-2020-16000\", \"CVE-2020-16001\", \"CVE-2020-16002\", \"CVE-2020-16003\");\n\n script_name(english:\"openSUSE Security Update : chromium (openSUSE-2020-1718)\");\n script_summary(english:\"Check for the openSUSE-2020-1718 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for chromium fixes the following issues :\n\n - Update to 86.0.4240.111 boo#1177936\n\n - CVE-2020-16000: Inappropriate implementation in Blink.\n\n - CVE-2020-16001: Use after free in media.\n\n - CVE-2020-16002: Use after free in PDFium.\n\n - CVE-2020-15999: Heap buffer overflow in Freetype.\n\n - CVE-2020-16003: Use after free in printing.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177936\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected chromium packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"chromedriver-86.0.4240.111-lp151.2.147.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"chromedriver-debuginfo-86.0.4240.111-lp151.2.147.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"chromium-86.0.4240.111-lp151.2.147.1\", allowmaj:TRUE) ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"chromium-debuginfo-86.0.4240.111-lp151.2.147.1\", allowmaj:TRUE) ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromedriver / chromedriver-debuginfo / chromium / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-11-21T05:01:02", "description": "This update for chromium fixes the following issues :\n\n - Update to 86.0.4240.111 boo#1177936\n\n - CVE-2020-16000: Inappropriate implementation in Blink.\n\n - CVE-2020-16001: Use after free in media.\n\n - CVE-2020-16002: Use after free in PDFium.\n\n - CVE-2020-15999: Heap buffer overflow in Freetype.\n\n - CVE-2020-16003: Use after free in printing.", "edition": 5, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-10-27T00:00:00", "title": "openSUSE Security Update : chromium (openSUSE-2020-1737)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-16000", "CVE-2020-15999", "CVE-2020-16002", "CVE-2020-16001", "CVE-2020-16003"], "modified": "2020-10-27T00:00:00", "cpe": ["cpe:/o:novell:opensuse:15.2", "p-cpe:/a:novell:opensuse:chromedriver-debuginfo", "p-cpe:/a:novell:opensuse:chromium", "p-cpe:/a:novell:opensuse:chromedriver", "p-cpe:/a:novell:opensuse:chromium-debuginfo"], "id": "OPENSUSE-2020-1737.NASL", "href": "https://www.tenable.com/plugins/nessus/141929", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-1737.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(141929);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/20\");\n\n script_cve_id(\"CVE-2020-15999\", \"CVE-2020-16000\", \"CVE-2020-16001\", \"CVE-2020-16002\", \"CVE-2020-16003\");\n\n script_name(english:\"openSUSE Security Update : chromium (openSUSE-2020-1737)\");\n script_summary(english:\"Check for the openSUSE-2020-1737 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for chromium fixes the following issues :\n\n - Update to 86.0.4240.111 boo#1177936\n\n - CVE-2020-16000: Inappropriate implementation in Blink.\n\n - CVE-2020-16001: Use after free in media.\n\n - CVE-2020-16002: Use after free in PDFium.\n\n - CVE-2020-15999: Heap buffer overflow in Freetype.\n\n - CVE-2020-16003: Use after free in printing.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177936\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected chromium packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.2\", reference:\"chromedriver-86.0.4240.111-lp152.2.42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"chromedriver-debuginfo-86.0.4240.111-lp152.2.42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"chromium-86.0.4240.111-lp152.2.42.1\", allowmaj:TRUE) ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"chromium-debuginfo-86.0.4240.111-lp152.2.42.1\", allowmaj:TRUE) ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromedriver / chromedriver-debuginfo / chromium / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-11-21T04:03:22", "description": "The version of Google Chrome installed on the remote macOS host is prior to 86.0.4240.111. It is, therefore, affected by\nmultiple vulnerabilities as referenced in the 2020_10_stable-channel-update-for-desktop_20 advisory. Note that Nessus\nhas not tested for this issue but has instead relied only on the application's self-reported version number.", "edition": 7, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-10-20T00:00:00", "title": "Google Chrome < 86.0.4240.111 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-16000", "CVE-2020-15999", "CVE-2020-16002", "CVE-2020-16001", "CVE-2020-16003"], "modified": "2020-10-20T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "MACOSX_GOOGLE_CHROME_86_0_4240_111.NASL", "href": "https://www.tenable.com/plugins/nessus/141574", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141574);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/19\");\n\n script_cve_id(\n \"CVE-2020-15999\",\n \"CVE-2020-16000\",\n \"CVE-2020-16001\",\n \"CVE-2020-16002\",\n \"CVE-2020-16003\"\n );\n script_xref(name:\"IAVA\", value:\"2020-A-0486-S\");\n\n script_name(english:\"Google Chrome < 86.0.4240.111 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote macOS host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote macOS host is prior to 86.0.4240.111. It is, therefore, affected by\nmultiple vulnerabilities as referenced in the 2020_10_stable-channel-update-for-desktop_20 advisory. Note that Nessus\nhas not tested for this issue but has instead relied only on the application's self-reported version number.\");\n # https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop_20.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?908ce031\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1125337\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1135018\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1137630\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1139963\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1134960\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 86.0.4240.111 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-16003\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_google_chrome_installed.nbin\");\n script_require_keys(\"MacOSX/Google Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('MacOSX/Google Chrome/Installed');\n\ngoogle_chrome_check_version(fix:'86.0.4240.111', severity:SECURITY_WARNING, xss:FALSE, xsrf:FALSE);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-11-21T02:59:34", "description": "Chrome Releases reports :\n\nThis release includes 5 security fixes :\n\n- [1125337] High CVE-2020-16000: Inappropriate implementation in\nBlink. Reported by amaebi_jp on 2020-09-06\n\n- [1135018] High CVE-2020-16001: Use after free in media. Reported by\nKhalil Zhani on 2020-10-05\n\n- [1137630] High CVE-2020-16002: Use after free in PDFium. Reported by\nWeipeng Jiang (@Krace) from Codesafe Team of Legendsec at Qi'anxin\nGroup on 2020-10-13\n\n- [1139963] High CVE-2020-15999: Heap buffer overflow in Freetype.\nReported by Sergei Glazunov of Google Project Zero on 2020-10-19\n\n- [1134960] Medium CVE-2020-16003: Use after free in printing.\nReported by Khalil Zhani on 2020-10-04", "edition": 5, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-10-22T00:00:00", "title": "FreeBSD : chromium -- multiple vulnerabilities (f4722927-1375-11eb-8711-3065ec8fd3ec)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-16000", "CVE-2020-15999", "CVE-2020-16002", "CVE-2020-16001", "CVE-2020-16003"], "modified": "2020-10-22T00:00:00", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:chromium"], "id": "FREEBSD_PKG_F4722927137511EB87113065EC8FD3EC.NASL", "href": "https://www.tenable.com/plugins/nessus/141790", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2020 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(141790);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/20\");\n\n script_cve_id(\"CVE-2020-15999\", \"CVE-2020-16000\", \"CVE-2020-16001\", \"CVE-2020-16002\", \"CVE-2020-16003\");\n\n script_name(english:\"FreeBSD : chromium -- multiple vulnerabilities (f4722927-1375-11eb-8711-3065ec8fd3ec)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Chrome Releases reports :\n\nThis release includes 5 security fixes :\n\n- [1125337] High CVE-2020-16000: Inappropriate implementation in\nBlink. Reported by amaebi_jp on 2020-09-06\n\n- [1135018] High CVE-2020-16001: Use after free in media. Reported by\nKhalil Zhani on 2020-10-05\n\n- [1137630] High CVE-2020-16002: Use after free in PDFium. Reported by\nWeipeng Jiang (@Krace) from Codesafe Team of Legendsec at Qi'anxin\nGroup on 2020-10-13\n\n- [1139963] High CVE-2020-15999: Heap buffer overflow in Freetype.\nReported by Sergei Glazunov of Google Project Zero on 2020-10-19\n\n- [1134960] Medium CVE-2020-16003: Use after free in printing.\nReported by Khalil Zhani on 2020-10-04\"\n );\n # https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop_20.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?908ce031\"\n );\n # https://vuxml.freebsd.org/freebsd/f4722927-1375-11eb-8711-3065ec8fd3ec.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1813a7fb\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"chromium<86.0.4240.111\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-11-21T03:34:19", "description": "The version of Google Chrome installed on the remote Windows host is prior to 86.0.4240.111. It is, therefore, affected\nby multiple vulnerabilities as referenced in the 2020_10_stable-channel-update-for-desktop_20 advisory. Note that Nessus\nhas not tested for this issue but has instead relied only on the application's self-reported version number.", "edition": 7, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-10-20T00:00:00", "title": "Google Chrome < 86.0.4240.111 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-16000", "CVE-2020-15999", "CVE-2020-16002", "CVE-2020-16001", "CVE-2020-16003"], "modified": "2020-10-20T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "GOOGLE_CHROME_86_0_4240_111.NASL", "href": "https://www.tenable.com/plugins/nessus/141573", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141573);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/19\");\n\n script_cve_id(\n \"CVE-2020-15999\",\n \"CVE-2020-16000\",\n \"CVE-2020-16001\",\n \"CVE-2020-16002\",\n \"CVE-2020-16003\"\n );\n script_xref(name:\"IAVA\", value:\"2020-A-0486-S\");\n\n script_name(english:\"Google Chrome < 86.0.4240.111 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Windows host is prior to 86.0.4240.111. It is, therefore, affected\nby multiple vulnerabilities as referenced in the 2020_10_stable-channel-update-for-desktop_20 advisory. Note that Nessus\nhas not tested for this issue but has instead relied only on the application's self-reported version number.\");\n # https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop_20.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?908ce031\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1125337\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1135018\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1137630\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1139963\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1134960\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 86.0.4240.111 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-16003\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"google_chrome_installed.nasl\");\n script_require_keys(\"SMB/Google_Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('SMB/Google_Chrome/Installed');\ninstalls = get_kb_list('SMB/Google_Chrome/*');\n\ngoogle_chrome_check_version(installs:installs, fix:'86.0.4240.111', severity:SECURITY_WARNING, xss:FALSE, xsrf:FALSE);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-11-21T04:10:38", "description": "The version of Microsoft Edge installed on the remote Windows host is prior to 86.0.622.51. It is, therefore, affected\nby multiple vulnerabilities as referenced in the ADV200002-10-22-2020 advisory. Note that Nessus has not tested for this\nissue but has instead relied only on the application's self-reported version number.", "edition": 5, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-10-22T00:00:00", "title": "Microsoft Edge (Chromium) < 86.0.622.51 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-16000", "CVE-2020-15999", "CVE-2020-16002", "CVE-2020-16001", "CVE-2020-16003"], "modified": "2020-10-22T00:00:00", "cpe": ["cpe:/a:microsoft:edge"], "id": "MICROSOFT_EDGE_CHROMIUM_86_0_622_51.NASL", "href": "https://www.tenable.com/plugins/nessus/141815", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141815);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/19\");\n\n script_cve_id(\n \"CVE-2020-15999\",\n \"CVE-2020-16000\",\n \"CVE-2020-16001\",\n \"CVE-2020-16002\",\n \"CVE-2020-16003\"\n );\n\n script_name(english:\"Microsoft Edge (Chromium) < 86.0.622.51 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an web browser installed that is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Microsoft Edge installed on the remote Windows host is prior to 86.0.622.51. It is, therefore, affected\nby multiple vulnerabilities as referenced in the ADV200002-10-22-2020 advisory. Note that Nessus has not tested for this\nissue but has instead relied only on the application's self-reported version number.\");\n # https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200002\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?083510ae\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Microsoft Edge version 86.0.622.51 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-16003\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"microsoft_edge_chromium_installed.nbin\");\n script_require_keys(\"installed_sw/Microsoft Edge (Chromium)\", \"SMB/Registry/Enumerated\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\nget_kb_item_or_exit('SMB/Registry/Enumerated');\napp_info = vcf::get_app_info(app:'Microsoft Edge (Chromium)', win_local:TRUE);\nconstraints = [\n { 'fixed_version' : '86.0.622.51' }\n];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-25T04:59:52", "description": "This update for opera fixes the following issues :\n\nOpera was updated to version 72.0.3815.320\n\n - CHR-8177 Update chromium on desktop-stable-86-3815 to\n 86.0.4240.183\n\n - DNA-89748 &lsquo;Manage Extensions&rsquo; dialog is\n displayed with preloaded extensions\n\n - DNA-89766 Address bar does not respond to actions\n\n - The update to chromium 86.0.4240.183 fixes following\n issues: CVE-2020-16004, CVE-2020-16005, CVE-2020-16006,\n CVE-2020-16007, CVE-2020-16008, CVE-2020-16009,\n CVE-2020-16011\n\n - Update to version 72.0.3815.200\n\n - DNA-87150 Speed Dial tile can&rsquo;t be dragged to\n proper place\n\n - DNA-89632 Improve hovering over icons\n\n - DNA-89647 [Light mode] Wrong URL color in &lsquo;Add\n Site&rsquo; section\n\n - DNA-89791 Typo in Spanish\n\n - The update to chromium 86.0.4240.111 fixes following\n issues: CVE-2020-16000, CVE-2020-16001, CVE-2020-16002,\n CVE-2020-15999, CVE-2020-16003\n\n - Complete Opera 72.0 changelog at:\n https://blogs.opera.com/desktop/changelog-for-72/\n\n - Update to version 71.0.3770.271\n\n - DNA-88353 Crash at\n opera::TabCyclerView::HighlightContents\n (content::WebContents*, bool)\n\n - DNA-89177 Device update request should only be called\n when FCM token has changed\n\n - DNA-89186 Handle device expired case in all server calls\n\n - DNA-89202 Pages are rendered in dark mode when force\n dark mode prefs were synced from Opera GX\n\n - DNA-89247 [Mac] Fullscreen video broken if sidebar is\n hidden\n\n - DNA-89298 Some elements of VPN popup are misaligned to\n design\n\n - DNA-89305 Crash after closing Downloads pop-up", "edition": 3, "cvss3": {"score": 9.6, "vector": "AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"}, "published": "2020-11-18T00:00:00", "title": "openSUSE Security Update : opera (openSUSE-2020-1952)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-16000", "CVE-2020-16011", "CVE-2020-16007", "CVE-2020-15999", "CVE-2020-16009", "CVE-2020-16002", "CVE-2020-16001", "CVE-2020-16005", "CVE-2020-16004", "CVE-2020-16008", "CVE-2020-16003", "CVE-2020-16006"], "modified": "2020-11-18T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:opera", "cpe:/o:novell:opensuse:15.2", "cpe:/o:novell:opensuse:15.1"], "id": "OPENSUSE-2020-1952.NASL", "href": "https://www.tenable.com/plugins/nessus/143001", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-1952.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(143001);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/24\");\n\n script_cve_id(\"CVE-2020-15999\", \"CVE-2020-16000\", \"CVE-2020-16001\", \"CVE-2020-16002\", \"CVE-2020-16003\", \"CVE-2020-16004\", \"CVE-2020-16005\", \"CVE-2020-16006\", \"CVE-2020-16007\", \"CVE-2020-16008\", \"CVE-2020-16009\", \"CVE-2020-16011\");\n\n script_name(english:\"openSUSE Security Update : opera (openSUSE-2020-1952)\");\n script_summary(english:\"Check for the openSUSE-2020-1952 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for opera fixes the following issues :\n\nOpera was updated to version 72.0.3815.320\n\n - CHR-8177 Update chromium on desktop-stable-86-3815 to\n 86.0.4240.183\n\n - DNA-89748 &lsquo;Manage Extensions&rsquo; dialog is\n displayed with preloaded extensions\n\n - DNA-89766 Address bar does not respond to actions\n\n - The update to chromium 86.0.4240.183 fixes following\n issues: CVE-2020-16004, CVE-2020-16005, CVE-2020-16006,\n CVE-2020-16007, CVE-2020-16008, CVE-2020-16009,\n CVE-2020-16011\n\n - Update to version 72.0.3815.200\n\n - DNA-87150 Speed Dial tile can&rsquo;t be dragged to\n proper place\n\n - DNA-89632 Improve hovering over icons\n\n - DNA-89647 [Light mode] Wrong URL color in &lsquo;Add\n Site&rsquo; section\n\n - DNA-89791 Typo in Spanish\n\n - The update to chromium 86.0.4240.111 fixes following\n issues: CVE-2020-16000, CVE-2020-16001, CVE-2020-16002,\n CVE-2020-15999, CVE-2020-16003\n\n - Complete Opera 72.0 changelog at:\n https://blogs.opera.com/desktop/changelog-for-72/\n\n - Update to version 71.0.3770.271\n\n - DNA-88353 Crash at\n opera::TabCyclerView::HighlightContents\n (content::WebContents*, bool)\n\n - DNA-89177 Device update request should only be called\n when FCM token has changed\n\n - DNA-89186 Handle device expired case in all server calls\n\n - DNA-89202 Pages are rendered in dark mode when force\n dark mode prefs were synced from Opera GX\n\n - DNA-89247 [Mac] Fullscreen video broken if sidebar is\n hidden\n\n - DNA-89298 Some elements of VPN popup are misaligned to\n design\n\n - DNA-89305 Crash after closing Downloads pop-up\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://blogs.opera.com/desktop/changelog-for-72/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected opera package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-16011\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:opera\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1|SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1 / 15.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"opera-72.0.3815.320-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"opera-72.0.3815.320-lp152.2.21.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"opera\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-11-21T02:49:02", "description": "The freetype project reports :\n\nA heap buffer overflow has been found in the handling of embedded PNG\nbitmaps, introduced in FreeType version 2.6.", "edition": 5, "cvss3": {"score": 6.5, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2020-10-23T00:00:00", "title": "FreeBSD : freetype2 -- heap buffer overlfow (458df97f-1440-11eb-aaec-e0d55e2a8bf9)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-15999"], "modified": "2020-10-23T00:00:00", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:freetype2"], "id": "FREEBSD_PKG_458DF97F144011EBAAECE0D55E2A8BF9.NASL", "href": "https://www.tenable.com/plugins/nessus/141844", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2020 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(141844);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/20\");\n\n script_cve_id(\"CVE-2020-15999\");\n\n script_name(english:\"FreeBSD : freetype2 -- heap buffer overlfow (458df97f-1440-11eb-aaec-e0d55e2a8bf9)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The freetype project reports :\n\nA heap buffer overflow has been found in the handling of embedded PNG\nbitmaps, introduced in FreeType version 2.6.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://sourceforge.net/projects/freetype/files/freetype2/2.10.4/\"\n );\n # https://vuxml.freebsd.org/freebsd/458df97f-1440-11eb-aaec-e0d55e2a8bf9.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?dea85915\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:freetype2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"freetype2<2.10.4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-07T09:07:07", "description": "According to the version of the freetype package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - Heap buffer overflow in Freetype in Google Chrome prior\n to 86.0.4240.111 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML\n page.(CVE-2020-15999)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 3, "cvss3": {"score": 6.5, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2020-12-01T00:00:00", "title": "EulerOS 2.0 SP9 : freetype (EulerOS-SA-2020-2483)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-15999"], "modified": "2020-12-01T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:freetype", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-2483.NASL", "href": "https://www.tenable.com/plugins/nessus/143413", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143413);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2020-15999\"\n );\n\n script_name(english:\"EulerOS 2.0 SP9 : freetype (EulerOS-SA-2020-2483)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the freetype package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - Heap buffer overflow in Freetype in Google Chrome prior\n to 86.0.4240.111 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML\n page.(CVE-2020-15999)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-2483\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?bc07def5\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected freetype package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(9)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"freetype-2.10.1-1.h1.eulerosv2r9\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"9\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freetype\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-11-21T02:39:26", "description": "Security fix for CVE-2020-15999.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 3, "cvss3": {"score": 6.5, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2020-11-09T00:00:00", "title": "Fedora 31 : freetype (2020-6b35849edd)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-15999"], "modified": "2020-11-09T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:freetype", "cpe:/o:fedoraproject:fedora:31"], "id": "FEDORA_2020-6B35849EDD.NASL", "href": "https://www.tenable.com/plugins/nessus/142621", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2020-6b35849edd.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(142621);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/20\");\n\n script_cve_id(\"CVE-2020-15999\");\n script_xref(name:\"FEDORA\", value:\"2020-6b35849edd\");\n\n script_name(english:\"Fedora 31 : freetype (2020-6b35849edd)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Security fix for CVE-2020-15999.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2020-6b35849edd\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected freetype package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-15999\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:31\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^31([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 31\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC31\", reference:\"freetype-2.10.0-4.fc31\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freetype\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "kaspersky": [{"lastseen": "2020-12-03T07:08:36", "bulletinFamily": "info", "cvelist": ["CVE-2020-16000", "CVE-2020-15999", "CVE-2020-16002", "CVE-2020-16001", "CVE-2020-16003"], "description": "### *Detect date*:\n10/20/2020\n\n### *Severity*:\nWarning\n\n### *Description*:\nMultiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to bypass security restrictions, cause denial of service.\n\n### *Exploitation*:\nMalware exists for this vulnerability. Usually such malware is classified as Exploit. [More details](<https://threats.kaspersky.com/en/class/Exploit/>).\n\n### *Affected products*:\nGoogle Chrome earlier than 86.0.4240.111\n\n### *Solution*:\nUpdate to the latest version \n[Download Google Chrome](<https://www.google.com/chrome/>)\n\n### *Original advisories*:\n[Stable Channel Update for Desktop](<https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop_20.html>) \n\n\n### *Impacts*:\nDoS \n\n### *Related products*:\n[Google Chrome](<https://threats.kaspersky.com/en/product/Google-Chrome/>)\n\n### *CVE-IDS*:\n[CVE-2020-16001](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16001>)0.0Unknown \n[CVE-2020-15999](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15999>)0.0Unknown \n[CVE-2020-16002](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16002>)0.0Unknown \n[CVE-2020-16003](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16003>)0.0Unknown \n[CVE-2020-16000](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16000>)0.0Unknown", "edition": 3, "modified": "2020-11-25T00:00:00", "published": "2020-10-20T00:00:00", "id": "KLA11986", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11986", "title": "\r KLA11986Multiple vulnerabilities in Google Chrome ", "type": "kaspersky", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2020-11-04T22:18:46", "bulletinFamily": "unix", "cvelist": ["CVE-2020-15999", "CVE-2020-16000", "CVE-2020-16001", "CVE-2020-16002", "CVE-2020-16003"], "description": "Chromium is an open-source web browser, powered by WebKit (Blink).\n\nThis update upgrades Chromium to version 86.0.4240.111.\n\nSecurity Fix(es):\n\n* chromium-browser: Inappropriate implementation in Blink (CVE-2020-16000)\n\n* chromium-browser: Use after free in media (CVE-2020-16001)\n\n* chromium-browser: Use after free in PDFium (CVE-2020-16002)\n\n* freetype: Heap-based buffer overflow due to integer truncation in Load_SBit_Png (CVE-2020-15999)\n\n* chromium-browser: Use after free in printing (CVE-2020-16003)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2020-10-27T00:01:11", "published": "2020-10-26T23:49:04", "id": "RHSA-2020:4351", "href": "https://access.redhat.com/errata/RHSA-2020:4351", "type": "redhat", "title": "(RHSA-2020:4351) Important: chromium-browser security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-11-05T10:16:34", "bulletinFamily": "unix", "cvelist": ["CVE-2020-15999"], "description": "FreeType is a free, high-quality, portable font engine that can open and manage font files. FreeType loads, hints, and renders individual glyphs efficiently.\n\nSecurity Fix(es):\n\n* freetype: Heap-based buffer overflow due to integer truncation in Load_SBit_Png (CVE-2020-15999)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2020-11-05T13:36:26", "published": "2020-11-05T13:26:43", "id": "RHSA-2020:4952", "href": "https://access.redhat.com/errata/RHSA-2020:4952", "type": "redhat", "title": "(RHSA-2020:4952) Important: freetype security update", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-11-05T10:18:39", "bulletinFamily": "unix", "cvelist": ["CVE-2020-15999"], "description": "FreeType is a free, high-quality, portable font engine that can open and manage font files. FreeType loads, hints, and renders individual glyphs efficiently.\n\nSecurity Fix(es):\n\n* freetype: Heap-based buffer overflow due to integer truncation in Load_SBit_Png (CVE-2020-15999)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2020-11-05T13:36:23", "published": "2020-11-05T13:24:47", "id": "RHSA-2020:4950", "href": "https://access.redhat.com/errata/RHSA-2020:4950", "type": "redhat", "title": "(RHSA-2020:4950) Important: freetype security update", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-11-05T10:16:44", "bulletinFamily": "unix", "cvelist": ["CVE-2020-15999"], "description": "FreeType is a free, high-quality, portable font engine that can open and manage font files. FreeType loads, hints, and renders individual glyphs efficiently.\n\nSecurity Fix(es):\n\n* freetype: Heap-based buffer overflow due to integer truncation in Load_SBit_Png (CVE-2020-15999)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2020-11-05T13:41:10", "published": "2020-11-05T13:24:50", "id": "RHSA-2020:4951", "href": "https://access.redhat.com/errata/RHSA-2020:4951", "type": "redhat", "title": "(RHSA-2020:4951) Important: freetype security update", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-11-05T10:16:51", "bulletinFamily": "unix", "cvelist": ["CVE-2020-15999"], "description": "FreeType is a free, high-quality, portable font engine that can open and manage font files. FreeType loads, hints, and renders individual glyphs efficiently.\n\nSecurity Fix(es):\n\n* freetype: Heap-based buffer overflow due to integer truncation in Load_SBit_Png (CVE-2020-15999)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2020-11-05T13:32:51", "published": "2020-11-05T13:24:45", "id": "RHSA-2020:4949", "href": "https://access.redhat.com/errata/RHSA-2020:4949", "type": "redhat", "title": "(RHSA-2020:4949) Important: freetype security update", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-11-04T22:18:22", "bulletinFamily": "unix", "cvelist": ["CVE-2020-15999"], "description": "FreeType is a free, high-quality, portable font engine that can open and manage font files. FreeType loads, hints, and renders individual glyphs efficiently.\n\nSecurity Fix(es):\n\n* freetype: Heap-based buffer overflow due to integer truncation in Load_SBit_Png (CVE-2020-15999)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2020-11-04T15:08:12", "published": "2020-11-04T14:39:15", "id": "RHSA-2020:4907", "href": "https://access.redhat.com/errata/RHSA-2020:4907", "type": "redhat", "title": "(RHSA-2020:4907) Important: freetype security update", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-01T11:32:14", "bulletinFamily": "unix", "cvelist": ["CVE-2020-15999", "CVE-2020-8559"], "description": "Red Hat OpenShift Container Platform is Red Hat's cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nSecurity Fix(es):\n\n* kubernetes: compromised node could escalate to cluster level privileges (CVE-2020-8559)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nThis advisory contains the container images for Red Hat OpenShift Container\nPlatform 4.5.21. See the following advisory for the RPM packages for this\nrelease:\n\nhttps://access.redhat.com/errata/RHBA-2020:5193\n\nSpace precludes documenting all of the container images in this advisory.\nSee the following Release Notes documentation, which will be updated\nshortly for this release, for details about these changes:\n\nhttps://docs.openshift.com/container-platform/4.5/release_notes/ocp-4-5-release-notes.html\n\nThis update fixes the following bug among others:\n\n* Previously, the Image Registry Operator did not generate the `httpSecret` when it was empty. This caused the `httpSecret` to not be set correctly. Now, the Operator generates the `httpSecret` and uses it for all replicas when the configuration file is created. (BZ#1895856)\n\nYou may download the oc tool and use it to inspect release image metadata\nas follows:\n\n(For x86_64 architecture)\n\n $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.5.21-x86_64\n\nThe image digest is sha256:7684a3daa92827b313a682b3615f2a348a941f8557b5b509b736226f40e01e07\n\n(For s390x architecture)\n\n $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.5.21-s390x\n\nThe image digest is sha256:6e73d6be6b76ac33c715b58bdcc4691469d2813282c0b34cf6918836a4b9f678\n\n(For ppc64le architecture)\n\n $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.5.21-ppc64le\n\nThe image digest is sha256:168d64a254b218ece47554ff2fc175714d9fcbe8b45136c6d4587fef317bc962\n\nAll OpenShift Container Platform 4.5 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\nhttps://docs.openshift.com/container-platform/4.5/updating/updating-cluster-between-minor.html#understanding-upgrade-channels_updating-cluster-between-minor.", "modified": "2020-12-01T15:41:25", "published": "2020-12-01T15:35:31", "id": "RHSA-2020:5194", "href": "https://access.redhat.com/errata/RHSA-2020:5194", "type": "redhat", "title": "(RHSA-2020:5194) Moderate: OpenShift Container Platform 4.5.21 bug fix and security update", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}], "freebsd": [{"lastseen": "2020-11-05T01:17:15", "bulletinFamily": "unix", "cvelist": ["CVE-2020-16000", "CVE-2020-15999", "CVE-2020-16002", "CVE-2020-16001", "CVE-2020-16003"], "description": "\nChrome Releases reports:\n\nThis release includes 5 security fixes:\n\n[1125337] High CVE-2020-16000: Inappropriate implementation in\n\t Blink. Reported by amaebi_jp on 2020-09-06\n[1135018] High CVE-2020-16001: Use after free in media.\n\t Reported by Khalil Zhani on 2020-10-05\n[1137630] High CVE-2020-16002: Use after free in PDFium.\n\t Reported by Weipeng Jiang (@Krace) from Codesafe Team of Legendsec\n\t at Qi'anxin Group on 2020-10-13\n[1139963] High CVE-2020-15999: Heap buffer overflow in\n\t Freetype. Reported by Sergei Glazunov of Google Project Zero on\n\t 2020-10-19\n[1134960] Medium CVE-2020-16003: Use after free in printing.\n\t Reported by Khalil Zhani on 2020-10-04\n\n\n", "edition": 2, "modified": "2020-10-20T00:00:00", "published": "2020-10-20T00:00:00", "id": "F4722927-1375-11EB-8711-3065EC8FD3EC", "href": "https://vuxml.freebsd.org/freebsd/f4722927-1375-11eb-8711-3065ec8fd3ec.html", "title": "chromium -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-11-05T01:17:15", "bulletinFamily": "unix", "cvelist": ["CVE-2020-15999"], "description": "\nThe freetype project reports:\n\nA heap buffer overflow has been found in the handling of embedded\n\t PNG bitmaps, introduced in FreeType version 2.6.\n\t \n\n", "edition": 2, "modified": "2020-10-20T00:00:00", "published": "2020-10-20T00:00:00", "id": "458DF97F-1440-11EB-AAEC-E0D55E2A8BF9", "href": "https://vuxml.freebsd.org/freebsd/458df97f-1440-11eb-aaec-e0d55e2a8bf9.html", "title": "freetype2 -- heap buffer overlfow", "type": "freebsd", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "suse": [{"lastseen": "2020-10-26T03:03:28", "bulletinFamily": "unix", "cvelist": ["CVE-2020-16000", "CVE-2020-15999", "CVE-2020-16002", "CVE-2020-16001", "CVE-2020-16003"], "description": "This update for chromium fixes the following issues:\n\n - Update to 86.0.4240.111 boo#1177936\n - CVE-2020-16000: Inappropriate implementation in Blink.\n - CVE-2020-16001: Use after free in media.\n - CVE-2020-16002: Use after free in PDFium.\n - CVE-2020-15999: Heap buffer overflow in Freetype.\n - CVE-2020-16003: Use after free in printing.\n\n", "edition": 1, "modified": "2020-10-26T00:15:39", "published": "2020-10-26T00:15:39", "id": "OPENSUSE-SU-2020:1737-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00059.html", "title": "Security update for chromium (important)", "type": "suse", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2020-10-25T21:02:05", "bulletinFamily": "unix", "cvelist": ["CVE-2020-16000", "CVE-2020-15999", "CVE-2020-16002", "CVE-2020-16001", "CVE-2020-16003"], "description": "This update for chromium fixes the following issues:\n\n - Update to 86.0.4240.111 boo#1177936\n - CVE-2020-16000: Inappropriate implementation in Blink.\n - CVE-2020-16001: Use after free in media.\n - CVE-2020-16002: Use after free in PDFium.\n - CVE-2020-15999: Heap buffer overflow in Freetype.\n - CVE-2020-16003: Use after free in printing.\n\n This update was imported from the openSUSE:Leap:15.1:Update update project.\n\n", "edition": 1, "modified": "2020-10-25T18:15:26", "published": "2020-10-25T18:15:26", "id": "OPENSUSE-SU-2020:1731-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00055.html", "title": "Security update for chromium (important)", "type": "suse", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2020-10-24T09:01:58", "bulletinFamily": "unix", "cvelist": ["CVE-2020-16000", "CVE-2020-15999", "CVE-2020-16002", "CVE-2020-16001", "CVE-2020-16003"], "description": "This update for chromium fixes the following issues:\n\n - Update to 86.0.4240.111 boo#1177936\n - CVE-2020-16000: Inappropriate implementation in Blink.\n - CVE-2020-16001: Use after free in media.\n - CVE-2020-16002: Use after free in PDFium.\n - CVE-2020-15999: Heap buffer overflow in Freetype.\n - CVE-2020-16003: Use after free in printing.\n\n", "edition": 1, "modified": "2020-10-24T06:13:30", "published": "2020-10-24T06:13:30", "id": "OPENSUSE-SU-2020:1718-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00051.html", "title": "Security update for chromium (important)", "type": "suse", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2020-10-25T21:02:05", "bulletinFamily": "unix", "cvelist": ["CVE-2020-15999"], "description": "This update for freetype2 fixes the following issues:\n\n - CVE-2020-15999: fixed a heap buffer overflow found in the handling of\n embedded PNG bitmaps (bsc#1177914).\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n", "edition": 1, "modified": "2020-10-25T18:16:17", "published": "2020-10-25T18:16:17", "id": "OPENSUSE-SU-2020:1734-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00056.html", "title": "Security update for freetype2 (important)", "type": "suse", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2020-10-26T19:03:31", "bulletinFamily": "unix", "cvelist": ["CVE-2020-15999"], "description": "This update for freetype2 fixes the following issues:\n\n - CVE-2020-15999: fixed a heap buffer overflow found in the handling of\n embedded PNG bitmaps (bsc#1177914).\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n", "edition": 1, "modified": "2020-10-26T15:18:44", "published": "2020-10-26T15:18:44", "id": "OPENSUSE-SU-2020:1744-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00061.html", "title": "Security update for freetype2 (important)", "type": "suse", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2020-11-05T17:20:10", "bulletinFamily": "unix", "cvelist": ["CVE-2020-16000", "CVE-2020-16011", "CVE-2020-15979", "CVE-2020-15969", "CVE-2020-16007", "CVE-2020-15984", "CVE-2020-15974", "CVE-2020-15999", "CVE-2020-16009", "CVE-2020-15982", "CVE-2020-15968", "CVE-2020-16002", "CVE-2020-15975", "CVE-2020-15985", "CVE-2020-15976", "CVE-2020-16001", "CVE-2020-15989", "CVE-2020-15983", "CVE-2020-15972", "CVE-2020-16005", "CVE-2020-16004", "CVE-2020-16008", "CVE-2020-15986", "CVE-2020-15973", "CVE-2020-15987", "CVE-2020-15971", "CVE-2020-15991", "CVE-2020-16003", "CVE-2020-16006", "CVE-2020-15970", "CVE-2020-15977", "CVE-2020-6557", "CVE-2020-15990", "CVE-2020-15978", "CVE-2020-15981", "CVE-2020-15980", "CVE-2020-15988", "CVE-2020-15967", "CVE-2020-15992"], "description": "This update for chromium, gn fixes the following issues:\n\n chromium was updated to 86.0.4240.183 boo#1178375\n\n - CVE-2020-16004: Use after free in user interface.\n - CVE-2020-16005: Insufficient policy enforcement in ANGLE.\n - CVE-2020-16006: Inappropriate implementation in V8\n - CVE-2020-16007: Insufficient data validation in installer.\n - CVE-2020-16008: Stack buffer overflow in WebRTC.\n - CVE-2020-16009: Inappropriate implementation in V8.\n - CVE-2020-16011: Heap buffer overflow in UI on Windows.\n\n Update to 86.0.4240.111 boo#1177936\n\n - CVE-2020-16000: Inappropriate implementation in Blink.\n - CVE-2020-16001: Use after free in media.\n - CVE-2020-16002: Use after free in PDFium.\n - CVE-2020-15999: Heap buffer overflow in Freetype.\n - CVE-2020-16003: Use after free in printing.\n\n - chromium-86-f_seal.patch: F_SEAL* definitions added for leap 15.1 and\n 15.2\n\n - Remove vdpau-&gt;vaapi bridge as it breaks a lot: (fixes welcome by someone\n else than me)\n\n - Fix cookiemonster:\n\n Update to 86.0.4240.75 boo#1177408:\n\n * CVE-2020-15967: Use after free in payments.\n * CVE-2020-15968: Use after free in Blink.\n * CVE-2020-15969: Use after free in WebRTC.\n * CVE-2020-15970: Use after free in NFC.\n * CVE-2020-15971: Use after free in printing.\n * CVE-2020-15972: Use after free in audio.\n * CVE-2020-15990: Use after free in autofill.\n * CVE-2020-15991: Use after free in password manager.\n * CVE-2020-15973: Insufficient policy enforcement in extensions.\n * CVE-2020-15974: Integer overflow in Blink.\n * CVE-2020-15975: Integer overflow in SwiftShader.\n * CVE-2020-15976: Use after free in WebXR.\n * CVE-2020-6557: Inappropriate implementation in networking.\n * CVE-2020-15977: Insufficient data validation in dialogs.\n * CVE-2020-15978: Insufficient data validation in navigation.\n * CVE-2020-15979: Inappropriate implementation in V8.\n * CVE-2020-15980: Insufficient policy enforcement in Intents.\n * CVE-2020-15981: Out of bounds read in audio.\n * CVE-2020-15982: Side-channel information leakage in cache.\n * CVE-2020-15983: Insufficient data validation in webUI.\n * CVE-2020-15984: Insufficient policy enforcement in Omnibox.\n * CVE-2020-15985: Inappropriate implementation in Blink.\n * CVE-2020-15986: Integer overflow in media.\n * CVE-2020-15987: Use after free in WebRTC.\n * CVE-2020-15992: Insufficient policy enforcement in networking.\n * CVE-2020-15988: Insufficient policy enforcement in downloads.\n * CVE-2020-15989: Uninitialized Use in PDFium.\n\n - Update to 0.1807:\n\n * no upstream changelog\n\n", "edition": 1, "modified": "2020-11-05T15:15:03", "published": "2020-11-05T15:15:03", "id": "OPENSUSE-SU-2020:1829-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00016.html", "title": "Security update for chromium, gn (important)", "type": "suse", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2021-02-02T07:37:00", "description": "Inappropriate implementation in Blink in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "edition": 9, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-11-03T03:15:00", "title": "CVE-2020-16000", "type": "cve", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-16000"], "modified": "2021-01-02T16:15:00", "cpe": [], "id": "CVE-2020-16000", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16000", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2021-02-25T14:50:51", "description": "Use after free in media in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "edition": 11, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-11-03T03:15:00", "title": "CVE-2020-16001", "type": "cve", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-16001"], "modified": "2021-02-24T20:55:00", "cpe": ["cpe:/o:debian:debian_linux:10.0", "cpe:/o:fedoraproject:fedora:32", "cpe:/a:opensuse:backports_sle:15.0", "cpe:/o:fedoraproject:fedora:33", "cpe:/o:fedoraproject:fedora:31"], "id": "CVE-2020-16001", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16001", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "cpe:2.3:a:opensuse:backports_sle:15.0:sp2:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*"]}, {"lastseen": "2021-03-06T16:33:11", "description": "Use after free in printing in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "edition": 11, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-11-03T03:15:00", "title": "CVE-2020-16003", "type": "cve", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-16003"], "modified": "2021-03-05T13:45:00", "cpe": ["cpe:/o:debian:debian_linux:10.0", "cpe:/o:fedoraproject:fedora:32", "cpe:/a:opensuse:backports_sle:15.0", "cpe:/o:fedoraproject:fedora:33", "cpe:/o:fedoraproject:fedora:31"], "id": "CVE-2020-16003", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16003", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "cpe:2.3:a:opensuse:backports_sle:15.0:sp2:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-25T14:50:51", "description": "Use after free in PDFium in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.", "edition": 12, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-11-03T03:15:00", "title": "CVE-2020-16002", "type": "cve", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-16002"], "modified": "2021-02-24T21:30:00", "cpe": ["cpe:/o:debian:debian_linux:10.0", "cpe:/o:fedoraproject:fedora:32", "cpe:/a:opensuse:backports_sle:15.0", "cpe:/o:fedoraproject:fedora:33", "cpe:/o:fedoraproject:fedora:31"], "id": "CVE-2020-16002", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16002", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "cpe:2.3:a:opensuse:backports_sle:15.0:sp2:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-12T14:50:37", "description": "Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "edition": 14, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-11-03T03:15:00", "title": "CVE-2020-15999", "type": "cve", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15999"], "modified": "2021-02-11T19:50:00", "cpe": ["cpe:/o:debian:debian_linux:10.0", "cpe:/a:opensuse:backports_sle:15.0", "cpe:/o:fedoraproject:fedora:31"], "id": "CVE-2020-15999", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15999", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:opensuse:backports_sle:15.0:sp2:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*"]}], "threatpost": [{"lastseen": "2020-10-21T12:26:16", "bulletinFamily": "info", "cvelist": ["CVE-2019-13720", "CVE-2020-15999", "CVE-2020-16000", "CVE-2020-16001", "CVE-2020-16002", "CVE-2020-16003", "CVE-2020-6418"], "description": "Google released an [update](<https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop_20.html>) to its Chrome browser that patches a zero-day vulnerability in the software\u2019s FreeType font rendering library that was actively being exploited in the wild.\n\nSecurity researcher Sergei Glazunov of [Google Project Zero](<https://googleprojectzero.blogspot.com/>) discovered [the bug](<https://twitter.com/benhawkes/status/1318640422571266048>) which is classified as a type of memory-corruption flaw called a heap buffer overflow in FreeType. Glazunov informed Google of the vulnerability on Monday. Project Zero is an internal security team at the company aimed at finding zero-day vulnerabilities.\n\nBy Tuesday, Google already had released a stable channel update, Chrome version 86.0.4240.111, that deploys five security fixes for Windows, Mac &amp; Linux\u2013among them a fix for the zero-day, which is being tracked as CVE-2020-15999 and is rated as high risk. \n[](<https://threatpost.com/newsletter-sign/>) \n\u201cGoogle is aware of reports that an exploit for CVE-2020-15999 exists in the wild,\u201d Prudhvikumar Bommana of the Google Chrome team wrote in a [blog post](<https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop_20.html>) announcing the update Tuesday. Google did not reveal further details of the active attacks that researchers observed.\n\n[Andrew R. Whalley](<https://twitter.com/arw>), a member of the Chrome security team, gave his team kudos on [Twitter](<https://twitter.com/arw/status/1318640817762807810>) for the \u201csuper-fast\u201d response to the zero-day.\n\nStill, Ben Hawkes, technical lead for the Project Zero team, warned that while Google researchers only observed the Chrome exploit, it\u2019s possible that other implementations of FreeType might be vulnerable as well since Google was so quick in its response to the bug. He referred users to a [fix](<https://savannah.nongnu.org/bugs/?59308>) by Glazunov posted on the FreeType Project page and urged them to update other potentially vulnerable software.\n\n\u201cThe fix is also in today\u2019s stable release of FreeType 2.10.4,\u201d Hawkes [tweeted](<https://twitter.com/benhawkes/status/1318640423485624320>).\n\nMeanwhile, security researchers took to Twitter to encourage people to update their Chrome browsers immediately to avoid falling victim to attackers aiming to exploit the flaw.\n\n\u201cMake sure you update your Chrome today! (restart it!),\u201d [tweeted](<https://twitter.com/securestep9/status/1318679358840754176>) London-based application security consultant Sam Stepanyan.\n\nIn addition to the FreeType zero day, Google patched four other bugs\u2014three of high risk and one of medium risk\u2013in the Chrome update released this week.\n\nThe high-risk vulnerabilities are: CVE-2020-16000, described as \u201cinappropriate implementation in Blink;\u201d CVE-2020-16001, described as \u201cuse after free in media;\u201d and CVE-2020-16002, described as \u201cuse after free in PDFium,\u201d according to the blog post. The medium-risk bug is being tracked as CVE-2020-16003, described as \u201cuse after free in printing,\u201d Bommana wrote.\n\nSo far in the last 12 months Google has patched three zero-day vulnerabilities in its Chrome browser. Prior to this week\u2019s FreeType disclosure, the first was a critical remote code execution vulnerability [patched last Halloween night](<https://threatpost.com/google-discloses-chrome-flaw-exploited-in-the-wild/149784/>) and tracked as CVE-2019-13720, and the second was a type of memory confusion bug tracked as CVE-2020-6418 that was [fixed in February](<https://threatpost.com/google-patches-chrome-browser-zero-day-bug-under-attack/153216/>).\n", "modified": "2020-10-21T12:23:29", "published": "2020-10-21T12:23:29", "id": "THREATPOST:6F7E512F15913694CF17A906715FE678", "href": "https://threatpost.com/google-patches-zero-day-browser/160393/", "type": "threatpost", "title": "Google Patches Actively-Exploited Zero-Day Bug in Chrome Browser", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-10-26T22:41:55", "bulletinFamily": "info", "cvelist": ["CVE-2020-15999"], "description": "As the death of the once dominant Internet Explorer (IE) draws closer, Microsoft is quickly pounding more nails into the browser\u2019s coffin.\n\nOn Monday, Microsoft hastened its IE-to-Edge browser-transition strategy and announced new controls for users and IT staff when it comes to how the lame-duck browser will handle a growing list of websites incompatible with IE. Those include YouTube, Twitter, Yahoo Mail and 1,153 other leading internet destinations.\n\n[Microsoft also announced](<https://docs.microsoft.com/en-us/deployedge/edge-learnmore-neededge>) that in two short weeks, its own services would no longer be supported by 25-year-old browser that once crushed Netscape and other competitors. In 2004 IE enjoyed [95 percent market share](<https://www.visualcapitalist.com/internet-browser-market-share/>). Today, an estimated [5 percent](<https://netmarketshare.com/browser-market-share.aspx?options=%7B%22filter%22%3A%7B%22%24and%22%3A%5B%7B%22deviceType%22%3A%7B%22%24in%22%3A%5B%22Desktop%2Flaptop%22%5D%7D%7D%5D%7D%2C%22dateLabel%22%3A%22Custom%22%2C%22attributes%22%3A%22share%22%2C%22group%22%3A%22browser%22%2C%22sort%22%3A%7B%22share%22%3A-1%7D%2C%22id%22%3A%22browsersDesktop%22%2C%22dateInterval%22%3A%22Monthly%22%2C%22dateStart%22%3A%222020-01%22%2C%22dateEnd%22%3A%222020-09%22%2C%22plotKeys%22%3A%5B%7B%22browser%22%3A%22Internet%20Explorer%22%7D%5D%2C%22segments%22%3A%22-1000%22%7D>) of users rely on it. \n[](<https://threatpost.com/newsletter-sign/>)\n\nAs a point of reference, the Microsoft Edge web browser comes built into Windows 10. In 2015 Microsoft said it would replace IE with Edge in an effort to support modern browser functions, such as extensions. In 2018, [it announced further efforts ](<https://blogs.windows.com/windowsexperience/2018/12/06/microsoft-edge-making-the-web-better-through-more-open-source-collaboration/>)to streamline its development \u2014 Edge be rebuilt on the Chromium rendering engine, which is the same code that Google\u2019s Chrome browser uses.\n\n## **[](<https://media.threatpost.com/wp-content/uploads/sites/103/2020/10/26172212/IE-to-Edge.png>)IE: The Long Goodbye **\n\nPart of IE\u2019s shuttering entails redirecting users to the Microsoft Edge 87, to be released November 17. However, BleepingComputer reported that the redirects have already begun.\n\nLast Monday, Microsoft explained that users of IE who visited an incompatible website would be presented with an interstitial webpage alerting them they were being redirected to Microsoft Edge. An opt-in prompt asks consent to copy a user\u2019s browsing data and preferences from Internet Explorer to Microsoft Edge. In addition to that, a website incompatibility banner will appear below the address bar for every redirection, Microsoft said.\n\nOn Monday, Microsoft released instructions on how IT staff can change the behavior of Internet Explorer when it lands on an incompatible site.\n\n * One option is configuring IE to not redirect to Edge \u201cRedirectSitesFromInternetExplorerPreventBHOInstall\u201d.\n * A second option \u201cRedirectSitesFromInternetExplorerRedirectMode\u201d allows IE to open sites in Edge \u2013 and browser data and user preferences are automatically imported.\n * The third option doesn\u2019t import browser data and user preferences, but hides any incompatibility warning message and redirects IE to Edge.\n\n\u201cRedirection from Internet Explorer to Microsoft Edge requires an Internet Explorer Browser Helper Object (BHO) named \u2018IEtoEdge BHO,'\u201d Microsoft explained.\n\n\u201cThese policies will be available as ADMX file updates by October 26, 2020 and will be available in Intune by November 9, 2020,\u201d wrote Microsoft. ADMX files are Windows registry-based policy settings that are XML-based and define policy settings and browser behaviors.\n\n## **Security and Privacy Concerns? **\n\nFor many, there will be few tears when IE is finally put out to pasture. The browser, which was the centerpiece to a 2001 antitrust [lawsuit between United States and Microsoft](<https://en.wikipedia.org/wiki/United_States_v._Microsoft_Corp.>), has a spotty history when it comes to security, privacy and compatibility.\n\nThere are more than a few reasons there will be no love lost with the expiration of IE. Since 2000, there have been over 1,000 serious vulnerabilities tied to it. The majority (28 percent) are tied to code-execution bugs, 25 percent related to IE memory-corruption flaws and 20 percent buffer-overflow vulnerabilities, according [to CVE Details](<https://www.cvedetails.com/product/9900/Microsoft-Internet-Explorer.html?vendor_id=26>).\n\n[](<https://media.threatpost.com/wp-content/uploads/sites/103/2020/10/26172754/Internet-Explorer.jpg>)For an exhaustive look at the history of major IE bugs, [Paul Szabo has an impressive collection](<http://www.maths.usyd.edu.au/u/psz/pc/iexplore.html>).\n\nThe browser, often standardized within corporations, was the bane of many security teams because of Microsoft\u2019s chronic foot dragging when it came to patching. In 2014, the U.S. Department of Homeland Security advised companies and Windows XP users to ditch IE until Microsoft fixed a use-after-free bug that allowed [unauthorized remote code execution](<https://us-cert.cisa.gov/ncas/current-activity/2014/04/28/Microsoft-Internet-Explorer-Use-After-Free-Vulnerability-Being>).\n\nPrivacy concerns have also been paramount for users of IE, with many feeling that Microsoft\u2019s access to browsing data coupled with services and application data was unsettling. Those Microsoft anxieties have been muted over time as massive data collected by Google, Facebook and Amazon have normalized the behavior.\n\nThings have come full circle, with some arguing switching to Microsoft\u2019s Edge Chromium browser is a way to avoid Google\u2019s data collection, while still being able to reap the benefits the same browser engine.\n\n\u201cMicrosoft Edge gives more privacy than Chrome, Google Chrome uses its user\u2019s data to give a personalized advertisement for its revenue which would also make,\u201d wrote a Microsoft contributor to [its Tech Community](<https://techcommunity.microsoft.com/t5/discussions/why-should-we-move-from-google-chrome-to-microsoft-edge/m-p/1352717>).\n\nThat\u2019s not to say Microsoft Edge doesn\u2019t have security concerns.\n\nOn Monday, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned of a Microsoft Edge memory-corruption flaw (CVE-2020-15999) rated high-risk. However, unlike with IE, this bug was tied to Google Chromium code and was patched last week. [At the time](<https://threatpost.com/google-patches-zero-day-browser/160393/>), Google warned that adversaries were exploiting the bug in the wild.\n\n## **Final Farewell **\n\n\u201cInternet Explorer 11 is the last major version of Internet Explorer. Internet Explorer 11 will continue receiving security updates and technical support for the lifecycle of the version of Windows on which it is installed,\u201d [wrote Microsoft](<https://docs.microsoft.com/en-us/lifecycle/faq/internet-explorer-microsoft-edge>). Mainstream support for Windows 10 ends Oct. 13, 2020. Extended support, according to Microsoft, ends on Oct. 14, 2025.\n", "modified": "2020-10-26T22:26:57", "published": "2020-10-26T22:26:57", "id": "THREATPOST:B94C72282597270B568FB72191A99385", "href": "https://threatpost.com/ie-browser-death-march/160571/", "type": "threatpost", "title": "Microsoft IE Browser Death March Hastens", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2020-11-11T23:31:55", "bulletinFamily": "info", "cvelist": ["CVE-2020-15999", "CVE-2020-17051", "CVE-2020-17052", "CVE-2020-17053", "CVE-2020-17078", "CVE-2020-17087"], "description": "Microsoft\u2019s November Patch Tuesday roundup of security fixes tackled an unusually large crop of remote code execution (RCE) bugs. Twelve of Microsoft\u2019s 17 critical patches were tied to RCE bugs. In all, [112 vulnerabilities were patched by Microsoft](<https://msrc.microsoft.com/update-guide/>), with 93 rated important, and two rated low in severity.\n\nTracked as [CVE-2020-17087](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17087>), one Windows kernel local elevation of privilege vulnerability was red-flagged by Microsoft as being actively exploited in the wild. Last week, the bug was [disclosed by Google Project Zero](<https://threatpost.com/unpatched-windows-zero-day-exploited-sandbox-escape/160828/>), which reported the flaw was being exploited in the wild alongside a Google Chrome flaw (CVE-2020-15999) \u2013 which had been patched on Oct. 20. \n[](<https://threatpost.com/newsletter-sign/>) \nMicrosoft rated the vulnerability (CVE-2020-17087) as important in severity, likely because an attacker interested in exploiting the bug would need to have physical access to the various installs of Windows Server, Windows 10/RT/8.1/7 impacted by the flaw. [According to Google](<https://bugs.chromium.org/p/project-zero/issues/detail?id=2104>), the bug has to do with the way the Windows Kernel Cryptography Driver (cng.sys) processes input/output control (IOCTL) in a way that cannot be expressed by regular system calls.\n\n## **Most Severe**\n\n\u201cOne of the most critical vulnerabilities patched this Tuesday is CVE-2020-17051, a remote code execution (RCE) vulnerability found in Windows\u2019 Network File System (NFS),\u201d wrote Chris Hass, director of information security and research at Automox, in his Patch Tuesday analysis.\n\nHe explained, the bug is particularly concerning \u201cbecause Windows\u2019 NFS is essentially a client/server system that allows users to access files across a network and treat them as if they resided in a local file directory.\u201d\n\n\u201cAs you can imagine, with the functionality this service provides, attackers have been taking advantage of it to gain access to critical systems for a long time. It won\u2019t be long before we see scanning of port 2049 increase over the next few days, with exploitation in the wild likely to follow,\u201d he wrote.\n\nAutomox researchers also suggested SysAdmins prioritize patches for a pair of critical memory corruption vulnerabilities in Microsoft\u2019s Scripting Engine and Internet Explorer. Both (CVE-2020-17052, CVE-2020-17053) could lead to remote code execution.\n\n\u201cA likely attack scenario would be to embed a malicious link in a phishing email that the victim would click to lead to a compromised landing page hosting the exploit,\u201d Hass wrote.\n\n## **Descriptions Removed from Patch Tuesday Bulletin**\n\nFor many Patch-Tuesday veterans, it won\u2019t go unnoticed that starting with November\u2019s bulletin Microsoft removed the description section of the CVE overviews. The new approach was announced on Monday by the [Microsoft Security Response Center](<https://msrc-blog.microsoft.com/2020/11/09/vulnerability-descriptions-in-the-new-version-of-the-security-update-guide/>). It describes a heavier reliance on the industry standard Common Vulnerability Scoring System (CVSS) to provide more generalized vulnerability information for Patch Tuesday security bulletins.\n\n\u201cThis is a precise method that describes the vulnerability with attributes such as the attack vector, the complexity of the attack, whether an adversary needs certain privileges, etc.,\u201d [Microsoft wrote](<https://msrc-blog.microsoft.com/2020/11/09/vulnerability-descriptions-in-the-new-version-of-the-security-update-guide/>).\n\nFor Zero Day Initiative\u2019s Dustin Childs, the new approach makes sense. He said, in many cases, \u201can accurate CVSS is really all you need. After all, there\u2019s only so much you can say about another SharePoint cross-site scripting (XSS) bug or a local privilege escalation that requires you to log on and run a specially crafted program. However, CVSS itself is not flawless.\u201d\n\nTenable\u2019s chief security officer, Bob Huber wasn\u2019t as generous. \u201d\n\n\u201cMicrosoft\u2019s decision to remove CVE description information from its Patch Tuesday release is a bad move, plain and simple. By relying on CVSSv3 ratings alone, Microsoft is eliminating a ton of valuable vulnerability data that can help inform organizations of the business risk a particular flaw poses to them,\u201d he wrote.\n\nHe argued that the new format was a blow to security and boon to adversaries. \u201cEnd-users [will be] completely blind to how a particular CVE impacts them. What\u2019s more, this makes it nearly impossible to determine the urgency of a given patch. It\u2019s difficult to understand the benefits to end-users.\u201d\n\nHuber added: \u201cHowever, it\u2019s not too difficult to see how this new format benefits bad actors. They\u2019ll reverse engineer the patches and, by Microsoft not being explicit about vulnerability details, the advantage goes to attackers, not defenders. Without the proper context for these CVEs, it becomes increasingly difficult for defenders to prioritize their remediation efforts.\u201d\n\n[](<https://threatpost.com/webinars/2020-healthcare-cybersecurity-priorities-data-security-ransomware-and-patching/?utm_source=ART&utm_medium=ART-Bottom-Image&utm_campaign=Nov_webinar>)\n\n**Hackers Put Bullseye on Healthcare: **[**On Nov. 18 at 2 p.m. EDT**](<https://threatpost.com/webinars/2020-healthcare-cybersecurity-priorities-data-security-ransomware-and-patching/?utm_source=ART&utm_medium=ART&utm_campaign=Nov_webinar>)** find out why hospitals are getting hammered by ransomware attacks in 2020. **[**Save your spot for this FREE webinar**](<https://threatpost.com/webinars/2020-healthcare-cybersecurity-priorities-data-security-ransomware-and-patching/?utm_source=ART&utm_medium=ART&utm_campaign=Nov_webinar>)** on healthcare cybersecurity priorities and hear from leading security voices on how data security, ransomware and patching need to be a priority for every sector, and why. Join us Wed., Nov. 18, 2-3 p.m. EDT for this **[**LIVE**](<https://threatpost.com/webinars/2020-healthcare-cybersecurity-priorities-data-security-ransomware-and-patching/?utm_source=ART&utm_medium=ART&utm_campaign=Nov_webinar>)**, limited-engagement webinar.**\n", "modified": "2020-11-10T21:12:21", "published": "2020-11-10T21:12:21", "id": "THREATPOST:D48D061BB27415A9A171838BA457EB0E", "href": "https://threatpost.com/microsoft-patch-tuesday-critical-bugs/161098/", "type": "threatpost", "title": "Microsoft Patch Tuesday Update Fixes 17 Critical Bugs", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-11-04T20:29:51", "bulletinFamily": "info", "cvelist": ["CVE-2019-13720", "CVE-2020-14750", "CVE-2020-15999", "CVE-2020-16004", "CVE-2020-16005", "CVE-2020-16007", "CVE-2020-16008", "CVE-2020-16009", "CVE-2020-16010", "CVE-2020-16011", "CVE-2020-6418"], "description": "Flaws in Google\u2019s Chrome desktop and Android-based browsers were patched Monday in an effort to prevent known exploits from being used by attackers. Two separate security bulletins issued by Google warned that it is aware of reports that exploits for both exist in the wild. Google\u2019s Project Zero went one step further and asserted that both bugs are actively being exploited.\n\nIn its [Chrome browser update](<https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop.html>) for Windows, Mac and Linux, Google said that version 86.0.4240.183 fixes 10 vulnerabilities. Tracked as CVE-2020-16009, this bug is the most troubling, rated high-severity and is one of the two with active exploits. The vulnerability is tied to Google\u2019s open source JavaScript and WebAssembly engine called V8. In its disclosure, the flaw is described as an \u201cinappropriate implementation in V8\u201d.\n\nClement Lecigne of Google\u2019s Threat Analysis Group and Samuel Gross of Google Project Zero discovered the Chrome desktop bug on Oct. 29, according to a [blog post](<https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop.html>) announcing the fixes by Prudhvikumar Bommana of the Google Chrome team. If exploited, the V8 bug can be used for remote code execution, according to a separate analysis by Project Zero\u2019s team. \n[](<https://threatpost.com/newsletter-sign/>)\n\nAs for the Android OS-based Chrome browser, also with an active exploit in the wild, Google warned [on Monday](<https://chromereleases.googleblog.com/2020/11/chrome-for-android-update.html>) of a sandbox escape bug (CVE-2020-16010). This vulnerability is rated high-severity and opened up a possible attack based on \u201cheap buffer overflow in UI on Android\u201d conditions. Credited for discovering the bug on Oct. 31 is Maddie Stone, Mark Brand and Sergei Glazunov of Google Project Zero.\n\n## **\u2018Actively Exploited in the Wild\u2019**\n\nGoogle said it was withholding the technical details of both bugs, pending the distribution of patches to effected endpoints. While Google said publicly known exploits existed for both bugs, it did not indicate that either one was under active attack. Google\u2019s own Project Zero technical lead Ben Hawkes tweeted on Monday that both were under active attack.\n\n\u201cToday Chrome fixed two more vulnerabilities that were being actively exploited in the wild (discovered by Project Zero/Google TAG last week). CVE-2020-16009 is a v8 bug used for remote code execution, CVE-2020-16010 is a Chrome sandbox escape for Android,\u201d he wrote.\n\n> Today Chrome fixed two more vulnerabilities that were being actively exploited in the wild (discovered by Project Zero/Google TAG last week). CVE-2020-16009 is a v8 bug used for remote code execution, CVE-2020-16010 is a Chrome sandbox escape for Android. <https://t.co/IOhFwT0Wx1>\n> \n> \u2014 Ben Hawkes (@benhawkes) [November 2, 2020](<https://twitter.com/benhawkes/status/1323374326150701057?ref_src=twsrc%5Etfw>)\n\nAs a precaution, Google said in its security update that it would \u201calso retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven\u2019t yet fixed,\u201d according to the post.\n\n## **The Other Android Bugs**\n\nThe new Chrome Android release also includes stability and performance improvements, according to the Google Chrome team.\n\nVulnerabilities patched in the Chrome desktop update included a \u201cuse after free\u201d bug (CVE-2020-16004); an \u201cinsufficient policy enforcement in ANGLE\u201d flaw (CVE-2020-16005); an \u201cinsufficient data validation in installer\u201d issue (CVE-2020-16007) and a \u201cstack buffer overflow in WebRTC\u201d bug (CVE-2020-16008). Lastly there Google reported a \u201cheap buffer overflow in UI on Windows\u201d tracked as (CVE-2020-16011).\n\nThis week\u2019s Chrome updates come on the heels of zero-day bug [reported and patched last week](<https://threatpost.com/google-patches-zero-day-browser/160393/>) by Google effecting Chrome on Windows, Mac and Linux. The flaw (CVE-2020-15999), rated high-risk, is a vulnerability in Chrome\u2019s FreeType font rendering library.\n\nThe latest vulnerabilities mean that in that just over 12 months Google has patched a string of serious vulnerabilities in its Chrome browser. In addition to the three most recently reported flaws, the first was a critical remote code execution vulnerability [patched last Halloween night](<https://www.zdnet.com/article/halloween-scare-google-discloses-chrome-zero-day-exploited-in-the-wild/>) and tracked as CVE-2019-13720, and the second was a type of memory confusion bug tracked as CVE-2020-6418 that was [fixed in February](<https://threatpost.com/google-patches-chrome-browser-zero-day-bug-under-attack/153216/>).\n\n**Hackers Put Bullseye on Healthcare: [On Nov. 18 at 2 p.m. EDT](<https://threatpost.com/webinars/2020-healthcare-cybersecurity-priorities-data-security-ransomware-and-patching/?utm_source=ART&utm_medium=ART&utm_campaign=Nov_webinar>) find out why hospitals are getting hammered by ransomware attacks in 2020. [Save your spot for this FREE webinar ](<https://threatpost.com/webinars/2020-healthcare-cybersecurity-priorities-data-security-ransomware-and-patching/?utm_source=ART&utm_medium=ART&utm_campaign=Nov_webinar>)on healthcare cybersecurity priorities and hear from leading security voices on how data security, ransomware and patching need to be a priority for every sector, and why. Join us Wed., Nov. 18, 2-3 p.m. EDT for this [LIVE](<https://threatpost.com/webinars/2020-healthcare-cybersecurity-priorities-data-security-ransomware-and-patching/?utm_source=ART&utm_medium=ART&utm_campaign=Nov_webinar>), limited-engagement webinar.**\n", "modified": "2020-11-03T17:23:23", "published": "2020-11-03T17:23:23", "id": "THREATPOST:DF87733B74489628AB9F2C89704380A9", "href": "https://threatpost.com/chrome-holes-actively-targeted/160890/", "type": "threatpost", "title": "Two Chrome Browser Updates Plug Holes Actively Targeted by Exploits", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "attackerkb": [{"lastseen": "2021-02-06T03:18:52", "bulletinFamily": "info", "cvelist": ["CVE-2020-15999"], "description": "Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.\n\n \n**Recent assessments:** \n \n**lvarela-r7** at October 22, 2020 5:25pm UTC reported:\n\nGood SECPod blog on the vulnerability, also showing this is being actively exploited. \n[https://www.secpod.com/blog/chrome-zero-day-under-active-exploitation-patch-now/?utm_source=Chrome%20Zero-Day%20October&amp;utm_medium=Email&amp;utm_campaign=Google%20Chrome%20Zero-Day%20October](<https://www.secpod.com/blog/chrome-zero-day-under-active-exploitation-patch-now/?utm_source=Chrome%20Zero-Day%20October&utm_medium=Email&utm_campaign=Google%20Chrome%20Zero-Day%20October>)\n\nAssessed Attacker Value: 5 \n**ccondon-r7** at October 20, 2020 11:53pm UTC reported:\n\nGood SECPod blog on the vulnerability, also showing this is being actively exploited. \n[https://www.secpod.com/blog/chrome-zero-day-under-active-exploitation-patch-now/?utm_source=Chrome%20Zero-Day%20October&amp;utm_medium=Email&amp;utm_campaign=Google%20Chrome%20Zero-Day%20October](<https://www.secpod.com/blog/chrome-zero-day-under-active-exploitation-patch-now/?utm_source=Chrome%20Zero-Day%20October&utm_medium=Email&utm_campaign=Google%20Chrome%20Zero-Day%20October>)\n\nAssessed Attacker Value: 5 \n\n", "modified": "2020-11-05T00:00:00", "published": "2020-11-03T00:00:00", "id": "AKB:C6F99915-AA1F-419E-A866-FCD1140D6667", "href": "https://attackerkb.com/topics/CqH1gMBHJC/cve-2020-15999-chrome-freetype-0day", "type": "attackerkb", "title": "CVE-2020-15999 Chrome Freetype 0day", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-11-18T06:36:41", "bulletinFamily": "info", "cvelist": ["CVE-2020-15999", "CVE-2020-17087"], "description": "CVE-2020-17087 is a pool-based buffer overflow vulnerability in the Windows Kernel Cryptography Driver (cng.sys). The vulnerability arises from input/output controller (IOCTL) 0x390400 processing and could allow a local attacker to escalate privileges, including for sandbox escape. The vulnerability was initially released as a zero-day by Google\u2019s Project Zero team; it was patched on November 10, 2020, as part of Microsoft\u2019s November 2020 Patch Tuesday release.\n\n \n**Recent assessments:** \n \n**zeroSteiner** at October 30, 2020 9:13pm UTC reported:\n\nAn error exists within `cng!CfgAdtpFormatPropertyBlock` where buffer is allocated from a value that is truncated to be 16-bits. The function then goes on and performs a binary to ASCII hex conversion, writing the ASCII hex characters to this buffer. While performing the conversion, the original buffer\u2019s correct length is used causing the write to continue out of bounds.\n\nThe vector for this vulnerability is local. A malicious attacker would first have to have code execution on the target system from any context including that of a sandboxed application. From there they would open a handle to `\\\\.\\GLOBALROOT\\Device\\Cng` before issuing the 0x390400 IOCTL with a crafted input buffer. The crafted input buffer contains a size parameter as one of the fields that when set to 0x2aab or greater will trigger the overflow.\n\nExploitation of this bug won\u2019t be easy due to it being a heap based memory corruption within the kernel\u2019s NonPagedPool. The attacker has partial control over the size of the allocation as constrained by `((size * 6) & 0xffff)`.\n\nThis vulnerability was originally reported by Google\u2019s Project Zero who also reported that it is being actively exploited in the wild. The original report is on [their tracker](<https://bugs.chromium.org/p/project-zero/issues/detail?id=2104>). The live in the wild exploitation is reportedly targeted and not related to the US elections. A patch is expected to be release on November 10th, 2020.\n\nWhile the vulnerable code appears to be present within Windows 7 SP1 x64 as verified through static analysis. The original PoC provided by Google\u2019s Project Zero team, does not trigger the bug on this platform. Within the callstack the chain is accessible, however a difference within the implementations is causing `cng!BCryptSetContextFunctionProperty` to branch leading to the path to `cng!CfgAdtReportFunctionPropertyModification` being missed.\n\n## Detection\n\nAttempted exploitation of this vulnerability can be detected through auditing event ID [5069](<https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/event-5069>). This must be configured in order to detect exploitation attempts. To enable it, start `secpol.msc`, then navigate to `Security Settings > Advanced Audit Policy Configuration > System Audit Policies > Policy Change`. Set `Audit Other Policy Change Events` to enable both \u201cSuccess\u201d and \u201cFailure\u201d. With this change in place, event ID 5069 will be loaded to the standard Windows Security Log that is accessible through the event viewer.\n\nExploitation attempts can then be identified through the length of the reported \u201cvalue\u201d field.\n\n\n\n## Proof of Concept\n\nThe following is a port of the original Proof of Concept released by Google Project Zero into Python and updated to demonstrate the vulnerability on both Windows 7 SP1 and Windows 10.\n \n \n import ctypes\n import random\n \n # https://github.com/zeroSteiner/mayhem\n from mayhem.windll import *\n \n value = (ctypes.c_ubyte * 0x2aab)()\n bcrypt.BCryptSetContextFunctionProperty(\n bcrypt.CRYPT_LOCAL,\n 'Default',\n bcrypt.BCryptInterface.Cipher,\n 'AES',\n \"XXX_{:08x}\".format(random.randint(0, 0xffffffff)),\n len(value),\n value\n )\n \n\nInstead of directly issuing the IOCTL, this variant uses the [`bcrypt!BCryptSetContextFunctionProperty`](<https://docs.microsoft.com/en-us/windows/win32/api/bcrypt/nf-bcrypt-bcryptsetcontextfunctionproperty>) function with the appropriate arguments. Randomizing the `pszProperty` argument helps to ensure that the vulnerability is triggered exactly once each time the code is run.\n\nAssessed Attacker Value: 4 \nAssessed Attacker Value: 3**lvarela-r7** at November 03, 2020 8:21pm UTC reported:\n\nAn error exists within `cng!CfgAdtpFormatPropertyBlock` where buffer is allocated from a value that is truncated to be 16-bits. The function then goes on and performs a binary to ASCII hex conversion, writing the ASCII hex characters to this buffer. While performing the conversion, the original buffer\u2019s correct length is used causing the write to continue out of bounds.\n\nThe vector for this vulnerability is local. A malicious attacker would first have to have code execution on the target system from any context including that of a sandboxed application. From there they would open a handle to `\\\\.\\GLOBALROOT\\Device\\Cng` before issuing the 0x390400 IOCTL with a crafted input buffer. The crafted input buffer contains a size parameter as one of the fields that when set to 0x2aab or greater will trigger the overflow.\n\nExploitation of this bug won\u2019t be easy due to it being a heap based memory corruption within the kernel\u2019s NonPagedPool. The attacker has partial control over the size of the allocation as constrained by `((size * 6) & 0xffff)`.\n\nThis vulnerability was originally reported by Google\u2019s Project Zero who also reported that it is being actively exploited in the wild. The original report is on [their tracker](<https://bugs.chromium.org/p/project-zero/issues/detail?id=2104>). The live in the wild exploitation is reportedly targeted and not related to the US elections. A patch is expected to be release on November 10th, 2020.\n\nWhile the vulnerable code appears to be present within Windows 7 SP1 x64 as verified through static analysis. The original PoC provided by Google\u2019s Project Zero team, does not trigger the bug on this platform. Within the callstack the chain is accessible, however a difference within the implementations is causing `cng!BCryptSetContextFunctionProperty` to branch leading to the path to `cng!CfgAdtReportFunctionPropertyModification` being missed.\n\n## Detection\n\nAttempted exploitation of this vulnerability can be detected through auditing event ID [5069](<https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/event-5069>). This must be configured in order to detect exploitation attempts. To enable it, start `secpol.msc`, then navigate to `Security Settings > Advanced Audit Policy Configuration > System Audit Policies > Policy Change`. Set `Audit Other Policy Change Events` to enable both \u201cSuccess\u201d and \u201cFailure\u201d. With this change in place, event ID 5069 will be loaded to the standard Windows Security Log that is accessible through the event viewer.\n\nExploitation attempts can then be identified through the length of the reported \u201cvalue\u201d field.\n\n\n\n## Proof of Concept\n\nThe following is a port of the original Proof of Concept released by Google Project Zero into Python and updated to demonstrate the vulnerability on both Windows 7 SP1 and Windows 10.\n \n \n import ctypes\n import random\n \n # https://github.com/zeroSteiner/mayhem\n from mayhem.windll import *\n \n value = (ctypes.c_ubyte * 0x2aab)()\n bcrypt.BCryptSetContextFunctionProperty(\n bcrypt.CRYPT_LOCAL,\n 'Default',\n bcrypt.BCryptInterface.Cipher,\n 'AES',\n \"XXX_{:08x}\".format(random.randint(0, 0xffffffff)),\n len(value),\n value\n )\n \n\nInstead of directly issuing the IOCTL, this variant uses the [`bcrypt!BCryptSetContextFunctionProperty`](<https://docs.microsoft.com/en-us/windows/win32/api/bcrypt/nf-bcrypt-bcryptsetcontextfunctionproperty>) function with the appropriate arguments. Randomizing the `pszProperty` argument helps to ensure that the vulnerability is triggered exactly once each time the code is run.\n\nAssessed Attacker Value: 4 \n\n", "modified": "2020-11-17T00:00:00", "published": "2020-11-11T00:00:00", "id": "AKB:B72B19ED-8E0B-4C11-9C2D-95A25BCC42A6", "href": "https://attackerkb.com/topics/y8mmBHc710/cve-2020-17087-windows-kernel-local-privilege-escalation-0day", "type": "attackerkb", "title": "CVE-2020-17087 Windows Kernel local privilege escalation 0day", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "cloudfoundry": [{"lastseen": "2020-11-20T05:21:14", "bulletinFamily": "software", "cvelist": ["CVE-2020-15999"], "description": "## Severity\n\nHigh\n\n## Vendor\n\nCanonical Ubuntu\n\n## Versions Affected\n\n * Canonical Ubuntu 16.04\n * Canonical Ubuntu 18.04\n\n## Description\n\nSergei Glazunov discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges.\n\nCVEs contained in this USN include: CVE-2020-15999.\n\n## Affected Cloud Foundry Products and Versions\n\n_Severity is high unless otherwise noted._\n\n * cflinuxfs3 \n * All versions prior to 0.210.0\n * Xenial Stemcells \n * 315.x versions prior to 315.199\n * 456.x versions prior to 456.126\n * 621.x versions prior to 621.90\n * All other stemcells not listed.\n * CF Deployment \n * All versions prior to 14.0.0\n\n## Mitigation\n\nUsers of affected products are strongly encouraged to follow the mitigations below. The Cloud Foundry project recommends upgrading the following releases:\n\n * cflinuxfs3 \n * Upgrade All versions to 0.210.0 or greater\n * Xenial Stemcells \n * Upgrade 315.x versions to 315.199 or greater\n * Upgrade 456.x versions to 456.126 or greater\n * Upgrade 621.x versions to 621.90 or greater\n * All other stemcells should be upgraded to the latest version available on [bosh.io](<https://bosh.io/stemcells>).\n * CF Deployment \n * Upgrade All versions to 14.0.0 or greater\n\n## References\n\n * [USN Notice](<https://usn.ubuntu.com/4593-1/>)\n * [CVE-2020-15999](<https://people.canonical.com/~ubuntu-security/cve/CVE-2020-15999>)\n\n## History\n\n2020-11-20: Initial vulnerability report published.\n", "edition": 1, "modified": "2020-11-19T00:00:00", "published": "2020-11-19T00:00:00", "id": "CFOUNDRY:D18C016FED8F2EC566E781EC4B141FB0", "href": "https://www.cloudfoundry.org/blog/usn-4593-1/", "title": "USN-4593-1: FreeType vulnerability | Cloud Foundry", "type": "cloudfoundry", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "thn": [{"lastseen": "2020-10-21T18:02:00", "bulletinFamily": "info", "cvelist": ["CVE-2020-15999"], "description": "[](<https://thehackernews.com/images/-xZzCUwzBVrc/X5BgBpam4II/AAAAAAAA3Yw/vJtLuVzSt8AFXoZyGKSmcxHJtXC6fxv1QCLcBGAsYHQ/s0/chrome-zero-day-vulnerability.jpg>)\n\nAttention readers, if you are using Google Chrome browser on your Windows, Mac, or Linux computers, you need to update your web browsing software immediately to the latest version Google released earlier today.\n\nGoogle [released](<https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop_20.html>) Chrome version 86.0.4240.111 today to patch several security high-severity issues, including a zero-day vulnerability that has been exploited in the wild by attackers to hijack targeted computers.\n\nTracked as **CVE-2020-15999**, the actively exploited vulnerability is a type of memory-corruption flaw called heap buffer overflow in Freetype, a popular open source software development library for rendering fonts that comes packaged with Chrome.\n\nThe vulnerability was discovered and reported by security researcher Sergei Glazunov of Google Project Zero on October 19 and is subject to a seven-day public disclosure deadline due to the flaw being under active exploitation.\n\nGlazunov also immediately reported the zero-day vulnerability to FreeType developers, who then developed an emergency patch to address the issue on October 20 with the release of FreeType 2.10.4.\n\nWithout revealing technical details of the vulnerability, the technical lead for Google's Project Zero Ben Hawkes [warned](<https://twitter.com/benhawkes/status/1318640422571266048>) on Twitter that while the team has only spotted an exploit targeting Chrome users, it's possible that other projects that use FreeType might also be vulnerable and are advised to deploy the fix included in FreeType version 2.10.4.\n\n[](<https://thehackernews.com/images/-DBudKmv052Y/X5BhH0P-IwI/AAAAAAAA3Y4/rJEum-YfowkzJ2rHLv4cE-On28Q1G02FwCLcBGAsYHQ/s0/chrome-zero-day-vulnerability.jpg>)\n\n\"While we only saw an exploit for Chrome, other users of freetype should adopt the fix discussed here: https://savannah.nongnu.org/bugs/?59308 -- the fix is also in today's stable release of FreeType 2.10.4,\" Hawkes writes.\n\nAccording to [details](<https://savannah.nongnu.org/bugs/?59308>) shared by Glazunov, the vulnerability exists in the FreeType's function \"Load_SBit_Png,\" which processes PNG images embedded into fonts. It can be exploited by attackers to execute arbitrary code just by using specifically crafted fonts with embedded PNG images.\n\n\"The issue is that libpng uses the original 32-bit values, which are saved in `png_struct`. Therefore, if the original width and/or height are greater than 65535, the allocated buffer won't be able to fit the bitmap,\" Glazunov explained.\n\nGlazunov also published a font file with a proof-of-concept exploit.\n\nGoogle released Chrome 86.0.4240.111 as Chrome's \"stable\" version, which is available to all users, not just to opted-in early adopters, [saying](<https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop_20.html>) that the company is aware of reports that \"an exploit for CVE-2020-15999 exists in the wild,\" but did not reveal further details of the active attacks.\n\nBesides the FreeType zero-day vulnerability, Google also patched four other flaws in the latest Chrome update, three of which are high-risk vulnerabilities\u2014an inappropriate implementation bug in Blink, a use after free bug in Chrome's media, and use after free bug in PDFium\u2014and one medium-risk use after free issue in browser's printing function.\n\nAlthough the Chrome web browser automatically notifies users about the latest available version, users are recommended to manually trigger the update process by going to \"Help \u2192 About Google Chrome\" from the menu.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "modified": "2020-10-21T16:27:58", "published": "2020-10-21T16:26:00", "id": "THN:1CAE17F613AA7CBF6F4E99804811C608", "href": "https://thehackernews.com/2020/10/chrome-zeroday-attacks.html", "type": "thn", "title": "New Chrome 0-day Under Active Attacks \u2013 Update Your Browser Now", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2020-11-02T10:16:32", "bulletinFamily": "info", "cvelist": ["CVE-2020-15999", "CVE-2020-17087"], "description": "[](<https://thehackernews.com/images/--Cevx7TUFx0/X5_TgyD_ymI/AAAAAAAAA8o/uOE36OUB0LwmCFccKnw8bO02pKnkeZ_XQCLcBGAsYHQ/s728/google.jpg>)\n\nGoogle has disclosed details of a new zero-day privilege escalation flaw in the Windows operating system that's being actively exploited in the wild.\n\nThe elevation of privileges (EoP) vulnerability, tracked as [CVE-2020-17087](<https://bugs.chromium.org/p/project-zero/issues/detail?id=2104>), concerns a buffer overflow present since at least Windows 7 in the Windows Kernel Cryptography Driver (\"cng.sys\") that can be exploited for a sandbox escape.\n\n\"The bug resides in the cng!CfgAdtpFormatPropertyBlock function and is caused by a 16-bit integer truncation issue,\" Google's Project Zero researchers Mateusz Jurczyk and Sergei Glazunov noted in their technical write-up.\n\nThe security team made the details public following a seven-day disclosure deadline because of evidence that it's under active exploit.\n\nProject Zero has shared a proof-of-concept exploit (PoC) that can be used to corrupt kernel data and crash vulnerable Windows devices even under default system configurations.\n\nWhat's notable is that the exploit chain requires linking CVE-2020-17087 with another Chrome browser zero-day ([CVE-2020-15999](<https://thehackernews.com/2020/10/chrome-zeroday-attacks.html>)) that was fixed by Google last week.\n\nThe Chrome zero-day involves a heap buffer overflow in the Freetype font library to run malicious code in the browser, but the newly revealed Windows zero-day makes it possible for an attacker to break out of Chrome's sandbox protections and run the code on Windows \u2014 also called a sandbox escape.\n\nStating that the exploitation is \"not related to any US election-related targeting,\" Project Zero's Ben Hawkes said a patch for the flaw is expected to be released by Microsoft on November 10.\n\nHawkes also [defended](<https://twitter.com/benhawkes/status/1322211779028557824>) the practice of disclosing zero-days within a week of them being actively exploited.\n\n\"We think there's defensive utility to sharing these details, and that opportunistic attacks using these details between now and the patch being released is reasonably unlikely (so far it's been used as part of an exploit chain, and the entry-point attack is fixed),\" he said.\n\n\"The short deadline for in-the-wild exploit also tries to incentivize out-of-band patches or other mitigations being developed/shared with urgency. Those improvements you might expect to see over a longer term period,\" Hawkes added.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "modified": "2020-11-02T09:43:23", "published": "2020-11-02T09:43:00", "id": "THN:7AD5261E90CC5E52D9933B8F13139A3E", "href": "https://thehackernews.com/2020/11/warning-google-discloses-windows-zero.html", "type": "thn", "title": "WARNING: Google Discloses Windows Zero-Day Bug Exploited in the Wild", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2020-11-03T12:16:39", "bulletinFamily": "info", "cvelist": ["CVE-2020-15999", "CVE-2020-16009", "CVE-2020-16010", "CVE-2020-17087"], "description": "[](<https://thehackernews.com/images/-wwpOKprFWzg/X6EjqTcCLXI/AAAAAAAAA9I/mBsBYTybLoExMJP9mvW6fPJ2Njf3EeA6gCLcBGAsYHQ/s0/chrome-extensions.jpg>)\n\nGoogle has patched a second actively exploited zero-day flaw in the Chrome browser in two weeks, along with addressing nine other security vulnerabilities in its latest update.\n\nThe company [released](<https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop.html>) 86.0.4240.183 for Windows, Mac, and Linux, which it said will be rolling out over the coming days/weeks to all users.\n\nThe zero-day flaw, tracked as **CVE-2020-16009**, was reported by Clement Lecigne of Google's Threat Analysis Group (TAG) and Samuel Gro\u00df of Google Project Zero on October 29.\n\nThe company also warned that it \"is aware of reports that an exploit for CVE-2020-16009 exists in the wild.\"\n\nGoogle hasn't made any details about the bug or the exploit used by threat actors public so as to allow a majority of users to install the updates and prevent other adversaries from developing their own exploits leveraging the flaw.\n\nBut Ben Hawkes, Google Project Zero's technical lead, [said](<https://twitter.com/benhawkes/status/1323374326150701057>) CVE-2020-16009 concerned an \"inappropriate implementation\" of its V8 JavaScript rendering engine leading to remote code execution.\n\nAside from the ten security fixes for the desktop version of Chrome, Google has also addressed a separate zero-day in Chrome for Android that was being exploited in the wild \u2014 a sandbox escape flaw tracked as CVE-2020-16010.\n\nThe zero-day disclosures come two weeks after Google fixed a critical buffer overflow flaw ([CVE-2020-15999](<https://thehackernews.com/2020/10/chrome-zeroday-attacks.html>)) in the Freetype font library.\n\nThen late last week, the company revealed a Windows privilege escalation zero-day ([CVE-2020-17087](<https://thehackernews.com/2020/11/warning-google-discloses-windows-zero.html>)) that was employed in combination with the above font rendering library flaw to crash Windows systems.\n\nThe search giant hasn't so far clarified if the same threat actor was exploiting the two zero-days.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "modified": "2020-11-03T11:15:49", "published": "2020-11-03T09:33:00", "id": "THN:955CBC4C8C3F414A1ED3D5F7CAA08A9F", "href": "https://thehackernews.com/2020/11/new-chrome-zero-day-under-active.html", "type": "thn", "title": "New Chrome Zero-Day Under Active Attacks \u2013 Update Your Browser", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2020-12-02T08:29:44", "bulletinFamily": "info", "cvelist": ["CVE-2020-15999", "CVE-2020-16009", "CVE-2020-16010", "CVE-2020-17087", "CVE-2020-27930", "CVE-2020-27932", "CVE-2020-27950"], "description": "[](<https://thehackernews.com/images/-4s737H_lQjY/X6T-7usqm2I/AAAAAAAAA-s/xbIl-rUzZWo6sfq6-YyjjyEeHi5vz2GugCLcBGAsYHQ/s0/apple-update.jpg>)\n\nApple on Thursday released multiple security updates to patch three zero-day vulnerabilities that were revealed as being actively exploited in the wild.\n\nRolled out as part of its iOS, iPadOS, macOS, and watchOS updates, the flaws reside in the FontParser component and the kernel, allowing adversaries to remotely execute arbitrary code and run malicious programs with kernel-level privileges.\n\nThe zero-days were discovered and reported to Apple by Google's Project Zero security team.\n\n\"Apple is aware of reports that an exploit for this issue exists in the wild,\" the iPhone maker said of the three zero-days without giving any additional details so as to allow a vast majority of users to install the updates.\n\nThe list of [impacted devices](<https://support.apple.com/en-us/HT201222>) includes iPhone 5s and later, iPod touch 6th and 7th generation, iPad Air, iPad mini 2 and later, and Apple Watch Series 1 and later.\n\nThe fixes are available in versions iOS 12.4.9 and 14.2, iPadOS 14.2, watchOS 5.3.9, 6.2.9, and 7.1, and as a supplemental update for macOS Catalina 10.15.7.\n\nAccording to Apple's [security bulletin](<https://support.apple.com/en-us/HT211929>), the flaws are:\n\n * **CVE-2020-27930:** A memory corruption issue in the FontParser library that allows for remote code execution when processing a maliciously crafted font.\n * ****CVE-2020-27950**:** A memory initialization issue that allows a malicious application to execute arbitrary code with kernel privileges.\n * **CVE-2020-27932:** A type-confusion issue that makes it possible for a malicious application to disclose kernel memory.\n\n\"Targeted exploitation in the wild similar to the other recently reported 0days,\" [said](<https://twitter.com/ShaneHuntley/status/1324431104187670529>) Shane Huntley, Director of Google's Threat Analysis Group. \"Not related to any election targeting.\"\n\nThe disclosure is the latest in the string of zero-days Project Zero has reported since October 20. First came the Chrome zero-day in Freetype font rendering library ([CVE-2020-15999](<https://thehackernews.com/2020/10/chrome-zeroday-attacks.html>)), then a Windows zero-day ([CVE-2020-17087](<https://thehackernews.com/2020/11/warning-google-discloses-windows-zero.html>)), followed by two more in Chrome and its Android variant ([CVE-2020-16009 and CVE-2020-16010](<https://thehackernews.com/2020/11/new-chrome-zero-day-under-active.html>)).\n\nA patch for the Windows zero-day is expected to be released on November 10 as part of this month's Patch Tuesday.\n\nWhile more details are awaited on whether the zero-days were abused by the same threat actor, it's recommended that users update their devices to the latest versions to mitigate the risk associated with the flaws.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "modified": "2020-12-02T06:39:58", "published": "2020-11-06T07:48:00", "id": "THN:DAE548E4C591A2718BC3A3D2C9440FB1", "href": "https://thehackernews.com/2020/11/update-your-ios-devices-now-3-actively.html", "type": "thn", "title": "Update Your iOS Devices Now \u2014 3 Actively Exploited 0-Days Discovered", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-11-11T22:25:06", "bulletinFamily": "info", "cvelist": ["CVE-2020-15999", "CVE-2020-17040", "CVE-2020-17051", "CVE-2020-17052", "CVE-2020-17053", "CVE-2020-17084", "CVE-2020-17087", "CVE-2020-17091"], "description": "[](<https://thehackernews.com/images/-SSbDtuq5p6I/X6u3kb-4j9I/AAAAAAAAA_k/O2lxJLtO0ckb7kXyo7sAerMCMc2AMCCBwCLcBGAsYHQ/s0/microsoft-windows-patch-update.jpg>)\n\nMicrosoft formally released fixes for 112 newly discovered security vulnerabilities as part of its [November 2020 Patch Tuesday](<https://msrc.microsoft.com/update-guide/en-us/releaseNote/2020-Nov>), including an actively exploited zero-day flaw disclosed by Google's security team last week.\n\nThe rollout addresses flaws, 17 of which are rated as Critical, 93 are rated as Important, and two are rated Low in severity, once again bringing the patch count over 110 after a drop last month.\n\nThe security updates encompass a range of software, including Microsoft Windows, Office and Office Services and Web Apps, Internet Explorer, Edge, ChakraCore, Exchange Server, Microsoft Dynamics, Windows Codecs Library, Azure Sphere, Windows Defender, Microsoft Teams, and Visual Studio.\n\nChief among those fixed is [CVE-2020-17087](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17087>) (CVSS score 7.8), a buffer overflow flaw in Windows Kernel Cryptography Driver (\"cng.sys\") that was [disclosed on October 30](<https://thehackernews.com/2020/11/warning-google-discloses-windows-zero.html>) by the Google Project Zero team as being used in conjunction with a Chrome zero-day to compromise Windows 7 and Windows 10 users.\n\nFor its part, Google released an update for its Chrome browser to address the zero-day (CVE-2020-15999) last month.\n\nMicrosoft's advisory about the flaw doesn't go into any details beyond the fact that it was a \"Windows Kernel Local Elevation of Privilege Vulnerability\" in part to [restructure security advisories](<https://msrc-blog.microsoft.com/2020/11/09/vulnerability-descriptions-in-the-new-version-of-the-security-update-guide/>) in line with the Common Vulnerability Scoring System (CVSS) format starting this month.\n\nOutside of the zero-day, the update fixes a number of remote code execution (RCE) vulnerabilities impacting Exchange Server ([CVE-2020-17084](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17084>)), Network File System ([CVE-2020-17051](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17051>)), and Microsoft Teams ([CVE-2020-17091](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17091>)), as well as a security bypass flaw in Windows Hyper-V virtualization software ([CVE-2020-17040](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17040>)).\n\nCVE-2020-17051 is rated 9.8 out of a maximum 10 on the CVSS score, making it a critical vulnerability. Microsoft, however, noted that the attack complexity of the flaw \u2014 the conditions beyond the attacker's control that must exist in order to exploit the vulnerability \u2014 is low.\n\nAs with the zero-day, the advisories associated with these security shortcomings are light on descriptions, with little to no information on how these RCE flaws are abused or which security feature in Hyper-V is being bypassed.\n\nOther critical flaws fixed by Microsoft this month include memory corruption vulnerabilities in Microsoft Scripting Engine (CVE-2020-17052) and Internet Explorer (CVE-2020-17053), and multiple RCE flaws in HEVC Video Extensions Codecs library.\n\nIt's highly recommended that Windows users and system administrators apply the latest security patches to resolve the threats associated with these issues.\n\nTo install the latest security updates, Windows users can head to Start &gt; Settings &gt; Update &amp; Security &gt; Windows Update, or by selecting Check for Windows updates.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "modified": "2020-11-11T10:29:27", "published": "2020-11-11T10:09:00", "id": "THN:89153A67BADBEDB4D309DCACBFF2EA7F", "href": "https://thehackernews.com/2020/11/microsoft-releases-windows-security.html", "type": "thn", "title": "Microsoft Releases Windows Security Updates For Critical Flaws", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "oraclelinux": [{"lastseen": "2020-11-14T11:22:17", "bulletinFamily": "unix", "cvelist": ["CVE-2020-15999"], "description": "[2.9.1-4.el8_3.1]\n- Test bitmap size earlier for PNGs\n- Fix memory leak in pngshim.c\n- Resolves: #1891905", "edition": 1, "modified": "2020-11-13T00:00:00", "published": "2020-11-13T00:00:00", "id": "ELSA-2020-4952", "href": "http://linux.oracle.com/errata/ELSA-2020-4952.html", "title": "freetype security update", "type": "oraclelinux", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-11-08T23:20:45", "bulletinFamily": "unix", "cvelist": ["CVE-2020-15999"], "description": "[2.8-14.el7_9.1]\n- Test bitmap size earlier for PNGs\n- Fix memory leak in pngshim.c\n- Resolves: #1891635", "edition": 1, "modified": "2020-11-06T00:00:00", "published": "2020-11-06T00:00:00", "id": "ELSA-2020-4907", "href": "http://linux.oracle.com/errata/ELSA-2020-4907.html", "title": "freetype security update", "type": "oraclelinux", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "archlinux": [{"lastseen": "2020-11-06T11:39:41", "bulletinFamily": "unix", "cvelist": ["CVE-2020-15999"], "description": "Arch Linux Security Advisory ASA-202010-10\n==========================================\n\nSeverity: High\nDate : 2020-10-20\nCVE-ID : CVE-2020-15999\nPackage : freetype2\nType : arbitrary code execution\nRemote : Yes\nLink : https://security.archlinux.org/AVG-1254\n\nSummary\n=======\n\nThe package freetype2 before version 2.10.4-1 is vulnerable to\narbitrary code execution.\n\nResolution\n==========\n\nUpgrade to 2.10.4-1.\n\n# pacman -Syu \"freetype2>=2.10.4-1\"\n\nThe problem has been fixed upstream in version 2.10.4.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\nA heap buffer overflow has been found in freetype2 before 2.10.4.\nMalformed TTF files with PNG sbit glyphs can cause a heap buffer\noverflow in Load_SBit_Png as libpng uses the original 32-bit values,\nwhich are saved in png_struct. If the original width and/or height are\ngreater than 65535, the allocated buffer won't be able to fit the\nbitmap.\n\nImpact\n======\n\nA remote user can serve malformed TTF files that can cause arbitrary\ncode execution on the affected host.\n\nReferences\n==========\n\nhttp://git.savannah.nongnu.org/cgit/freetype/freetype2.git/commit/?id=a3bab162b2ae616074c8877a04556932998aeacd\nhttps://savannah.nongnu.org/bugs/?59308\nhttps://security.archlinux.org/CVE-2020-15999", "modified": "2020-10-20T00:00:00", "published": "2020-10-20T00:00:00", "id": "ASA-202010-10", "href": "https://security.archlinux.org/ASA-202010-10", "type": "archlinux", "title": "[ASA-202010-10] freetype2: arbitrary code execution", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-11-06T11:39:41", "bulletinFamily": "unix", "cvelist": ["CVE-2020-15999"], "description": "Arch Linux Security Advisory ASA-202010-11\n==========================================\n\nSeverity: High\nDate : 2020-10-20\nCVE-ID : CVE-2020-15999\nPackage : lib32-freetype2\nType : arbitrary code execution\nRemote : Yes\nLink : https://security.archlinux.org/AVG-1255\n\nSummary\n=======\n\nThe package lib32-freetype2 before version 2.10.4-1 is vulnerable to\narbitrary code execution.\n\nResolution\n==========\n\nUpgrade to 2.10.4-1.\n\n# pacman -Syu \"lib32-freetype2>=2.10.4-1\"\n\nThe problem has been fixed upstream in version 2.10.4.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\nA heap buffer overflow has been found in freetype2 before 2.10.4.\nMalformed TTF files with PNG sbit glyphs can cause a heap buffer\noverflow in Load_SBit_Png as libpng uses the original 32-bit values,\nwhich are saved in png_struct. If the original width and/or height are\ngreater than 65535, the allocated buffer won't be able to fit the\nbitmap.\n\nImpact\n======\n\nA remote user can serve malformed TTF files that can cause arbitrary\ncode execution on the affected host.\n\nReferences\n==========\n\nhttp://git.savannah.nongnu.org/cgit/freetype/freetype2.git/commit/?id=a3bab162b2ae616074c8877a04556932998aeacd\nhttps://savannah.nongnu.org/bugs/?59308\nhttps://security.archlinux.org/CVE-2020-15999", "modified": "2020-10-20T00:00:00", "published": "2020-10-20T00:00:00", "id": "ASA-202010-11", "href": "https://security.archlinux.org/ASA-202010-11", "type": "archlinux", "title": "[ASA-202010-11] lib32-freetype2: arbitrary code execution", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "debian": [{"lastseen": "2020-12-06T01:36:10", "bulletinFamily": "unix", "cvelist": ["CVE-2020-15999"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4777-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nOctober 21, 2020 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : freetype\nCVE ID : CVE-2020-15999\nDebian Bug : 972586\n\nSergei Glazunov discovered a heap-based buffer overflow vulnerability in\nthe handling of embedded PNG bitmaps in FreeType. Opening malformed\nfonts may result in denial of service or the execution of arbitrary\ncode.\n\nFor the stable distribution (buster), this problem has been fixed in\nversion 2.9.1-3+deb10u2.\n\nWe recommend that you upgrade your freetype packages.\n\nFor the detailed security status of freetype please refer to its\nsecurity tracker page at:\nhttps://security-tracker.debian.org/tracker/freetype\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 4, "modified": "2020-10-21T19:00:25", "published": "2020-10-21T19:00:25", "id": "DEBIAN:DSA-4777-1:E3B2F", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2020/msg00184.html", "title": "[SECURITY] [DSA 4777-1] freetype security update", "type": "debian", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-11-06T01:18:48", "bulletinFamily": "unix", "cvelist": ["CVE-2020-15999"], "description": "- -------------------------------------------------------------------------\nDebian LTS Advisory DLA-2415-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Thorsten Alteholz\nOctober 25, 2020 https://wiki.debian.org/LTS\n- -------------------------------------------------------------------------\n\nPackage : freetype\nVersion : 2.6.3-3.2+deb9u2\nCVE ID : CVE-2020-15999\n\n\nSergei Glazunov discovered a heap-based buffer overflow vulnerability in \nthe handling of embedded PNG bitmaps in FreeType. Opening malformed fonts \nmay result in denial of service or the execution of arbitrary code.\n\n\n\nFor Debian 9 stretch, this problem has been fixed in version \n2.6.3-3.2+deb9u2.\n\n\nWe recommend that you upgrade your freetype packages.\n\nFor the detailed security status of freetype please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/freetype\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n\n", "edition": 2, "modified": "2020-10-25T22:30:22", "published": "2020-10-25T22:30:22", "id": "DEBIAN:DLA-2415-1:46C29", "href": "https://lists.debian.org/debian-lts-announce/2020/debian-lts-announce-202010/msg00026.html", "title": "[SECURITY] [DLA 2415-1] freetype security update", "type": "debian", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:56", "bulletinFamily": "unix", "cvelist": ["CVE-2020-15999"], "description": "The FreeType engine is a free and portable font rendering engine, developed to provide advanced font support for a variety of platforms and environments. FreeType is a library which can open and manages font files as well as efficiently load, hint and render individual glyphs. FreeType is not a font server or a complete text-rendering library. ", "modified": "2020-11-07T01:28:39", "published": "2020-11-07T01:28:39", "id": "FEDORA:8B8553055E91", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 31 Update: freetype-2.10.0-4.fc31", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:56", "bulletinFamily": "unix", "cvelist": ["CVE-2020-15999"], "description": "The FreeType engine is a free and portable font rendering engine, developed to provide advanced font support for a variety of platforms and environments. FreeType is a library which can open and manages font files as well as efficiently load, hint and render individual glyphs. FreeType is not a font server or a complete text-rendering library. ", "modified": "2020-10-25T01:21:04", "published": "2020-10-25T01:21:04", "id": "FEDORA:6F705313E07A", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 32 Update: freetype-2.10.4-1.fc32", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:56", "bulletinFamily": "unix", "cvelist": ["CVE-2020-15999"], "description": "The FreeType engine is a free and portable font rendering engine, developed to provide advanced font support for a variety of platforms and environments. FreeType is a library which can open and manages font files as well as efficiently load, hint and render individual glyphs. FreeType is not a font server or a complete text-rendering library. ", "modified": "2020-10-25T01:01:39", "published": "2020-10-25T01:01:39", "id": "FEDORA:53B8A30C6A0B", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 33 Update: freetype-2.10.4-1.fc33", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:56", "bulletinFamily": "unix", "cvelist": ["CVE-2020-15967", "CVE-2020-15968", "CVE-2020-15969", "CVE-2020-15970", "CVE-2020-15971", "CVE-2020-15972", "CVE-2020-15973", "CVE-2020-15974", "CVE-2020-15975", "CVE-2020-15976", "CVE-2020-15977", "CVE-2020-15978", "CVE-2020-15979", "CVE-2020-15980", "CVE-2020-15981", "CVE-2020-15982", "CVE-2020-15983", "CVE-2020-15984", "CVE-2020-15985", "CVE-2020-15986", "CVE-2020-15987", "CVE-2020-15988", "CVE-2020-15989", "CVE-2020-15990", "CVE-2020-15991", "CVE-2020-15992", "CVE-2020-16000", "CVE-2020-16001", "CVE-2020-16002", "CVE-2020-16003", "CVE-2020-6557"], "description": "Chromium is an open-source web browser, powered by WebKit (Blink). ", "modified": "2020-11-07T00:23:12", "published": "2020-11-07T00:23:12", "id": "FEDORA:EEAC030B0FC3", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 31 Update: chromium-86.0.4240.111-1.fc31", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:56", "bulletinFamily": "unix", "cvelist": ["CVE-2020-15967", "CVE-2020-15968", "CVE-2020-15969", "CVE-2020-15970", "CVE-2020-15971", "CVE-2020-15972", "CVE-2020-15973", "CVE-2020-15974", "CVE-2020-15975", "CVE-2020-15976", "CVE-2020-15977", "CVE-2020-15978", "CVE-2020-15979", "CVE-2020-15980", "CVE-2020-15981", "CVE-2020-15982", "CVE-2020-15983", "CVE-2020-15984", "CVE-2020-15985", "CVE-2020-15986", "CVE-2020-15987", "CVE-2020-15988", "CVE-2020-15989", "CVE-2020-15990", "CVE-2020-15991", "CVE-2020-15992", "CVE-2020-16000", "CVE-2020-16001", "CVE-2020-16002", "CVE-2020-16003", "CVE-2020-6557"], "description": "Chromium is an open-source web browser, powered by WebKit (Blink). ", "modified": "2020-11-06T01:23:05", "published": "2020-11-06T01:23:05", "id": "FEDORA:9A29D35BA6A6", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 32 Update: chromium-86.0.4240.111-1.fc32", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:56", "bulletinFamily": "unix", "cvelist": ["CVE-2020-15967", "CVE-2020-15968", "CVE-2020-15969", "CVE-2020-15970", "CVE-2020-15971", "CVE-2020-15972", "CVE-2020-15973", "CVE-2020-15974", "CVE-2020-15975", "CVE-2020-15976", "CVE-2020-15977", "CVE-2020-15978", "CVE-2020-15979", "CVE-2020-15980", "CVE-2020-15981", "CVE-2020-15982", "CVE-2020-15983", "CVE-2020-15984", "CVE-2020-15985", "CVE-2020-15986", "CVE-2020-15987", "CVE-2020-15988", "CVE-2020-15989", "CVE-2020-15990", "CVE-2020-15991", "CVE-2020-15992", "CVE-2020-16000", "CVE-2020-16001", "CVE-2020-16002", "CVE-2020-16003", "CVE-2020-16004", "CVE-2020-16005", "CVE-2020-16006", "CVE-2020-16008", "CVE-2020-16009", "CVE-2020-6557"], "description": "Chromium is an open-source web browser, powered by WebKit (Blink). ", "modified": "2020-11-14T01:13:13", "published": "2020-11-14T01:13:13", "id": "FEDORA:B7E3531099A9", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 33 Update: chromium-86.0.4240.183-1.fc33", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2020-11-04T23:40:43", "bulletinFamily": "unix", "cvelist": ["CVE-2020-15999"], "description": "USN-4593-1 fixed a vulnerability in FreeType. This update provides \nthe corresponding update for Ubuntu 14.04 ESM.\n\nOriginal advisory details:\n\nSergei Glazunov discovered that FreeType did not correctly handle certain \nmalformed font files. If a user were tricked into using a specially crafted \nfont file, a remote attacker could cause FreeType to crash or possibly \nexecute arbitrary code with user privileges.", "edition": 2, "modified": "2020-10-22T00:00:00", "published": "2020-10-22T00:00:00", "id": "USN-4593-2", "href": "https://ubuntu.com/security/notices/USN-4593-2", "title": "FreeType vulnerability", "type": "ubuntu", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-11-04T23:40:11", "bulletinFamily": "unix", "cvelist": ["CVE-2020-15999"], "description": "Sergei Glazunov discovered that FreeType did not correctly handle certain \nmalformed font files. If a user were tricked into using a specially crafted \nfont file, a remote attacker could cause FreeType to crash or possibly \nexecute arbitrary code with user privileges.", "edition": 2, "modified": "2020-10-20T00:00:00", "published": "2020-10-20T00:00:00", "id": "USN-4593-1", "href": "https://ubuntu.com/security/notices/USN-4593-1", "title": "FreeType vulnerability", "type": "ubuntu", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "centos": [{"lastseen": "2020-11-07T03:23:42", "bulletinFamily": "unix", "cvelist": ["CVE-2020-15999"], "description": "**CentOS Errata and Security Advisory** CESA-2020:4907\n\n\nFreeType is a free, high-quality, portable font engine that can open and manage font files. FreeType loads, hints, and renders individual glyphs efficiently.\n\nSecurity Fix(es):\n\n* freetype: Heap-based buffer overflow due to integer truncation in Load_SBit_Png (CVE-2020-15999)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-cr-announce/2020-November/012870.html\n\n**Affected packages:**\nfreetype\nfreetype-demos\nfreetype-devel\n\n**Upstream details at:**\n", "edition": 1, "modified": "2020-11-06T21:57:09", "published": "2020-11-06T21:57:09", "id": "CESA-2020:4907", "href": "http://lists.centos.org/pipermail/centos-cr-announce/2020-November/012870.html", "title": "freetype security update", "type": "centos", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "malwarebytes": [{"lastseen": "2020-11-04T22:16:34", "bulletinFamily": "blog", "cvelist": ["CVE-2020-15999"], "description": "Google has recently released Chrome version 86.0.4240.111 to [patch several holes](<https://chromium.googlesource.com/chromium/src/+log/86.0.4240.75..86.0.4240.111?pretty=fuller&n=10000>). One is for a [zero-day](<https://blog.malwarebytes.com/glossary/zero-day/>) flaw - that means a vulnerability that is being actively exploited in the wild.\n\nThe flaw, which is officially designated as CVE-2020-15999, occurs in the way FreeType handles PNG images embedded in fonts using the _Load_SBit_Png_ function. FreeType is a popular text rendering library that Chrome uses. According to [the bug report](<https://savannah.nongnu.org/bugs/?59308>) filed by Sergei Glazunov, a security researcher from Google\u2019s very own Project Zero team, the function has the following tasks:\n\n> 1) Obtains the image width and height from the header as 32-bit integers. \n2) Truncates the obtained values to 16 bit and stores them in a \u2018TT_SBit_Metrics\u2019 structure. \n3) Uses the truncated values to calculate the bitmap size. \n4) Allocates the backing store of that size. 5) Passes \u2018png_struct\u2019 and the backing store to a _libpng_ function.\n\nGlazunov further explains that since the _libpng_ function uses 32-bit values instead of the truncated 16-bit values, a [heap buffer overflow](<https://resources.infosecinstitute.com/heap-overflow-vulnerability-and-heap-internals-explained/>) in FreeType could occur if the PNG\u2019s width and/or height exceeds 65535, the highest possible allocated buffer or memory for this type of data. This would result in certain pieces of data being overwritten or corrupted and, overall, the program behaving differently. So, anyone who successfully exploits this bug could either allow remote execution of malicious code in the context of the browser or a complete compromise of the affected system.\n\nGoogle didn\u2019t further elaborate on how CVE-2020-15999 is being exploited to target its users, or who is possibly behind the exploitation.\n\n### Update your Chrome now\n\nChrome users are advised to update to the current browser version, 86.0.4240.111, to protect themselves from getting exploited. Development teams who use the same FreeType libraries should update to FreeType 2.10.4.\n\nThe post [Google patches actively exploited zero-day bug that affects Chrome users](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2020/10/google-patches-exploited-zero-day-bug-that-affects-chrome-users/>) appeared first on [Malwarebytes Labs](<https://blog.malwarebytes.com>).", "modified": "2020-10-26T10:58:14", "published": "2020-10-26T10:58:14", "id": "MALWAREBYTES:40B6CEF3C04EE6E976C145960F0C4FEE", "href": "https://blog.malwarebytes.com/exploits-and-vulnerabilities/2020/10/google-patches-exploited-zero-day-bug-that-affects-chrome-users/", "type": "malwarebytes", "title": "Google patches actively exploited zero-day bug that affects Chrome users", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-11-04T22:16:34", "bulletinFamily": "blog", "cvelist": ["CVE-2020-15999", "CVE-2020-16009"], "description": "Before you start to Google for election news, we&#x27;d like you to check whether your browser is at the latest and safest version. \u201cAgain?\u201d, Chrome users may say. Yes, because Google has found another zero-day vulnerability - that means it&#x27;s a hole that is actively being exploited right now.\n\nIt&#x27;s the second zero-day in Google found in the past two weeks. Last week [we reported about CVE-2020-15999](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2020/10/google-patches-exploited-zero-day-bug-that-affects-chrome-users/>) and advised to upgrade to at least version 86.0.4240.111. Today it is the turn of CVE-2020-16009 which is patched in Chrome version 86.0.4240.183 and later.\n\n### How do I install Chrome patches?\n\nThe easiest way to do it is to allow Chrome to update automatically which basically uses the same method as outlined below but does not require your attention. But you can end up lagging behind if you never close the browser or if something goes wrong, such as an extension stopping you from updating the browser. So, it doesn\u2019t hurt to check now and then. And now would be a good time, given the zero-day vulnerability. My preferred method, which also allows me to keep track, is to have Chrome open the page chrome://settings/help which you can also find by clicking **Settings &gt; About Chrome**.\n\nIf there is an update available, Chrome will notify you and start downloading it. Then it will tell you all you have to do to complete the update is **Relaunch **the browser.\n\n\n\n### What is this Chrome patch for?\n\nGoogle has not disclosed what the 0-day does or how it is used. This is habitual as they want to give users a chance to update before giving threat-actors the chance to design their own exploits. But researchers came to the conclusion that it must have something to do with the way the Chrome browser handles Javascript by looking at the [changelog](<https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop.html>).\n\n\n\nAfter the update, the security hole should be patched and your settings page should say:\n\nVersion 86.0.4240.183\n\nIf so, you\u2019re good to go for now.\n\nStay safe, everyone!\n\nThe post [Update your Chrome again as Google patches second zero-day in two weeks](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2020/11/chrome-patches-second-zero-day-in-two-weeks/>) appeared first on [Malwarebytes Labs](<https://blog.malwarebytes.com>).", "modified": "2020-11-03T18:30:00", "published": "2020-11-03T18:30:00", "id": "MALWAREBYTES:79956B6DF02C5841171B3AEE17565978", "href": "https://blog.malwarebytes.com/exploits-and-vulnerabilities/2020/11/chrome-patches-second-zero-day-in-two-weeks/", "type": "malwarebytes", "title": "Update your Chrome again as Google patches second zero-day in two weeks", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2020-10-23T07:14:30", "bulletinFamily": "unix", "cvelist": ["CVE-2020-15999"], "description": "### Background\n\nFreeType is a high-quality and portable font engine.\n\n### Description\n\nA flaw in FreeType\u2019s handling of embedded PNG bitmaps was discovered where the image height and width was not checked to be within bounds. \n\n### Impact\n\nA remote attacker could entice a user to open a specially crafted font file using FreeType possibly resulting in the execution of arbitrary code with the privileges of the process or a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll FreeType users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-libs/freetype-2.10.3-r1\"", "edition": 1, "modified": "2020-10-23T00:00:00", "published": "2020-10-23T00:00:00", "id": "GLSA-202010-07", "href": "https://security.gentoo.org/glsa/202010-07", "title": "FreeType: Arbitrary code execution", "type": "gentoo", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2020-11-11T09:13:08", "bulletinFamily": "unix", "cvelist": ["CVE-2020-15999", "CVE-2020-16009", "CVE-2020-16005", "CVE-2020-16004", "CVE-2020-16008", "CVE-2020-16016", "CVE-2020-16006"], "description": "### Background\n\nChromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. \n\nGoogle Chrome is one fast, simple, and secure browser for all your devices. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Chromium and Google Chrome. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nPlease review the referenced CVE identifiers for details.\n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Chromium users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=www-client/chromium-86.0.4240.193\"\n \n\nAll Google Chrome users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=www-client/google-chrome-86.0.4240.193\"", "edition": 1, "modified": "2020-11-11T00:00:00", "published": "2020-11-11T00:00:00", "id": "GLSA-202011-12", "href": "https://security.gentoo.org/glsa/202011-12", "title": "Chromium, Google Chrome: Multiple vulnerabilities", "type": "gentoo", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "amazon": [{"lastseen": "2020-12-09T09:23:19", "bulletinFamily": "unix", "cvelist": ["CVE-2020-15999"], "description": "**Issue Overview:**\n\nHeap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. ([CVE-2020-15999 __](<https://access.redhat.com/security/cve/CVE-2020-15999>))\n\n \n**Affected Packages:** \n\n\nfreetype\n\n \n**Issue Correction:** \nRun _yum update freetype_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n aarch64: \n freetype-2.8-14.amzn2.1.aarch64 \n freetype-demos-2.8-14.amzn2.1.aarch64 \n freetype-devel-2.8-14.amzn2.1.aarch64 \n freetype-debuginfo-2.8-14.amzn2.1.aarch64 \n \n i686: \n freetype-2.8-14.amzn2.1.i686 \n freetype-demos-2.8-14.amzn2.1.i686 \n freetype-devel-2.8-14.amzn2.1.i686 \n freetype-debuginfo-2.8-14.amzn2.1.i686 \n \n src: \n freetype-2.8-14.amzn2.1.src \n \n x86_64: \n freetype-2.8-14.amzn2.1.x86_64 \n freetype-demos-2.8-14.amzn2.1.x86_64 \n freetype-devel-2.8-14.amzn2.1.x86_64 \n freetype-debuginfo-2.8-14.amzn2.1.x86_64 \n \n \n", "edition": 1, "modified": "2020-12-08T20:55:00", "published": "2020-12-08T20:55:00", "id": "ALAS2-2020-1565", "href": "https://alas.aws.amazon.com/AL2/ALAS-2020-1565.html", "title": "Important: freetype", "type": "amazon", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "github": [{"lastseen": "2021-02-08T18:48:34", "bulletinFamily": "software", "cvelist": ["CVE-2020-15999"], "description": "### Impact\nA memory corruption bug(Heap overflow) in the FreeType font rendering library.\n\n> This can be exploited by attackers to execute arbitrary code by using specially crafted fonts with embedded PNG images .\n\nAs per https://www.secpod.com/blog/chrome-zero-day-under-active-exploitation-patch-now/ \n\nGoogle is aware of reports that an exploit for CVE-2020-15999 exists in the wild.\n\n### Patches\nUpgrade to 85.3.130 or higher\n\n### References\n- https://www.secpod.com/blog/chrome-zero-day-under-active-exploitation-patch-now/\n- https://www.zdnet.com/article/google-releases-chrome-security-update-to-patch-actively-exploited-zero-day/\n- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15999\n- https://magpcss.org/ceforum/viewtopic.php?f=10&t=17942\n\nTo review the `CEF/Chromium` patch see https://bitbucket.org/chromiumembedded/cef/commits/cd6cbe008b127990036945fb75e7c2c1594ab10d", "edition": 6, "modified": "2021-02-08T15:46:59", "published": "2020-10-27T19:47:38", "id": "GHSA-PV36-H7JH-QM62", "href": "https://github.com/advisories/GHSA-pv36-h7jh-qm62", "title": "Heap overflow in the freetype library", "type": "github", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "slackware": [{"lastseen": "2020-11-04T20:47:17", "bulletinFamily": "unix", "cvelist": ["CVE-2020-15999"], "description": "New freetype packages are available for Slackware 14.0, 14.1, 14.2,\nand -current to fix security issues.\n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n\npatches/packages/freetype-2.6.3-i586-3_slack14.2.txz: Rebuilt.\n Fix heap buffer overflow in embedded PNG bitmap handling.\n For more information, see:\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15999\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/freetype-2.5.5-i486-3_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/freetype-2.5.5-x86_64-3_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/freetype-2.5.5-i486-3_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/freetype-2.5.5-x86_64-3_slack14.1.txz\n\nUpdated package for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/freetype-2.6.3-i586-3_slack14.2.txz\n\nUpdated package for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/freetype-2.6.3-x86_64-3_slack14.2.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/freetype-2.10.4-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/freetype-2.10.4-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 14.0 package:\nbef4a8ff7ea2ea76731ff99c2356bb31 freetype-2.5.5-i486-3_slack14.0.txz\n\nSlackware x86_64 14.0 package:\n425bf27d171d2913c79d53e200b241b4 freetype-2.5.5-x86_64-3_slack14.0.txz\n\nSlackware 14.1 package:\n7079bd2e315a8ccc29102f92621df53c freetype-2.5.5-i486-3_slack14.1.txz\n\nSlackware x86_64 14.1 package:\nbb9b36305cbd760b67c60bf6655cf9de freetype-2.5.5-x86_64-3_slack14.1.txz\n\nSlackware 14.2 package:\n222af2c02358c844eec303a41b1dd91d freetype-2.6.3-i586-3_slack14.2.txz\n\nSlackware x86_64 14.2 package:\na1ae0c1201ab2128f7a5d42ca248936a freetype-2.6.3-x86_64-3_slack14.2.txz\n\nSlackware -current package:\nbd27581eed2b9068f4a7c72dbc70b98a l/freetype-2.10.4-i586-1.txz\n\nSlackware x86_64 -current package:\na66931bd6ea3213f8922c748716eef44 l/freetype-2.10.4-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg freetype-2.6.3-i586-3_slack14.2.txz", "modified": "2020-10-20T22:26:01", "published": "2020-10-20T22:26:01", "id": "SSA-2020-294-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2020&m=slackware-security.420341", "type": "slackware", "title": "[slackware-security] freetype", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "qualysblog": [{"lastseen": "2020-10-22T20:10:45", "bulletinFamily": "blog", "cvelist": ["CVE-2020-15999"], "description": "**Update October 22, 2020**: The [Vulnerability Detection Pipeline](<https://community.qualys.com/vulnerability-detection-pipeline/>) (beta) has been updated to include detections of all severities. It now gives visibility into upcoming and recently published detections with severity 3, 2 and 1 in addition to severity 5 and 4.\n\nThe pipeline also supports a URL parameter that identifies a specific CVE, e.g. <https://community.qualys.com/vulnerability-detection-pipeline/#CVE-2020-15999>. This is helpful if you want to share a specific entry with a colleague. The parameter must be in standard CVE format.\n\nIf a search on the pipeline returns zero results, the pipeline now displays a link to [instructions for requesting a new QID](<https://qualys-secure.force.com/customer/s/article/000002922>).\n\n**Original Post**: The new [Vulnerability Detection Pipeline](<https://community.qualys.com/vulnerability-detection-pipeline/>), now in beta on Qualys Community, gives you visibility into upcoming and recently published vulnerability signatures (QIDs). Now you can track the development status of vulnerability signatures for recent high-priority vulnerabilities, to help you stay on top of the latest threats.\n\nThe new service shows which severity 4 or 5 vulnerabilities are currently being investigated by the Qualys vulnerability signatures team, which detections are being developed and will be available soon in the KnowledgeBase, and which ones have been published within the last two weeks.\n\n### Browse, Filter and Search\n\nTo help you find what you are looking for, you can browse the full list of detections, filter by detection status, perform full-text search of the signature details including by CVE number, and sort the detections by title and severity.\n\n\n\n### Detection Status\n\n *  **Under investigation:** We are researching a detection and will publish one if it is feasible.\n *  **In development:** We are coding a detection and will typically publish it within a few days.\n *  **Recently published:** We have published the detection on the date indicated, and it will typically be available in the KnowledgeBase on shared platforms within a day.\n\n### Using the Detections Pipeline\n\nAnyone can view the [Vulnerability Detection Pipeline](<https://community.qualys.com/vulnerability-detection-pipeline/>) (beta). \n\nQualys customers have access to tens of thousands of published detections across hundreds of applications and operating systems, updated many times per week, in the [Qualys KnowledgeBase](<https://www.qualys.com/training/library/vulnerability-management/>) in their [subscription](<https://www.qualys.com/platform-identification/>).\n\nNon-customers can audit their network for all published vulnerabilities by signing up for a [Qualys Free Trial](<https://www.qualys.com/free-trial/>) or [Qualys Community Edition](<https://www.qualys.com/community-edition/>).\n\n### What&#x27;s Next\n\nWe are currently investigating new features to make the vulnerability detection pipeline more useful to our customers, for example:\n\n * subscribe to get notified when new detections are published.\n * request detections that are not available or in the pipeline already.\n\nLet us know any other use cases you would like to see addressed, and provide your feedback on the current service. Please either contact your TAM or [share your pipeline improvement suggestions](<https://qualys-secure.force.com/discussions/s/question/0D52L00004lYLcHSAW/vulnerability-detection-pipeline-feedback>) with the community.", "modified": "2020-09-16T17:43:34", "published": "2020-09-16T17:43:34", "id": "QUALYSBLOG:96DCE4C98C4BF0770916E3FFC1290807", "href": "https://blog.qualys.com/category/vulnerabilities-research", "type": "qualysblog", "title": "Vulnerability Detection Pipeline (Beta)", "cvss": {"score": 0.0, "vector": "NONE"}}], "krebs": [{"lastseen": "2020-11-24T10:28:18", "bulletinFamily": "blog", "cvelist": ["CVE-2020-15999", "CVE-2020-16875", "CVE-2020-17051", "CVE-2020-17087"], "description": "**Adobe** and **Microsoft** each issued a bevy of updates today to plug critical security holes in their software. Microsoft&#x27;s release includes fixes for 112 separate flaws, including one zero-day vulnerability that is already being exploited to attack Windows users. Microsoft also is taking flak for changing its security advisories and limiting the amount of information disclosed about each bug.\n\n\n\nSome 17 of the 112 issues fixed in today&#x27;s patch batch involve &quot;critical&quot; problems in Windows, or those that can be exploited by malware or malcontents to seize complete, remote control over a vulnerable Windows computer without any help from users.\n\nMost of the rest were assigned the rating &quot;important,&quot; which [in Redmond parlance](<https://www.microsoft.com/en-us/msrc/security-update-severity-rating-system>) refers to a vulnerability whose exploitation could &quot;compromise the confidentiality, integrity, or availability of user data, or of the integrity or availability of processing resources.&quot;\n\nA chief concern among all these updates this month is [CVE-2020-17087](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17087>), which is an &quot;important&quot; bug in the Windows kernel that is already seeing active exploitation. CVE-2020-17087 is not listed as critical because it&#x27;s what&#x27;s known as a privilege escalation flaw that would allow an attacker who has already compromised a less powerful user account on a system to gain administrative control. In essence, it would have to be chained with another exploit.\n\nUnfortunately, this is exactly what Google researchers described witnessing recently. On Oct. 20, **Google** released an update for its **Chrome** browser which fixed a bug ([CVE-2020-15999](<https://nvd.nist.gov/vuln/detail/CVE-2020-15999>)) that was seen being used in conjunction with CVE-2020-17087 to compromise Windows users.\n\nIf you take a look at the advisory Microsoft released today for CVE-2020-17087 (or any others from today&#x27;s batch), you might notice they look a bit more sparse. That&#x27;s because Microsoft has opted to restructure those advisories around the [Common Vulnerability Scoring System](<https://nvd.nist.gov/vuln-metrics/cvss>) (CVSS) format to more closely align the format of the advisories with that of other major software vendors.\n\nBut in so doing, Microsoft has also removed some useful information, such as the description explaining in broad terms the scope of the vulnerability, how it can be exploited, and what the result of the exploitation might be. Microsoft explained its reasoning behind this shift in [a blog post](<https://msrc-blog.microsoft.com/2020/11/09/vulnerability-descriptions-in-the-new-version-of-the-security-update-guide/>).\n\nNot everyone is happy with the new format. **Bob Huber**, chief security officer at [Tenable](<https://www.tenable.com>), praised Microsoft for adopting an industry standard, but said the company should consider that folks who review Patch Tuesday releases aren\u2019t security practitioners but rather IT counterparts responsible for actually applying the updates who often aren\u2019t able (and shouldn\u2019t have to) decipher raw CVSS data.\n\n&quot;With this new format, end users are completely blind to how a particular CVE impacts them,&quot; Huber said. &quot;What\u2019s more, this makes it nearly impossible to determine the urgency of a given patch. It\u2019s difficult to understand the benefits to end-users. However, it\u2019s not too difficult to see how this new format benefits bad actors. They\u2019ll reverse engineer the patches and, by Microsoft not being explicit about vulnerability details, the advantage goes to attackers, not defenders. Without the proper context for these CVEs, it becomes increasingly difficult for defenders to prioritize their remediation efforts.&quot;\n\n**Dustin Childs **with **Trend Micro**&#x27;s [Zero Day Initiative](<https://www.zerodayinitiative.com/>) also puzzled over the lack of details included in Microsoft advisories tied to two other flaws fixed today -- including one in **Microsoft Exchange Server **([CVE-2020-16875](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-16875>)) and [CVE-2020-17051](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17051>), which is a scary-looking weakness in the **Windows Network File System (NFS)**.\n\nThe Exchange problem, Childs said, was reported by the winner of the [Pwn2Own Miami bug finding contest](<https://www.thezdi.com/blog/2020/1/21/pwn2own-miami-2020-schedule-and-live-results>).\n\n&quot;With no details provided by Microsoft, we can only assume this is the bypass of CVE-2020-16875 he had previously mentioned,&quot; Childs said. &quot;It is very likely he will publish the details of these bugs soon. Microsoft rates this as important, but I would treat it as critical, especially since people seem to find it hard to patch Exchange at all.&quot;\n\nLikewise, with CVE-2020-17051, there was a noticeable lack of detail for bug that earned a CVSS score of 9.8 (10 is the most dangerous).\n\n&quot;With no description to work from, we need to rely on the CVSS to provide clues about the real risk from the bug,&quot; Childs said. &quot;Considering this is listed as no user interaction with low attack complexity, and considering NFS is a network service, you should treat this as wormable until we learn otherwise.&quot;\n\nSeparately, Adobe today released updates to plug at least 14 security holes in Adobe Acrobat and Reader. Details about those fixes are available [here](<https://helpx.adobe.com/security/products/acrobat/apsb20-67.html>). There are no security updates for Adobe&#x27;s Flash Player, which Adobe has said will be retired at the end of the year. Microsoft, which has bundled versions of Flash with its Web browsers, says it plans to ship an update in December that will remove Flash from Windows PCs, and last month it made the removal tool [available for download](<https://support.microsoft.com/en-us/help/4577586/update-for-removal-of-adobe-flash-player>).\n\nWindows 10 users should be aware that the operating system will download updates and install them on its own schedule, closing out active programs and rebooting the system. If you wish to ensure Windows has been set to pause updating so you can back up your files and/or system, see [this guide](<https://www.computerworld.com/article/3543189/check-to-make-sure-you-have-windows-updates-paused.html>).\n\nBut please do back up your system before applying any of these updates. Windows 10 even has [some built-in tools](<https://lifehacker.com/how-to-back-up-your-computer-automatically-with-windows-1762867473>) to help you do that, either on a per-file/folder basis or by making a complete and bootable copy of your hard drive all at once.\n\nAs always, if you experience glitches or problems installing any of these patches this month, please consider leaving a comment about it below; there\u2019s a better-than-even chance other readers have experienced the same and may chime in here with some helpful tips.", "modified": "2020-11-11T01:56:41", "published": "2020-11-11T01:56:41", "id": "KREBS:613A537780BD40A6F8E0047CE8D3E6EC", "href": "https://krebsonsecurity.com/2020/11/patch-tuesday-november-2020-edition/", "type": "krebs", "title": "Patch Tuesday, November 2020 Edition", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}