Action not permitted
Modal body text goes here.
cve-2019-13753
Vulnerability from cvelistv5
Published
2019-12-10 21:01
Modified
2024-08-05 00:05
Severity ?
EPSS score ?
Summary
Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T00:05:44.109Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://crbug.com/1025471" }, { "name": "RHSA-2019:4238", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:4238" }, { "name": "openSUSE-SU-2019:2692", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html" }, { "name": "FEDORA-2019-1a10c04281", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/" }, { "name": "openSUSE-SU-2019:2694", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html" }, { "name": "FEDORA-2020-4355ea258e", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" }, { "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "https://seclists.org/bugtraq/2020/Jan/27" }, { "name": "DSA-4606", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2020/dsa-4606" }, { "name": "GLSA-202003-08", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202003-08" }, { "name": "USN-4298-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/4298-1/" }, { "name": "USN-4298-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/4298-2/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Chrome", "vendor": "Google", "versions": [ { "lessThan": "79.0.3945.79", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page." } ], "problemTypes": [ { "descriptions": [ { "description": "Out of bounds read", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-08-06T18:06:17", "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://crbug.com/1025471" }, { "name": "RHSA-2019:4238", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:4238" }, { "name": "openSUSE-SU-2019:2692", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html" }, { "name": "FEDORA-2019-1a10c04281", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/" }, { "name": "openSUSE-SU-2019:2694", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html" }, { "name": "FEDORA-2020-4355ea258e", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" }, { "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "https://seclists.org/bugtraq/2020/Jan/27" }, { "name": "DSA-4606", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2020/dsa-4606" }, { "name": "GLSA-202003-08", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/202003-08" }, { "name": "USN-4298-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/4298-1/" }, { "name": "USN-4298-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/4298-2/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "chrome-cve-admin@google.com", "ID": "CVE-2019-13753", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Chrome", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "79.0.3945.79" } ] } } ] }, "vendor_name": "Google" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Out of bounds read" } ] } ] }, "references": { "reference_data": [ { "name": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", "refsource": "MISC", "url": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html" }, { "name": "https://crbug.com/1025471", "refsource": "MISC", "url": "https://crbug.com/1025471" }, { "name": "RHSA-2019:4238", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:4238" }, { "name": "openSUSE-SU-2019:2692", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html" }, { "name": "FEDORA-2019-1a10c04281", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/" }, { "name": "openSUSE-SU-2019:2694", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html" }, { "name": "FEDORA-2020-4355ea258e", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" }, { "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2020/Jan/27" }, { "name": "DSA-4606", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2020/dsa-4606" }, { "name": "GLSA-202003-08", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202003-08" }, { "name": "USN-4298-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4298-1/" }, { "name": "USN-4298-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4298-2/" } ] } } } }, "cveMetadata": { "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "assignerShortName": "Chrome", "cveId": "CVE-2019-13753", "datePublished": "2019-12-10T21:01:53", "dateReserved": "2019-07-18T00:00:00", "dateUpdated": "2024-08-05T00:05:44.109Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2019-13753\",\"sourceIdentifier\":\"chrome-cve-admin@google.com\",\"published\":\"2019-12-10T22:15:15.057\",\"lastModified\":\"2024-11-21T04:25:39.250\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.\"},{\"lang\":\"es\",\"value\":\"Una lectura fuera de l\u00edmites en SQLite en Google Chrome versiones anteriores a la versi\u00f3n 79.0.3945.79, permiti\u00f3 a un atacante remoto conseguir informaci\u00f3n potencialmente confidencial desde la memoria del proceso por medio de una p\u00e1gina HTML especialmente dise\u00f1ada.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:N/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"79.0.3945.79\",\"matchCriteriaId\":\"D3900404-81EC-4968-BD74-1630F385643D\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"97A4B8DF-58DA-4AB6-A1F9-331B36409BA3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80F0FA5D-8D3B-4C0E-81E2-87998286AF33\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:x64:*\",\"matchCriteriaId\":\"EB779E2B-B0A9-41F4-9000-4BAB848E7677\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:x86:*\",\"matchCriteriaId\":\"142A2E7B-9B0D-4335-8C92-FC9A6381DC8C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:6.0:*:*:*:*:*:x64:*\",\"matchCriteriaId\":\"6194D474-EEEA-41FD-8FE8-090A9C10BDBF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:6.0:*:*:*:*:*:x86:*\",\"matchCriteriaId\":\"1C493BF1-8890-4A3A-A207-FA5273259F61\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:x64:*\",\"matchCriteriaId\":\"F4C70C61-4DE2-49BE-81EA-9BCAC6F31C15\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:x86:*\",\"matchCriteriaId\":\"61F3999C-19F8-4723-8AC9-687FEFF27BD7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:x64:*\",\"matchCriteriaId\":\"5F492BA1-72AD-4302-985E-EB2E465FC22B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:x86:*\",\"matchCriteriaId\":\"BD58D619-D524-4690-85E4-ECE3B984D4B1\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*\",\"matchCriteriaId\":\"815D70A8-47D3-459C-A32C-9FEACA0659D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*\",\"matchCriteriaId\":\"7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A31C8344-3E02-4EB8-8BD8-4C84B7959624\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:4238\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://crbug.com/1025471\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Permissions Required\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://seclists.org/bugtraq/2020/Jan/27\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202003-08\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/4298-1/\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/4298-2/\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2020/dsa-4606\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:4238\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://crbug.com/1025471\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Permissions Required\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://seclists.org/bugtraq/2020/Jan/27\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202003-08\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/4298-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/4298-2/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2020/dsa-4606\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}" } }
ghsa-9vwm-wj9h-8v65
Vulnerability from github
Published
2022-05-24 17:03
Modified
2023-02-10 21:30
Severity ?
Details
Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
{ "affected": [], "aliases": [ "CVE-2019-13753" ], "database_specific": { "cwe_ids": [ "CWE-125" ], "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2019-12-10T22:15:00Z", "severity": "MODERATE" }, "details": "Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.", "id": "GHSA-9vwm-wj9h-8v65", "modified": "2023-02-10T21:30:32Z", "published": "2022-05-24T17:03:02Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13753" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2019:4238" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html" }, { "type": "WEB", "url": "https://crbug.com/1025471" }, { "type": "WEB", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU" }, { "type": "WEB", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK" }, { "type": "WEB", "url": "https://seclists.org/bugtraq/2020/Jan/27" }, { "type": "WEB", "url": "https://security.gentoo.org/glsa/202003-08" }, { "type": "WEB", "url": "https://usn.ubuntu.com/4298-1" }, { "type": "WEB", "url": "https://usn.ubuntu.com/4298-2" }, { "type": "WEB", "url": "https://www.debian.org/security/2020/dsa-4606" }, { "type": "WEB", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html" }, { "type": "WEB", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "type": "CVSS_V3" } ] }
rhsa-2020_1810
Vulnerability from csaf_redhat
Published
2020-04-28 15:49
Modified
2024-11-22 14:07
Summary
Red Hat Security Advisory: sqlite security and bug fix update
Notes
Topic
An update for sqlite is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL database without the administrative hassles of supporting a separate database server.
Security Fix(es):
* sqlite: heap out-of-bound read in function rtreenode() (CVE-2019-8457)
* sqlite: fts3: improve shadow table corruption detection (CVE-2019-13752)
* sqlite: fts3: incorrectly removed corruption check (CVE-2019-13753)
* sqlite: mishandling of certain uses of SELECT DISTINCT involving a LEFT JOIN in flattenSubquery in select.c leads to a NULL pointer dereference (CVE-2019-19923)
* sqlite: incorrect sqlite3WindowRewrite() error handling leads to mishandling certain parser-tree rewriting (CVE-2019-19924)
* sqlite: zipfileUpdate in ext/misc/zipfile.c mishandles a NULL pathname during an update of a ZIP archive (CVE-2019-19925)
* sqlite: mishandles certain uses of INSERT INTO in situations involving embedded '\0' characters in filenames (CVE-2019-19959)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.2 Release Notes linked from the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for sqlite is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL database without the administrative hassles of supporting a separate database server.\n\nSecurity Fix(es):\n\n* sqlite: heap out-of-bound read in function rtreenode() (CVE-2019-8457)\n\n* sqlite: fts3: improve shadow table corruption detection (CVE-2019-13752)\n\n* sqlite: fts3: incorrectly removed corruption check (CVE-2019-13753)\n\n* sqlite: mishandling of certain uses of SELECT DISTINCT involving a LEFT JOIN in flattenSubquery in select.c leads to a NULL pointer dereference (CVE-2019-19923)\n\n* sqlite: incorrect sqlite3WindowRewrite() error handling leads to mishandling certain parser-tree rewriting (CVE-2019-19924)\n\n* sqlite: zipfileUpdate in ext/misc/zipfile.c mishandles a NULL pathname during an update of a ZIP archive (CVE-2019-19925)\n\n* sqlite: mishandles certain uses of INSERT INTO in situations involving embedded \u0027\\0\u0027 characters in filenames (CVE-2019-19959)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.2 Release Notes linked from the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2020:1810", "url": "https://access.redhat.com/errata/RHSA-2020:1810" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.2_release_notes/index", "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.2_release_notes/index" }, { "category": "external", "summary": "1716881", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1716881" }, { "category": "external", "summary": "1781999", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781999" }, { "category": "external", "summary": "1782000", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1782000" }, { "category": "external", "summary": "1788842", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788842" }, { "category": "external", "summary": "1788846", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788846" }, { "category": "external", "summary": "1788866", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788866" }, { "category": "external", "summary": "1789595", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1789595" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_1810.json" } ], "title": "Red Hat Security Advisory: sqlite security and bug fix update", "tracking": { "current_release_date": "2024-11-22T14:07:49+00:00", "generator": { "date": "2024-11-22T14:07:49+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2020:1810", "initial_release_date": "2020-04-28T15:49:32+00:00", "revision_history": [ { "date": "2020-04-28T15:49:32+00:00", "number": "1", "summary": "Initial version" }, { "date": "2020-04-28T15:49:32+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-22T14:07:49+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux AppStream (v. 8)", "product": { "name": "Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.2.0.GA", "product_identification_helper": { "cpe": "cpe:/a:redhat:enterprise_linux:8::appstream" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux BaseOS (v. 8)", "product": { "name": "Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.2.0.GA", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:8::baseos" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "lemon-0:3.26.0-6.el8.ppc64le", "product": { "name": "lemon-0:3.26.0-6.el8.ppc64le", "product_id": "lemon-0:3.26.0-6.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/lemon@3.26.0-6.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "sqlite-debugsource-0:3.26.0-6.el8.ppc64le", "product": { "name": "sqlite-debugsource-0:3.26.0-6.el8.ppc64le", "product_id": "sqlite-debugsource-0:3.26.0-6.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/sqlite-debugsource@3.26.0-6.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "lemon-debuginfo-0:3.26.0-6.el8.ppc64le", "product": { "name": "lemon-debuginfo-0:3.26.0-6.el8.ppc64le", "product_id": "lemon-debuginfo-0:3.26.0-6.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/lemon-debuginfo@3.26.0-6.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "sqlite-analyzer-debuginfo-0:3.26.0-6.el8.ppc64le", "product": { "name": "sqlite-analyzer-debuginfo-0:3.26.0-6.el8.ppc64le", "product_id": "sqlite-analyzer-debuginfo-0:3.26.0-6.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/sqlite-analyzer-debuginfo@3.26.0-6.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "sqlite-debuginfo-0:3.26.0-6.el8.ppc64le", "product": { "name": "sqlite-debuginfo-0:3.26.0-6.el8.ppc64le", "product_id": "sqlite-debuginfo-0:3.26.0-6.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/sqlite-debuginfo@3.26.0-6.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "sqlite-libs-debuginfo-0:3.26.0-6.el8.ppc64le", "product": { "name": "sqlite-libs-debuginfo-0:3.26.0-6.el8.ppc64le", "product_id": "sqlite-libs-debuginfo-0:3.26.0-6.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/sqlite-libs-debuginfo@3.26.0-6.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "sqlite-tcl-debuginfo-0:3.26.0-6.el8.ppc64le", "product": { "name": "sqlite-tcl-debuginfo-0:3.26.0-6.el8.ppc64le", "product_id": "sqlite-tcl-debuginfo-0:3.26.0-6.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/sqlite-tcl-debuginfo@3.26.0-6.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "sqlite-0:3.26.0-6.el8.ppc64le", "product": { "name": "sqlite-0:3.26.0-6.el8.ppc64le", "product_id": "sqlite-0:3.26.0-6.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/sqlite@3.26.0-6.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "sqlite-devel-0:3.26.0-6.el8.ppc64le", "product": { "name": "sqlite-devel-0:3.26.0-6.el8.ppc64le", "product_id": "sqlite-devel-0:3.26.0-6.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/sqlite-devel@3.26.0-6.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "sqlite-libs-0:3.26.0-6.el8.ppc64le", "product": { "name": "sqlite-libs-0:3.26.0-6.el8.ppc64le", "product_id": "sqlite-libs-0:3.26.0-6.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/sqlite-libs@3.26.0-6.el8?arch=ppc64le" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "lemon-0:3.26.0-6.el8.s390x", "product": { "name": "lemon-0:3.26.0-6.el8.s390x", "product_id": "lemon-0:3.26.0-6.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/lemon@3.26.0-6.el8?arch=s390x" } } }, { "category": "product_version", "name": "sqlite-debugsource-0:3.26.0-6.el8.s390x", "product": { "name": "sqlite-debugsource-0:3.26.0-6.el8.s390x", "product_id": "sqlite-debugsource-0:3.26.0-6.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/sqlite-debugsource@3.26.0-6.el8?arch=s390x" } } }, { "category": "product_version", "name": "lemon-debuginfo-0:3.26.0-6.el8.s390x", "product": { "name": "lemon-debuginfo-0:3.26.0-6.el8.s390x", "product_id": "lemon-debuginfo-0:3.26.0-6.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/lemon-debuginfo@3.26.0-6.el8?arch=s390x" } } }, { "category": "product_version", "name": "sqlite-analyzer-debuginfo-0:3.26.0-6.el8.s390x", "product": { "name": "sqlite-analyzer-debuginfo-0:3.26.0-6.el8.s390x", "product_id": "sqlite-analyzer-debuginfo-0:3.26.0-6.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/sqlite-analyzer-debuginfo@3.26.0-6.el8?arch=s390x" } } }, { "category": "product_version", "name": "sqlite-debuginfo-0:3.26.0-6.el8.s390x", "product": { "name": "sqlite-debuginfo-0:3.26.0-6.el8.s390x", "product_id": "sqlite-debuginfo-0:3.26.0-6.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/sqlite-debuginfo@3.26.0-6.el8?arch=s390x" } } }, { "category": "product_version", "name": "sqlite-libs-debuginfo-0:3.26.0-6.el8.s390x", "product": { "name": "sqlite-libs-debuginfo-0:3.26.0-6.el8.s390x", "product_id": "sqlite-libs-debuginfo-0:3.26.0-6.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/sqlite-libs-debuginfo@3.26.0-6.el8?arch=s390x" } } }, { "category": "product_version", "name": "sqlite-tcl-debuginfo-0:3.26.0-6.el8.s390x", "product": { "name": "sqlite-tcl-debuginfo-0:3.26.0-6.el8.s390x", "product_id": "sqlite-tcl-debuginfo-0:3.26.0-6.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/sqlite-tcl-debuginfo@3.26.0-6.el8?arch=s390x" } } }, { "category": "product_version", "name": "sqlite-0:3.26.0-6.el8.s390x", "product": { "name": "sqlite-0:3.26.0-6.el8.s390x", "product_id": "sqlite-0:3.26.0-6.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/sqlite@3.26.0-6.el8?arch=s390x" } } }, { "category": "product_version", "name": "sqlite-devel-0:3.26.0-6.el8.s390x", "product": { "name": "sqlite-devel-0:3.26.0-6.el8.s390x", "product_id": "sqlite-devel-0:3.26.0-6.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/sqlite-devel@3.26.0-6.el8?arch=s390x" } } }, { "category": "product_version", "name": "sqlite-libs-0:3.26.0-6.el8.s390x", "product": { "name": "sqlite-libs-0:3.26.0-6.el8.s390x", "product_id": "sqlite-libs-0:3.26.0-6.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/sqlite-libs@3.26.0-6.el8?arch=s390x" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "lemon-0:3.26.0-6.el8.x86_64", "product": { "name": "lemon-0:3.26.0-6.el8.x86_64", "product_id": "lemon-0:3.26.0-6.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/lemon@3.26.0-6.el8?arch=x86_64" } } }, { "category": "product_version", "name": "sqlite-debugsource-0:3.26.0-6.el8.x86_64", "product": { "name": "sqlite-debugsource-0:3.26.0-6.el8.x86_64", "product_id": "sqlite-debugsource-0:3.26.0-6.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/sqlite-debugsource@3.26.0-6.el8?arch=x86_64" } } }, { "category": "product_version", "name": "lemon-debuginfo-0:3.26.0-6.el8.x86_64", "product": { "name": "lemon-debuginfo-0:3.26.0-6.el8.x86_64", "product_id": "lemon-debuginfo-0:3.26.0-6.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/lemon-debuginfo@3.26.0-6.el8?arch=x86_64" } } }, { "category": "product_version", "name": "sqlite-analyzer-debuginfo-0:3.26.0-6.el8.x86_64", "product": { "name": "sqlite-analyzer-debuginfo-0:3.26.0-6.el8.x86_64", "product_id": "sqlite-analyzer-debuginfo-0:3.26.0-6.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/sqlite-analyzer-debuginfo@3.26.0-6.el8?arch=x86_64" } } }, { "category": "product_version", "name": "sqlite-debuginfo-0:3.26.0-6.el8.x86_64", "product": { "name": "sqlite-debuginfo-0:3.26.0-6.el8.x86_64", "product_id": "sqlite-debuginfo-0:3.26.0-6.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/sqlite-debuginfo@3.26.0-6.el8?arch=x86_64" } } }, { "category": "product_version", "name": "sqlite-libs-debuginfo-0:3.26.0-6.el8.x86_64", "product": { "name": "sqlite-libs-debuginfo-0:3.26.0-6.el8.x86_64", "product_id": "sqlite-libs-debuginfo-0:3.26.0-6.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/sqlite-libs-debuginfo@3.26.0-6.el8?arch=x86_64" } } }, { "category": "product_version", "name": "sqlite-tcl-debuginfo-0:3.26.0-6.el8.x86_64", "product": { "name": "sqlite-tcl-debuginfo-0:3.26.0-6.el8.x86_64", "product_id": "sqlite-tcl-debuginfo-0:3.26.0-6.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/sqlite-tcl-debuginfo@3.26.0-6.el8?arch=x86_64" } } }, { "category": "product_version", "name": "sqlite-0:3.26.0-6.el8.x86_64", "product": { "name": "sqlite-0:3.26.0-6.el8.x86_64", "product_id": "sqlite-0:3.26.0-6.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/sqlite@3.26.0-6.el8?arch=x86_64" } } }, { "category": "product_version", "name": "sqlite-devel-0:3.26.0-6.el8.x86_64", "product": { "name": "sqlite-devel-0:3.26.0-6.el8.x86_64", "product_id": "sqlite-devel-0:3.26.0-6.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/sqlite-devel@3.26.0-6.el8?arch=x86_64" } } }, { "category": "product_version", "name": "sqlite-libs-0:3.26.0-6.el8.x86_64", "product": { "name": "sqlite-libs-0:3.26.0-6.el8.x86_64", "product_id": "sqlite-libs-0:3.26.0-6.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/sqlite-libs@3.26.0-6.el8?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "lemon-0:3.26.0-6.el8.aarch64", "product": { "name": "lemon-0:3.26.0-6.el8.aarch64", "product_id": "lemon-0:3.26.0-6.el8.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/lemon@3.26.0-6.el8?arch=aarch64" } } }, { "category": "product_version", "name": "sqlite-debugsource-0:3.26.0-6.el8.aarch64", "product": { "name": "sqlite-debugsource-0:3.26.0-6.el8.aarch64", "product_id": "sqlite-debugsource-0:3.26.0-6.el8.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/sqlite-debugsource@3.26.0-6.el8?arch=aarch64" } } }, { "category": "product_version", "name": "lemon-debuginfo-0:3.26.0-6.el8.aarch64", "product": { "name": "lemon-debuginfo-0:3.26.0-6.el8.aarch64", "product_id": "lemon-debuginfo-0:3.26.0-6.el8.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/lemon-debuginfo@3.26.0-6.el8?arch=aarch64" } } }, { "category": "product_version", "name": "sqlite-analyzer-debuginfo-0:3.26.0-6.el8.aarch64", "product": { "name": "sqlite-analyzer-debuginfo-0:3.26.0-6.el8.aarch64", "product_id": "sqlite-analyzer-debuginfo-0:3.26.0-6.el8.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/sqlite-analyzer-debuginfo@3.26.0-6.el8?arch=aarch64" } } }, { "category": "product_version", "name": "sqlite-debuginfo-0:3.26.0-6.el8.aarch64", "product": { "name": "sqlite-debuginfo-0:3.26.0-6.el8.aarch64", "product_id": "sqlite-debuginfo-0:3.26.0-6.el8.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/sqlite-debuginfo@3.26.0-6.el8?arch=aarch64" } } }, { "category": "product_version", "name": "sqlite-libs-debuginfo-0:3.26.0-6.el8.aarch64", "product": { "name": "sqlite-libs-debuginfo-0:3.26.0-6.el8.aarch64", "product_id": "sqlite-libs-debuginfo-0:3.26.0-6.el8.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/sqlite-libs-debuginfo@3.26.0-6.el8?arch=aarch64" } } }, { "category": "product_version", "name": "sqlite-tcl-debuginfo-0:3.26.0-6.el8.aarch64", "product": { "name": "sqlite-tcl-debuginfo-0:3.26.0-6.el8.aarch64", "product_id": "sqlite-tcl-debuginfo-0:3.26.0-6.el8.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/sqlite-tcl-debuginfo@3.26.0-6.el8?arch=aarch64" } } }, { "category": "product_version", "name": "sqlite-0:3.26.0-6.el8.aarch64", "product": { "name": "sqlite-0:3.26.0-6.el8.aarch64", "product_id": "sqlite-0:3.26.0-6.el8.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/sqlite@3.26.0-6.el8?arch=aarch64" } } }, { "category": "product_version", "name": "sqlite-devel-0:3.26.0-6.el8.aarch64", "product": { "name": "sqlite-devel-0:3.26.0-6.el8.aarch64", "product_id": "sqlite-devel-0:3.26.0-6.el8.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/sqlite-devel@3.26.0-6.el8?arch=aarch64" } } }, { "category": "product_version", "name": "sqlite-libs-0:3.26.0-6.el8.aarch64", "product": { "name": "sqlite-libs-0:3.26.0-6.el8.aarch64", "product_id": "sqlite-libs-0:3.26.0-6.el8.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/sqlite-libs@3.26.0-6.el8?arch=aarch64" } } } ], "category": "architecture", "name": "aarch64" }, { "branches": [ { "category": "product_version", "name": "sqlite-0:3.26.0-6.el8.i686", "product": { "name": "sqlite-0:3.26.0-6.el8.i686", "product_id": "sqlite-0:3.26.0-6.el8.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/sqlite@3.26.0-6.el8?arch=i686" } } }, { "category": "product_version", "name": "sqlite-devel-0:3.26.0-6.el8.i686", "product": { "name": "sqlite-devel-0:3.26.0-6.el8.i686", "product_id": "sqlite-devel-0:3.26.0-6.el8.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/sqlite-devel@3.26.0-6.el8?arch=i686" } } }, { "category": "product_version", "name": "sqlite-libs-0:3.26.0-6.el8.i686", "product": { "name": "sqlite-libs-0:3.26.0-6.el8.i686", "product_id": "sqlite-libs-0:3.26.0-6.el8.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/sqlite-libs@3.26.0-6.el8?arch=i686" } } }, { "category": "product_version", "name": "sqlite-debugsource-0:3.26.0-6.el8.i686", "product": { "name": "sqlite-debugsource-0:3.26.0-6.el8.i686", "product_id": "sqlite-debugsource-0:3.26.0-6.el8.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/sqlite-debugsource@3.26.0-6.el8?arch=i686" } } }, { "category": "product_version", "name": "lemon-debuginfo-0:3.26.0-6.el8.i686", "product": { "name": "lemon-debuginfo-0:3.26.0-6.el8.i686", "product_id": "lemon-debuginfo-0:3.26.0-6.el8.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/lemon-debuginfo@3.26.0-6.el8?arch=i686" } } }, { "category": "product_version", "name": "sqlite-analyzer-debuginfo-0:3.26.0-6.el8.i686", "product": { "name": "sqlite-analyzer-debuginfo-0:3.26.0-6.el8.i686", "product_id": "sqlite-analyzer-debuginfo-0:3.26.0-6.el8.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/sqlite-analyzer-debuginfo@3.26.0-6.el8?arch=i686" } } }, { "category": "product_version", "name": "sqlite-debuginfo-0:3.26.0-6.el8.i686", "product": { "name": "sqlite-debuginfo-0:3.26.0-6.el8.i686", "product_id": "sqlite-debuginfo-0:3.26.0-6.el8.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/sqlite-debuginfo@3.26.0-6.el8?arch=i686" } } }, { "category": "product_version", "name": "sqlite-libs-debuginfo-0:3.26.0-6.el8.i686", "product": { "name": "sqlite-libs-debuginfo-0:3.26.0-6.el8.i686", "product_id": "sqlite-libs-debuginfo-0:3.26.0-6.el8.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/sqlite-libs-debuginfo@3.26.0-6.el8?arch=i686" } } }, { "category": "product_version", "name": "sqlite-tcl-debuginfo-0:3.26.0-6.el8.i686", "product": { "name": "sqlite-tcl-debuginfo-0:3.26.0-6.el8.i686", "product_id": "sqlite-tcl-debuginfo-0:3.26.0-6.el8.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/sqlite-tcl-debuginfo@3.26.0-6.el8?arch=i686" } } } ], "category": "architecture", "name": "i686" }, { "branches": [ { "category": "product_version", "name": "sqlite-0:3.26.0-6.el8.src", "product": { "name": "sqlite-0:3.26.0-6.el8.src", "product_id": "sqlite-0:3.26.0-6.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/sqlite@3.26.0-6.el8?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "sqlite-doc-0:3.26.0-6.el8.noarch", "product": { "name": "sqlite-doc-0:3.26.0-6.el8.noarch", "product_id": "sqlite-doc-0:3.26.0-6.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/sqlite-doc@3.26.0-6.el8?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "lemon-0:3.26.0-6.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.2.0.GA:lemon-0:3.26.0-6.el8.aarch64" }, "product_reference": "lemon-0:3.26.0-6.el8.aarch64", "relates_to_product_reference": "AppStream-8.2.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "lemon-0:3.26.0-6.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.2.0.GA:lemon-0:3.26.0-6.el8.ppc64le" }, "product_reference": "lemon-0:3.26.0-6.el8.ppc64le", "relates_to_product_reference": "AppStream-8.2.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "lemon-0:3.26.0-6.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.2.0.GA:lemon-0:3.26.0-6.el8.s390x" }, "product_reference": "lemon-0:3.26.0-6.el8.s390x", "relates_to_product_reference": "AppStream-8.2.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "lemon-0:3.26.0-6.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.2.0.GA:lemon-0:3.26.0-6.el8.x86_64" }, "product_reference": "lemon-0:3.26.0-6.el8.x86_64", "relates_to_product_reference": "AppStream-8.2.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "lemon-debuginfo-0:3.26.0-6.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.aarch64" }, "product_reference": "lemon-debuginfo-0:3.26.0-6.el8.aarch64", "relates_to_product_reference": "AppStream-8.2.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "lemon-debuginfo-0:3.26.0-6.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.i686" }, "product_reference": "lemon-debuginfo-0:3.26.0-6.el8.i686", "relates_to_product_reference": "AppStream-8.2.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "lemon-debuginfo-0:3.26.0-6.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.ppc64le" }, "product_reference": "lemon-debuginfo-0:3.26.0-6.el8.ppc64le", "relates_to_product_reference": "AppStream-8.2.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "lemon-debuginfo-0:3.26.0-6.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.s390x" }, "product_reference": "lemon-debuginfo-0:3.26.0-6.el8.s390x", "relates_to_product_reference": "AppStream-8.2.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "lemon-debuginfo-0:3.26.0-6.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.x86_64" }, "product_reference": "lemon-debuginfo-0:3.26.0-6.el8.x86_64", "relates_to_product_reference": "AppStream-8.2.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "sqlite-0:3.26.0-6.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.aarch64" }, "product_reference": "sqlite-0:3.26.0-6.el8.aarch64", "relates_to_product_reference": "AppStream-8.2.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "sqlite-0:3.26.0-6.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.i686" }, "product_reference": "sqlite-0:3.26.0-6.el8.i686", "relates_to_product_reference": "AppStream-8.2.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "sqlite-0:3.26.0-6.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.ppc64le" }, "product_reference": "sqlite-0:3.26.0-6.el8.ppc64le", "relates_to_product_reference": "AppStream-8.2.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "sqlite-0:3.26.0-6.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.s390x" }, "product_reference": "sqlite-0:3.26.0-6.el8.s390x", "relates_to_product_reference": "AppStream-8.2.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "sqlite-0:3.26.0-6.el8.src as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.src" }, "product_reference": "sqlite-0:3.26.0-6.el8.src", "relates_to_product_reference": "AppStream-8.2.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "sqlite-0:3.26.0-6.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.x86_64" }, "product_reference": "sqlite-0:3.26.0-6.el8.x86_64", "relates_to_product_reference": "AppStream-8.2.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "sqlite-analyzer-debuginfo-0:3.26.0-6.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.aarch64" }, "product_reference": "sqlite-analyzer-debuginfo-0:3.26.0-6.el8.aarch64", "relates_to_product_reference": "AppStream-8.2.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "sqlite-analyzer-debuginfo-0:3.26.0-6.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.i686" }, "product_reference": "sqlite-analyzer-debuginfo-0:3.26.0-6.el8.i686", "relates_to_product_reference": "AppStream-8.2.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "sqlite-analyzer-debuginfo-0:3.26.0-6.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.ppc64le" }, "product_reference": "sqlite-analyzer-debuginfo-0:3.26.0-6.el8.ppc64le", "relates_to_product_reference": "AppStream-8.2.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "sqlite-analyzer-debuginfo-0:3.26.0-6.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.s390x" }, "product_reference": "sqlite-analyzer-debuginfo-0:3.26.0-6.el8.s390x", "relates_to_product_reference": "AppStream-8.2.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "sqlite-analyzer-debuginfo-0:3.26.0-6.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.x86_64" }, "product_reference": "sqlite-analyzer-debuginfo-0:3.26.0-6.el8.x86_64", "relates_to_product_reference": "AppStream-8.2.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "sqlite-debuginfo-0:3.26.0-6.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.aarch64" }, "product_reference": "sqlite-debuginfo-0:3.26.0-6.el8.aarch64", "relates_to_product_reference": "AppStream-8.2.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "sqlite-debuginfo-0:3.26.0-6.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.i686" }, "product_reference": "sqlite-debuginfo-0:3.26.0-6.el8.i686", "relates_to_product_reference": "AppStream-8.2.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "sqlite-debuginfo-0:3.26.0-6.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.ppc64le" }, "product_reference": "sqlite-debuginfo-0:3.26.0-6.el8.ppc64le", "relates_to_product_reference": "AppStream-8.2.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "sqlite-debuginfo-0:3.26.0-6.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.s390x" }, "product_reference": "sqlite-debuginfo-0:3.26.0-6.el8.s390x", "relates_to_product_reference": "AppStream-8.2.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "sqlite-debuginfo-0:3.26.0-6.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.x86_64" }, "product_reference": "sqlite-debuginfo-0:3.26.0-6.el8.x86_64", "relates_to_product_reference": "AppStream-8.2.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "sqlite-debugsource-0:3.26.0-6.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.aarch64" }, "product_reference": "sqlite-debugsource-0:3.26.0-6.el8.aarch64", "relates_to_product_reference": "AppStream-8.2.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "sqlite-debugsource-0:3.26.0-6.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.i686" }, "product_reference": "sqlite-debugsource-0:3.26.0-6.el8.i686", "relates_to_product_reference": "AppStream-8.2.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "sqlite-debugsource-0:3.26.0-6.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.ppc64le" }, "product_reference": "sqlite-debugsource-0:3.26.0-6.el8.ppc64le", "relates_to_product_reference": "AppStream-8.2.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "sqlite-debugsource-0:3.26.0-6.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.s390x" }, "product_reference": "sqlite-debugsource-0:3.26.0-6.el8.s390x", "relates_to_product_reference": "AppStream-8.2.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "sqlite-debugsource-0:3.26.0-6.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.x86_64" }, "product_reference": "sqlite-debugsource-0:3.26.0-6.el8.x86_64", "relates_to_product_reference": "AppStream-8.2.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "sqlite-devel-0:3.26.0-6.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.aarch64" }, "product_reference": "sqlite-devel-0:3.26.0-6.el8.aarch64", "relates_to_product_reference": "AppStream-8.2.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "sqlite-devel-0:3.26.0-6.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.i686" }, "product_reference": "sqlite-devel-0:3.26.0-6.el8.i686", "relates_to_product_reference": "AppStream-8.2.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "sqlite-devel-0:3.26.0-6.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.ppc64le" }, "product_reference": "sqlite-devel-0:3.26.0-6.el8.ppc64le", "relates_to_product_reference": "AppStream-8.2.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "sqlite-devel-0:3.26.0-6.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.s390x" }, "product_reference": "sqlite-devel-0:3.26.0-6.el8.s390x", "relates_to_product_reference": "AppStream-8.2.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "sqlite-devel-0:3.26.0-6.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.x86_64" }, "product_reference": "sqlite-devel-0:3.26.0-6.el8.x86_64", "relates_to_product_reference": "AppStream-8.2.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "sqlite-doc-0:3.26.0-6.el8.noarch as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.2.0.GA:sqlite-doc-0:3.26.0-6.el8.noarch" }, "product_reference": "sqlite-doc-0:3.26.0-6.el8.noarch", "relates_to_product_reference": "AppStream-8.2.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "sqlite-libs-0:3.26.0-6.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.aarch64" }, "product_reference": "sqlite-libs-0:3.26.0-6.el8.aarch64", "relates_to_product_reference": "AppStream-8.2.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "sqlite-libs-0:3.26.0-6.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.i686" }, "product_reference": "sqlite-libs-0:3.26.0-6.el8.i686", "relates_to_product_reference": "AppStream-8.2.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "sqlite-libs-0:3.26.0-6.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.ppc64le" }, "product_reference": "sqlite-libs-0:3.26.0-6.el8.ppc64le", "relates_to_product_reference": "AppStream-8.2.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "sqlite-libs-0:3.26.0-6.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.s390x" }, "product_reference": "sqlite-libs-0:3.26.0-6.el8.s390x", "relates_to_product_reference": "AppStream-8.2.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "sqlite-libs-0:3.26.0-6.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.x86_64" }, "product_reference": "sqlite-libs-0:3.26.0-6.el8.x86_64", "relates_to_product_reference": "AppStream-8.2.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "sqlite-libs-debuginfo-0:3.26.0-6.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.aarch64" }, "product_reference": "sqlite-libs-debuginfo-0:3.26.0-6.el8.aarch64", "relates_to_product_reference": "AppStream-8.2.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "sqlite-libs-debuginfo-0:3.26.0-6.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.i686" }, "product_reference": "sqlite-libs-debuginfo-0:3.26.0-6.el8.i686", "relates_to_product_reference": "AppStream-8.2.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "sqlite-libs-debuginfo-0:3.26.0-6.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.ppc64le" }, "product_reference": "sqlite-libs-debuginfo-0:3.26.0-6.el8.ppc64le", "relates_to_product_reference": "AppStream-8.2.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "sqlite-libs-debuginfo-0:3.26.0-6.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.s390x" }, "product_reference": "sqlite-libs-debuginfo-0:3.26.0-6.el8.s390x", "relates_to_product_reference": "AppStream-8.2.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "sqlite-libs-debuginfo-0:3.26.0-6.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.x86_64" }, "product_reference": "sqlite-libs-debuginfo-0:3.26.0-6.el8.x86_64", "relates_to_product_reference": "AppStream-8.2.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "sqlite-tcl-debuginfo-0:3.26.0-6.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.aarch64" }, "product_reference": "sqlite-tcl-debuginfo-0:3.26.0-6.el8.aarch64", "relates_to_product_reference": "AppStream-8.2.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "sqlite-tcl-debuginfo-0:3.26.0-6.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.i686" }, "product_reference": "sqlite-tcl-debuginfo-0:3.26.0-6.el8.i686", "relates_to_product_reference": "AppStream-8.2.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "sqlite-tcl-debuginfo-0:3.26.0-6.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.ppc64le" }, "product_reference": "sqlite-tcl-debuginfo-0:3.26.0-6.el8.ppc64le", "relates_to_product_reference": "AppStream-8.2.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "sqlite-tcl-debuginfo-0:3.26.0-6.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.s390x" }, "product_reference": "sqlite-tcl-debuginfo-0:3.26.0-6.el8.s390x", "relates_to_product_reference": "AppStream-8.2.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "sqlite-tcl-debuginfo-0:3.26.0-6.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.x86_64" }, "product_reference": "sqlite-tcl-debuginfo-0:3.26.0-6.el8.x86_64", "relates_to_product_reference": "AppStream-8.2.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "lemon-0:3.26.0-6.el8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.2.0.GA:lemon-0:3.26.0-6.el8.aarch64" }, "product_reference": "lemon-0:3.26.0-6.el8.aarch64", "relates_to_product_reference": "BaseOS-8.2.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "lemon-0:3.26.0-6.el8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.2.0.GA:lemon-0:3.26.0-6.el8.ppc64le" }, "product_reference": "lemon-0:3.26.0-6.el8.ppc64le", "relates_to_product_reference": "BaseOS-8.2.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "lemon-0:3.26.0-6.el8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.2.0.GA:lemon-0:3.26.0-6.el8.s390x" }, "product_reference": "lemon-0:3.26.0-6.el8.s390x", "relates_to_product_reference": "BaseOS-8.2.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "lemon-0:3.26.0-6.el8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.2.0.GA:lemon-0:3.26.0-6.el8.x86_64" }, "product_reference": "lemon-0:3.26.0-6.el8.x86_64", "relates_to_product_reference": "BaseOS-8.2.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "lemon-debuginfo-0:3.26.0-6.el8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.aarch64" }, "product_reference": "lemon-debuginfo-0:3.26.0-6.el8.aarch64", "relates_to_product_reference": "BaseOS-8.2.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "lemon-debuginfo-0:3.26.0-6.el8.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.i686" }, "product_reference": "lemon-debuginfo-0:3.26.0-6.el8.i686", "relates_to_product_reference": "BaseOS-8.2.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "lemon-debuginfo-0:3.26.0-6.el8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.ppc64le" }, "product_reference": "lemon-debuginfo-0:3.26.0-6.el8.ppc64le", "relates_to_product_reference": "BaseOS-8.2.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "lemon-debuginfo-0:3.26.0-6.el8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.s390x" }, "product_reference": "lemon-debuginfo-0:3.26.0-6.el8.s390x", "relates_to_product_reference": "BaseOS-8.2.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "lemon-debuginfo-0:3.26.0-6.el8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.x86_64" }, "product_reference": "lemon-debuginfo-0:3.26.0-6.el8.x86_64", "relates_to_product_reference": "BaseOS-8.2.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "sqlite-0:3.26.0-6.el8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.aarch64" }, "product_reference": "sqlite-0:3.26.0-6.el8.aarch64", "relates_to_product_reference": "BaseOS-8.2.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "sqlite-0:3.26.0-6.el8.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.i686" }, "product_reference": "sqlite-0:3.26.0-6.el8.i686", "relates_to_product_reference": "BaseOS-8.2.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "sqlite-0:3.26.0-6.el8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.ppc64le" }, "product_reference": "sqlite-0:3.26.0-6.el8.ppc64le", "relates_to_product_reference": "BaseOS-8.2.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "sqlite-0:3.26.0-6.el8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.s390x" }, "product_reference": "sqlite-0:3.26.0-6.el8.s390x", "relates_to_product_reference": "BaseOS-8.2.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "sqlite-0:3.26.0-6.el8.src as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.src" }, "product_reference": "sqlite-0:3.26.0-6.el8.src", "relates_to_product_reference": "BaseOS-8.2.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "sqlite-0:3.26.0-6.el8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.x86_64" }, "product_reference": "sqlite-0:3.26.0-6.el8.x86_64", "relates_to_product_reference": "BaseOS-8.2.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "sqlite-analyzer-debuginfo-0:3.26.0-6.el8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.aarch64" }, "product_reference": "sqlite-analyzer-debuginfo-0:3.26.0-6.el8.aarch64", "relates_to_product_reference": "BaseOS-8.2.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "sqlite-analyzer-debuginfo-0:3.26.0-6.el8.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.i686" }, "product_reference": "sqlite-analyzer-debuginfo-0:3.26.0-6.el8.i686", "relates_to_product_reference": "BaseOS-8.2.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "sqlite-analyzer-debuginfo-0:3.26.0-6.el8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.ppc64le" }, "product_reference": "sqlite-analyzer-debuginfo-0:3.26.0-6.el8.ppc64le", "relates_to_product_reference": "BaseOS-8.2.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "sqlite-analyzer-debuginfo-0:3.26.0-6.el8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.s390x" }, "product_reference": "sqlite-analyzer-debuginfo-0:3.26.0-6.el8.s390x", "relates_to_product_reference": "BaseOS-8.2.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "sqlite-analyzer-debuginfo-0:3.26.0-6.el8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.x86_64" }, "product_reference": "sqlite-analyzer-debuginfo-0:3.26.0-6.el8.x86_64", "relates_to_product_reference": "BaseOS-8.2.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "sqlite-debuginfo-0:3.26.0-6.el8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.aarch64" }, "product_reference": "sqlite-debuginfo-0:3.26.0-6.el8.aarch64", "relates_to_product_reference": "BaseOS-8.2.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "sqlite-debuginfo-0:3.26.0-6.el8.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.i686" }, "product_reference": "sqlite-debuginfo-0:3.26.0-6.el8.i686", "relates_to_product_reference": "BaseOS-8.2.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "sqlite-debuginfo-0:3.26.0-6.el8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.ppc64le" }, "product_reference": "sqlite-debuginfo-0:3.26.0-6.el8.ppc64le", "relates_to_product_reference": "BaseOS-8.2.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "sqlite-debuginfo-0:3.26.0-6.el8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.s390x" }, "product_reference": "sqlite-debuginfo-0:3.26.0-6.el8.s390x", "relates_to_product_reference": "BaseOS-8.2.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "sqlite-debuginfo-0:3.26.0-6.el8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.x86_64" }, "product_reference": "sqlite-debuginfo-0:3.26.0-6.el8.x86_64", "relates_to_product_reference": "BaseOS-8.2.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "sqlite-debugsource-0:3.26.0-6.el8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.aarch64" }, "product_reference": "sqlite-debugsource-0:3.26.0-6.el8.aarch64", "relates_to_product_reference": "BaseOS-8.2.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "sqlite-debugsource-0:3.26.0-6.el8.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.i686" }, "product_reference": "sqlite-debugsource-0:3.26.0-6.el8.i686", "relates_to_product_reference": "BaseOS-8.2.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "sqlite-debugsource-0:3.26.0-6.el8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.ppc64le" }, "product_reference": "sqlite-debugsource-0:3.26.0-6.el8.ppc64le", "relates_to_product_reference": "BaseOS-8.2.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "sqlite-debugsource-0:3.26.0-6.el8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.s390x" }, "product_reference": "sqlite-debugsource-0:3.26.0-6.el8.s390x", "relates_to_product_reference": "BaseOS-8.2.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "sqlite-debugsource-0:3.26.0-6.el8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.x86_64" }, "product_reference": "sqlite-debugsource-0:3.26.0-6.el8.x86_64", "relates_to_product_reference": "BaseOS-8.2.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "sqlite-devel-0:3.26.0-6.el8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.aarch64" }, "product_reference": "sqlite-devel-0:3.26.0-6.el8.aarch64", "relates_to_product_reference": "BaseOS-8.2.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "sqlite-devel-0:3.26.0-6.el8.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.i686" }, "product_reference": "sqlite-devel-0:3.26.0-6.el8.i686", "relates_to_product_reference": "BaseOS-8.2.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "sqlite-devel-0:3.26.0-6.el8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.ppc64le" }, "product_reference": "sqlite-devel-0:3.26.0-6.el8.ppc64le", "relates_to_product_reference": "BaseOS-8.2.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "sqlite-devel-0:3.26.0-6.el8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.s390x" }, "product_reference": "sqlite-devel-0:3.26.0-6.el8.s390x", "relates_to_product_reference": "BaseOS-8.2.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "sqlite-devel-0:3.26.0-6.el8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.x86_64" }, "product_reference": "sqlite-devel-0:3.26.0-6.el8.x86_64", "relates_to_product_reference": "BaseOS-8.2.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "sqlite-doc-0:3.26.0-6.el8.noarch as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.2.0.GA:sqlite-doc-0:3.26.0-6.el8.noarch" }, "product_reference": "sqlite-doc-0:3.26.0-6.el8.noarch", "relates_to_product_reference": "BaseOS-8.2.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "sqlite-libs-0:3.26.0-6.el8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.aarch64" }, "product_reference": "sqlite-libs-0:3.26.0-6.el8.aarch64", "relates_to_product_reference": "BaseOS-8.2.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "sqlite-libs-0:3.26.0-6.el8.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.i686" }, "product_reference": "sqlite-libs-0:3.26.0-6.el8.i686", "relates_to_product_reference": "BaseOS-8.2.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "sqlite-libs-0:3.26.0-6.el8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.ppc64le" }, "product_reference": "sqlite-libs-0:3.26.0-6.el8.ppc64le", "relates_to_product_reference": "BaseOS-8.2.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "sqlite-libs-0:3.26.0-6.el8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.s390x" }, "product_reference": "sqlite-libs-0:3.26.0-6.el8.s390x", "relates_to_product_reference": "BaseOS-8.2.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "sqlite-libs-0:3.26.0-6.el8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.x86_64" }, "product_reference": "sqlite-libs-0:3.26.0-6.el8.x86_64", "relates_to_product_reference": "BaseOS-8.2.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "sqlite-libs-debuginfo-0:3.26.0-6.el8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.aarch64" }, "product_reference": "sqlite-libs-debuginfo-0:3.26.0-6.el8.aarch64", "relates_to_product_reference": "BaseOS-8.2.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "sqlite-libs-debuginfo-0:3.26.0-6.el8.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.i686" }, "product_reference": "sqlite-libs-debuginfo-0:3.26.0-6.el8.i686", "relates_to_product_reference": "BaseOS-8.2.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "sqlite-libs-debuginfo-0:3.26.0-6.el8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.ppc64le" }, "product_reference": "sqlite-libs-debuginfo-0:3.26.0-6.el8.ppc64le", "relates_to_product_reference": "BaseOS-8.2.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "sqlite-libs-debuginfo-0:3.26.0-6.el8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.s390x" }, "product_reference": "sqlite-libs-debuginfo-0:3.26.0-6.el8.s390x", "relates_to_product_reference": "BaseOS-8.2.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "sqlite-libs-debuginfo-0:3.26.0-6.el8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.x86_64" }, "product_reference": "sqlite-libs-debuginfo-0:3.26.0-6.el8.x86_64", "relates_to_product_reference": "BaseOS-8.2.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "sqlite-tcl-debuginfo-0:3.26.0-6.el8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.aarch64" }, "product_reference": "sqlite-tcl-debuginfo-0:3.26.0-6.el8.aarch64", "relates_to_product_reference": "BaseOS-8.2.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "sqlite-tcl-debuginfo-0:3.26.0-6.el8.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.i686" }, "product_reference": "sqlite-tcl-debuginfo-0:3.26.0-6.el8.i686", "relates_to_product_reference": "BaseOS-8.2.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "sqlite-tcl-debuginfo-0:3.26.0-6.el8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.ppc64le" }, "product_reference": "sqlite-tcl-debuginfo-0:3.26.0-6.el8.ppc64le", "relates_to_product_reference": "BaseOS-8.2.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "sqlite-tcl-debuginfo-0:3.26.0-6.el8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.s390x" }, "product_reference": "sqlite-tcl-debuginfo-0:3.26.0-6.el8.s390x", "relates_to_product_reference": "BaseOS-8.2.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "sqlite-tcl-debuginfo-0:3.26.0-6.el8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.x86_64" }, "product_reference": "sqlite-tcl-debuginfo-0:3.26.0-6.el8.x86_64", "relates_to_product_reference": "BaseOS-8.2.0.GA" } ] }, "vulnerabilities": [ { "cve": "CVE-2019-8457", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "discovery_date": "2019-05-31T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1716881" } ], "notes": [ { "category": "description", "text": "SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables.", "title": "Vulnerability description" }, { "category": "summary", "text": "sqlite: heap out-of-bound read in function rtreenode()", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.2.0.GA:lemon-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:lemon-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:lemon-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:lemon-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.src", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-doc-0:3.26.0-6.el8.noarch", "AppStream-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:lemon-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:lemon-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:lemon-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:lemon-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.src", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-doc-0:3.26.0-6.el8.noarch", "BaseOS-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-8457" }, { "category": "external", "summary": "RHBZ#1716881", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1716881" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-8457", "url": "https://www.cve.org/CVERecord?id=CVE-2019-8457" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-8457", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-8457" } ], "release_date": "2019-03-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-04-28T15:49:32+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.2.0.GA:lemon-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:lemon-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:lemon-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:lemon-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.src", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-doc-0:3.26.0-6.el8.noarch", "AppStream-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:lemon-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:lemon-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:lemon-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:lemon-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.src", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-doc-0:3.26.0-6.el8.noarch", "BaseOS-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:1810" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AppStream-8.2.0.GA:lemon-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:lemon-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:lemon-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:lemon-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.src", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-doc-0:3.26.0-6.el8.noarch", "AppStream-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:lemon-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:lemon-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:lemon-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:lemon-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.src", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-doc-0:3.26.0-6.el8.noarch", "BaseOS-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "sqlite: heap out-of-bound read in function rtreenode()" }, { "cve": "CVE-2019-13752", "discovery_date": "2019-12-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1781999" } ], "notes": [ { "category": "description", "text": "Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.", "title": "Vulnerability description" }, { "category": "summary", "text": "sqlite: fts3: improve shadow table corruption detection", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.2.0.GA:lemon-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:lemon-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:lemon-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:lemon-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.src", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-doc-0:3.26.0-6.el8.noarch", "AppStream-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:lemon-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:lemon-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:lemon-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:lemon-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.src", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-doc-0:3.26.0-6.el8.noarch", "BaseOS-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-13752" }, { "category": "external", "summary": "RHBZ#1781999", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781999" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-13752", "url": "https://www.cve.org/CVERecord?id=CVE-2019-13752" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13752", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13752" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html" } ], "release_date": "2019-12-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-04-28T15:49:32+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.2.0.GA:lemon-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:lemon-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:lemon-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:lemon-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.src", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-doc-0:3.26.0-6.el8.noarch", "AppStream-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:lemon-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:lemon-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:lemon-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:lemon-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.src", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-doc-0:3.26.0-6.el8.noarch", "BaseOS-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:1810" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "AppStream-8.2.0.GA:lemon-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:lemon-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:lemon-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:lemon-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.src", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-doc-0:3.26.0-6.el8.noarch", "AppStream-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:lemon-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:lemon-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:lemon-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:lemon-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.src", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-doc-0:3.26.0-6.el8.noarch", "BaseOS-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "sqlite: fts3: improve shadow table corruption detection" }, { "cve": "CVE-2019-13753", "discovery_date": "2019-12-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1782000" } ], "notes": [ { "category": "description", "text": "Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.", "title": "Vulnerability description" }, { "category": "summary", "text": "sqlite: fts3: incorrectly removed corruption check", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.2.0.GA:lemon-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:lemon-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:lemon-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:lemon-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.src", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-doc-0:3.26.0-6.el8.noarch", "AppStream-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:lemon-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:lemon-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:lemon-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:lemon-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.src", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-doc-0:3.26.0-6.el8.noarch", "BaseOS-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-13753" }, { "category": "external", "summary": "RHBZ#1782000", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1782000" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-13753", "url": "https://www.cve.org/CVERecord?id=CVE-2019-13753" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13753", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13753" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html" } ], "release_date": "2019-12-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-04-28T15:49:32+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.2.0.GA:lemon-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:lemon-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:lemon-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:lemon-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.src", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-doc-0:3.26.0-6.el8.noarch", "AppStream-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:lemon-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:lemon-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:lemon-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:lemon-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.src", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-doc-0:3.26.0-6.el8.noarch", "BaseOS-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:1810" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "AppStream-8.2.0.GA:lemon-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:lemon-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:lemon-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:lemon-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.src", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-doc-0:3.26.0-6.el8.noarch", "AppStream-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:lemon-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:lemon-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:lemon-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:lemon-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.src", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-doc-0:3.26.0-6.el8.noarch", "BaseOS-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "sqlite: fts3: incorrectly removed corruption check" }, { "cve": "CVE-2019-19923", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "discovery_date": "2020-01-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1788846" } ], "notes": [ { "category": "description", "text": "flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or incorrect results).", "title": "Vulnerability description" }, { "category": "summary", "text": "sqlite: mishandling of certain uses of SELECT DISTINCT involving a LEFT JOIN in flattenSubquery in select.c leads to a NULL pointer dereference", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.2.0.GA:lemon-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:lemon-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:lemon-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:lemon-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.src", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-doc-0:3.26.0-6.el8.noarch", "AppStream-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:lemon-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:lemon-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:lemon-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:lemon-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.src", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-doc-0:3.26.0-6.el8.noarch", "BaseOS-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-19923" }, { "category": "external", "summary": "RHBZ#1788846", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788846" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-19923", "url": "https://www.cve.org/CVERecord?id=CVE-2019-19923" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-19923", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19923" } ], "release_date": "2020-01-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-04-28T15:49:32+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.2.0.GA:lemon-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:lemon-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:lemon-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:lemon-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.src", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-doc-0:3.26.0-6.el8.noarch", "AppStream-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:lemon-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:lemon-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:lemon-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:lemon-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.src", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-doc-0:3.26.0-6.el8.noarch", "BaseOS-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:1810" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AppStream-8.2.0.GA:lemon-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:lemon-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:lemon-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:lemon-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.src", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-doc-0:3.26.0-6.el8.noarch", "AppStream-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:lemon-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:lemon-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:lemon-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:lemon-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.src", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-doc-0:3.26.0-6.el8.noarch", "BaseOS-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "sqlite: mishandling of certain uses of SELECT DISTINCT involving a LEFT JOIN in flattenSubquery in select.c leads to a NULL pointer dereference" }, { "cve": "CVE-2019-19924", "cwe": { "id": "CWE-391", "name": "Unchecked Error Condition" }, "discovery_date": "2020-01-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1788842" } ], "notes": [ { "category": "description", "text": "SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. This is caused by incorrect sqlite3WindowRewrite() error handling.", "title": "Vulnerability description" }, { "category": "summary", "text": "sqlite: incorrect sqlite3WindowRewrite() error handling leads to mishandling certain parser-tree rewriting", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.2.0.GA:lemon-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:lemon-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:lemon-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:lemon-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.src", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-doc-0:3.26.0-6.el8.noarch", "AppStream-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:lemon-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:lemon-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:lemon-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:lemon-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.src", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-doc-0:3.26.0-6.el8.noarch", "BaseOS-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-19924" }, { "category": "external", "summary": "RHBZ#1788842", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788842" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-19924", "url": "https://www.cve.org/CVERecord?id=CVE-2019-19924" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-19924", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19924" } ], "release_date": "2020-01-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-04-28T15:49:32+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.2.0.GA:lemon-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:lemon-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:lemon-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:lemon-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.src", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-doc-0:3.26.0-6.el8.noarch", "AppStream-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:lemon-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:lemon-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:lemon-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:lemon-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.src", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-doc-0:3.26.0-6.el8.noarch", "BaseOS-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:1810" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "AppStream-8.2.0.GA:lemon-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:lemon-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:lemon-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:lemon-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.src", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-doc-0:3.26.0-6.el8.noarch", "AppStream-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:lemon-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:lemon-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:lemon-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:lemon-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.src", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-doc-0:3.26.0-6.el8.noarch", "BaseOS-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "sqlite: incorrect sqlite3WindowRewrite() error handling leads to mishandling certain parser-tree rewriting" }, { "cve": "CVE-2019-19925", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2020-01-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1788866" } ], "notes": [ { "category": "description", "text": "zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive.", "title": "Vulnerability description" }, { "category": "summary", "text": "sqlite: zipfileUpdate in ext/misc/zipfile.c mishandles a NULL pathname during an update of a ZIP archive", "title": "Vulnerability summary" }, { "category": "other", "text": "The zip extension was introduced in sqlite-3.22.0, therefore previous versions are not affected by this flaw.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.2.0.GA:lemon-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:lemon-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:lemon-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:lemon-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.src", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-doc-0:3.26.0-6.el8.noarch", "AppStream-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:lemon-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:lemon-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:lemon-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:lemon-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.src", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-doc-0:3.26.0-6.el8.noarch", "BaseOS-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-19925" }, { "category": "external", "summary": "RHBZ#1788866", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788866" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-19925", "url": "https://www.cve.org/CVERecord?id=CVE-2019-19925" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-19925", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19925" } ], "release_date": "2020-01-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-04-28T15:49:32+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.2.0.GA:lemon-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:lemon-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:lemon-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:lemon-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.src", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-doc-0:3.26.0-6.el8.noarch", "AppStream-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:lemon-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:lemon-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:lemon-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:lemon-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.src", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-doc-0:3.26.0-6.el8.noarch", "BaseOS-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:1810" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AppStream-8.2.0.GA:lemon-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:lemon-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:lemon-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:lemon-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.src", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-doc-0:3.26.0-6.el8.noarch", "AppStream-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:lemon-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:lemon-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:lemon-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:lemon-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.src", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-doc-0:3.26.0-6.el8.noarch", "BaseOS-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "sqlite: zipfileUpdate in ext/misc/zipfile.c mishandles a NULL pathname during an update of a ZIP archive" }, { "cve": "CVE-2019-19959", "cwe": { "id": "CWE-626", "name": "Null Byte Interaction Error (Poison Null Byte)" }, "discovery_date": "2020-01-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1789595" } ], "notes": [ { "category": "description", "text": "ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving embedded \u0027\\0\u0027 characters in filenames, leading to a memory-management error that can be detected by (for example) valgrind.", "title": "Vulnerability description" }, { "category": "summary", "text": "sqlite: mishandles certain uses of INSERT INTO in situations involving embedded \u0027\\0\u0027 characters in filenames", "title": "Vulnerability summary" }, { "category": "other", "text": "The zip extension was introduced in sqlite-3.22.0, therefore previous versions are not affected by this flaw.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.2.0.GA:lemon-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:lemon-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:lemon-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:lemon-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.src", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-doc-0:3.26.0-6.el8.noarch", "AppStream-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:lemon-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:lemon-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:lemon-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:lemon-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.src", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-doc-0:3.26.0-6.el8.noarch", "BaseOS-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-19959" }, { "category": "external", "summary": "RHBZ#1789595", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1789595" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-19959", "url": "https://www.cve.org/CVERecord?id=CVE-2019-19959" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-19959", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19959" } ], "release_date": "2019-12-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-04-28T15:49:32+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.2.0.GA:lemon-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:lemon-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:lemon-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:lemon-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.src", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-doc-0:3.26.0-6.el8.noarch", "AppStream-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:lemon-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:lemon-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:lemon-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:lemon-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.src", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-doc-0:3.26.0-6.el8.noarch", "BaseOS-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:1810" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "AppStream-8.2.0.GA:lemon-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:lemon-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:lemon-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:lemon-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.src", "AppStream-8.2.0.GA:sqlite-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-doc-0:3.26.0-6.el8.noarch", "AppStream-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.x86_64", "AppStream-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.aarch64", "AppStream-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.i686", "AppStream-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.ppc64le", "AppStream-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.s390x", "AppStream-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:lemon-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:lemon-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:lemon-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:lemon-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:lemon-debuginfo-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.src", "BaseOS-8.2.0.GA:sqlite-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-analyzer-debuginfo-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-debuginfo-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-debugsource-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-devel-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-doc-0:3.26.0-6.el8.noarch", "BaseOS-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-libs-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-libs-debuginfo-0:3.26.0-6.el8.x86_64", "BaseOS-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.aarch64", "BaseOS-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.i686", "BaseOS-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.ppc64le", "BaseOS-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.s390x", "BaseOS-8.2.0.GA:sqlite-tcl-debuginfo-0:3.26.0-6.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "sqlite: mishandles certain uses of INSERT INTO in situations involving embedded \u0027\\0\u0027 characters in filenames" } ] }
rhsa-2019_4238
Vulnerability from csaf_redhat
Published
2019-12-16 09:09
Modified
2024-11-15 04:13
Summary
Red Hat Security Advisory: chromium-browser security update
Notes
Topic
An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary.
Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Chromium is an open-source web browser, powered by WebKit (Blink).
This update upgrades Chromium to version 79.0.3945.79.
Security Fix(es):
* chromium-browser: Use after free in Bluetooth (CVE-2019-13725)
* chromium-browser: Heap buffer overflow in password manager (CVE-2019-13726)
* chromium-browser: Insufficient policy enforcement in WebSockets (CVE-2019-13727)
* chromium-browser: Out of bounds write in V8 (CVE-2019-13728)
* chromium-browser: Use after free in WebSockets (CVE-2019-13729)
* chromium-browser: Type Confusion in V8 (CVE-2019-13730)
* chromium-browser: Use after free in WebAudio (CVE-2019-13732)
* chromium-browser: Out of bounds write in SQLite (CVE-2019-13734)
* chromium-browser: Out of bounds write in V8 (CVE-2019-13735)
* chromium-browser: Type Confusion in V8 (CVE-2019-13764)
* chromium-browser: Integer overflow in PDFium (CVE-2019-13736)
* chromium-browser: Insufficient policy enforcement in autocomplete (CVE-2019-13737)
* chromium-browser: Insufficient policy enforcement in navigation (CVE-2019-13738)
* chromium-browser: Incorrect security UI in Omnibox (CVE-2019-13739)
* chromium-browser: Incorrect security UI in sharing (CVE-2019-13740)
* chromium-browser: Insufficient validation of untrusted input in Blink (CVE-2019-13741)
* chromium-browser: Incorrect security UI in Omnibox (CVE-2019-13742)
* chromium-browser: Incorrect security UI in external protocol handling (CVE-2019-13743)
* chromium-browser: Insufficient policy enforcement in cookies (CVE-2019-13744)
* chromium-browser: Insufficient policy enforcement in audio (CVE-2019-13745)
* chromium-browser: Insufficient policy enforcement in Omnibox (CVE-2019-13746)
* chromium-browser: Uninitialized Use in rendering (CVE-2019-13747)
* chromium-browser: Insufficient policy enforcement in developer tools (CVE-2019-13748)
* chromium-browser: Incorrect security UI in Omnibox (CVE-2019-13749)
* chromium-browser: Insufficient data validation in SQLite (CVE-2019-13750)
* chromium-browser: Uninitialized Use in SQLite (CVE-2019-13751)
* chromium-browser: Out of bounds read in SQLite (CVE-2019-13752)
* chromium-browser: Out of bounds read in SQLite (CVE-2019-13753)
* chromium-browser: Insufficient policy enforcement in extensions (CVE-2019-13754)
* chromium-browser: Insufficient policy enforcement in extensions (CVE-2019-13755)
* chromium-browser: Incorrect security UI in printing (CVE-2019-13756)
* chromium-browser: Incorrect security UI in Omnibox (CVE-2019-13757)
* chromium-browser: Insufficient policy enforcement in navigation (CVE-2019-13758)
* chromium-browser: Incorrect security UI in interstitials (CVE-2019-13759)
* chromium-browser: Incorrect security UI in Omnibox (CVE-2019-13761)
* chromium-browser: Insufficient policy enforcement in downloads (CVE-2019-13762)
* chromium-browser: Insufficient policy enforcement in payments (CVE-2019-13763)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Critical" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Chromium is an open-source web browser, powered by WebKit (Blink).\n\nThis update upgrades Chromium to version 79.0.3945.79.\n\nSecurity Fix(es):\n\n* chromium-browser: Use after free in Bluetooth (CVE-2019-13725)\n\n* chromium-browser: Heap buffer overflow in password manager (CVE-2019-13726)\n\n* chromium-browser: Insufficient policy enforcement in WebSockets (CVE-2019-13727)\n\n* chromium-browser: Out of bounds write in V8 (CVE-2019-13728)\n\n* chromium-browser: Use after free in WebSockets (CVE-2019-13729)\n\n* chromium-browser: Type Confusion in V8 (CVE-2019-13730)\n\n* chromium-browser: Use after free in WebAudio (CVE-2019-13732)\n\n* chromium-browser: Out of bounds write in SQLite (CVE-2019-13734)\n\n* chromium-browser: Out of bounds write in V8 (CVE-2019-13735)\n\n* chromium-browser: Type Confusion in V8 (CVE-2019-13764)\n\n* chromium-browser: Integer overflow in PDFium (CVE-2019-13736)\n\n* chromium-browser: Insufficient policy enforcement in autocomplete (CVE-2019-13737)\n\n* chromium-browser: Insufficient policy enforcement in navigation (CVE-2019-13738)\n\n* chromium-browser: Incorrect security UI in Omnibox (CVE-2019-13739)\n\n* chromium-browser: Incorrect security UI in sharing (CVE-2019-13740)\n\n* chromium-browser: Insufficient validation of untrusted input in Blink (CVE-2019-13741)\n\n* chromium-browser: Incorrect security UI in Omnibox (CVE-2019-13742)\n\n* chromium-browser: Incorrect security UI in external protocol handling (CVE-2019-13743)\n\n* chromium-browser: Insufficient policy enforcement in cookies (CVE-2019-13744)\n\n* chromium-browser: Insufficient policy enforcement in audio (CVE-2019-13745)\n\n* chromium-browser: Insufficient policy enforcement in Omnibox (CVE-2019-13746)\n\n* chromium-browser: Uninitialized Use in rendering (CVE-2019-13747)\n\n* chromium-browser: Insufficient policy enforcement in developer tools (CVE-2019-13748)\n\n* chromium-browser: Incorrect security UI in Omnibox (CVE-2019-13749)\n\n* chromium-browser: Insufficient data validation in SQLite (CVE-2019-13750)\n\n* chromium-browser: Uninitialized Use in SQLite (CVE-2019-13751)\n\n* chromium-browser: Out of bounds read in SQLite (CVE-2019-13752)\n\n* chromium-browser: Out of bounds read in SQLite (CVE-2019-13753)\n\n* chromium-browser: Insufficient policy enforcement in extensions (CVE-2019-13754)\n\n* chromium-browser: Insufficient policy enforcement in extensions (CVE-2019-13755)\n\n* chromium-browser: Incorrect security UI in printing (CVE-2019-13756)\n\n* chromium-browser: Incorrect security UI in Omnibox (CVE-2019-13757)\n\n* chromium-browser: Insufficient policy enforcement in navigation (CVE-2019-13758)\n\n* chromium-browser: Incorrect security UI in interstitials (CVE-2019-13759)\n\n* chromium-browser: Incorrect security UI in Omnibox (CVE-2019-13761)\n\n* chromium-browser: Insufficient policy enforcement in downloads (CVE-2019-13762)\n\n* chromium-browser: Insufficient policy enforcement in payments (CVE-2019-13763)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2019:4238", "url": "https://access.redhat.com/errata/RHSA-2019:4238" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#critical", "url": "https://access.redhat.com/security/updates/classification/#critical" }, { "category": "external", "summary": "1781973", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781973" }, { "category": "external", "summary": "1781974", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781974" }, { "category": "external", "summary": "1781975", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781975" }, { "category": "external", "summary": "1781976", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781976" }, { "category": "external", "summary": "1781977", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781977" }, { "category": "external", "summary": "1781978", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781978" }, { "category": "external", "summary": "1781979", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781979" }, { "category": "external", "summary": "1781980", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781980" }, { "category": "external", "summary": "1781981", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781981" }, { "category": "external", "summary": "1781982", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781982" }, { "category": "external", "summary": "1781983", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781983" }, { "category": "external", "summary": "1781984", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781984" }, { "category": "external", "summary": "1781985", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781985" }, { "category": "external", "summary": "1781986", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781986" }, { "category": "external", "summary": "1781987", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781987" }, { "category": "external", "summary": "1781988", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781988" }, { "category": "external", "summary": "1781989", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781989" }, { "category": "external", "summary": "1781990", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781990" }, { "category": "external", "summary": "1781991", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781991" }, { "category": "external", "summary": "1781992", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781992" }, { "category": "external", "summary": "1781993", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781993" }, { "category": "external", "summary": "1781994", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781994" }, { "category": "external", "summary": "1781995", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781995" }, { "category": "external", "summary": "1781997", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781997" }, { "category": "external", "summary": "1781998", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781998" }, { "category": "external", "summary": "1781999", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781999" }, { "category": "external", "summary": "1782000", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1782000" }, { "category": "external", "summary": "1782001", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1782001" }, { "category": "external", "summary": "1782002", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1782002" }, { "category": "external", "summary": "1782003", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1782003" }, { "category": "external", "summary": "1782004", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1782004" }, { "category": "external", "summary": "1782005", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1782005" }, { "category": "external", "summary": "1782006", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1782006" }, { "category": "external", "summary": "1782007", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1782007" }, { "category": "external", "summary": "1782008", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1782008" }, { "category": "external", "summary": "1782017", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1782017" }, { "category": "external", "summary": "1782021", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1782021" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_4238.json" } ], "title": "Red Hat Security Advisory: chromium-browser security update", "tracking": { "current_release_date": "2024-11-15T04:13:35+00:00", "generator": { "date": "2024-11-15T04:13:35+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2019:4238", "initial_release_date": "2019-12-16T09:09:31+00:00", "revision_history": [ { "date": "2019-12-16T09:09:31+00:00", "number": "1", "summary": "Initial version" }, { "date": "2019-12-16T09:09:31+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T04:13:35+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)", "product": { "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)", "product_id": "6Client-Supplementary-6.10.z", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras:6" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux HPC Node Supplementary (v. 6)", "product": { "name": "Red Hat Enterprise Linux HPC Node Supplementary (v. 6)", "product_id": "6ComputeNode-Supplementary-6.10.z", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras:6" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Server Supplementary (v. 6)", "product": { "name": "Red Hat Enterprise Linux Server Supplementary (v. 6)", "product_id": "6Server-Supplementary-6.10.z", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras:6" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)", "product": { "name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)", "product_id": "6Workstation-Supplementary-6.10.z", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras:6" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux Supplementary" }, { "branches": [ { "category": "product_version", "name": "chromium-browser-0:79.0.3945.79-1.el6_10.i686", "product": { "name": "chromium-browser-0:79.0.3945.79-1.el6_10.i686", "product_id": "chromium-browser-0:79.0.3945.79-1.el6_10.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/chromium-browser@79.0.3945.79-1.el6_10?arch=i686" } } }, { "category": "product_version", "name": "chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "product": { "name": "chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "product_id": "chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/chromium-browser-debuginfo@79.0.3945.79-1.el6_10?arch=i686" } } } ], "category": "architecture", "name": "i686" }, { "branches": [ { "category": "product_version", "name": "chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "product": { "name": "chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "product_id": "chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/chromium-browser@79.0.3945.79-1.el6_10?arch=x86_64" } } }, { "category": "product_version", "name": "chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "product": { "name": "chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "product_id": "chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/chromium-browser-debuginfo@79.0.3945.79-1.el6_10?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-0:79.0.3945.79-1.el6_10.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)", "product_id": "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686" }, "product_reference": "chromium-browser-0:79.0.3945.79-1.el6_10.i686", "relates_to_product_reference": "6Client-Supplementary-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-0:79.0.3945.79-1.el6_10.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)", "product_id": "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64" }, "product_reference": "chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "relates_to_product_reference": "6Client-Supplementary-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)", "product_id": "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686" }, "product_reference": "chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "relates_to_product_reference": "6Client-Supplementary-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)", "product_id": "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" }, "product_reference": "chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "relates_to_product_reference": "6Client-Supplementary-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-0:79.0.3945.79-1.el6_10.i686 as a component of Red Hat Enterprise Linux HPC Node Supplementary (v. 6)", "product_id": "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686" }, "product_reference": "chromium-browser-0:79.0.3945.79-1.el6_10.i686", "relates_to_product_reference": "6ComputeNode-Supplementary-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-0:79.0.3945.79-1.el6_10.x86_64 as a component of Red Hat Enterprise Linux HPC Node Supplementary (v. 6)", "product_id": "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64" }, "product_reference": "chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "relates_to_product_reference": "6ComputeNode-Supplementary-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686 as a component of Red Hat Enterprise Linux HPC Node Supplementary (v. 6)", "product_id": "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686" }, "product_reference": "chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "relates_to_product_reference": "6ComputeNode-Supplementary-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64 as a component of Red Hat Enterprise Linux HPC Node Supplementary (v. 6)", "product_id": "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" }, "product_reference": "chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "relates_to_product_reference": "6ComputeNode-Supplementary-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-0:79.0.3945.79-1.el6_10.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)", "product_id": "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686" }, "product_reference": "chromium-browser-0:79.0.3945.79-1.el6_10.i686", "relates_to_product_reference": "6Server-Supplementary-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-0:79.0.3945.79-1.el6_10.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)", "product_id": "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64" }, "product_reference": "chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "relates_to_product_reference": "6Server-Supplementary-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)", "product_id": "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686" }, "product_reference": "chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "relates_to_product_reference": "6Server-Supplementary-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)", "product_id": "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" }, "product_reference": "chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "relates_to_product_reference": "6Server-Supplementary-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-0:79.0.3945.79-1.el6_10.i686 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)", "product_id": "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686" }, "product_reference": "chromium-browser-0:79.0.3945.79-1.el6_10.i686", "relates_to_product_reference": "6Workstation-Supplementary-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-0:79.0.3945.79-1.el6_10.x86_64 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)", "product_id": "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64" }, "product_reference": "chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "relates_to_product_reference": "6Workstation-Supplementary-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)", "product_id": "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686" }, "product_reference": "chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "relates_to_product_reference": "6Workstation-Supplementary-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)", "product_id": "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" }, "product_reference": "chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "relates_to_product_reference": "6Workstation-Supplementary-6.10.z" } ] }, "vulnerabilities": [ { "cve": "CVE-2019-13725", "discovery_date": "2019-12-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1781973" } ], "notes": [ { "category": "description", "text": "Use-after-free in Bluetooth in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code via a crafted HTML page.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Use after free in Bluetooth", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-13725" }, { "category": "external", "summary": "RHBZ#1781973", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781973" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-13725", "url": "https://www.cve.org/CVERecord?id=CVE-2019-13725" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13725", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13725" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html" } ], "release_date": "2019-12-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-12-16T09:09:31+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:4238" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.6, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "chromium-browser: Use after free in Bluetooth" }, { "cve": "CVE-2019-13726", "discovery_date": "2019-12-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1781974" } ], "notes": [ { "category": "description", "text": "Buffer overflow in password manager in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code via a crafted HTML page.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Heap buffer overflow in password manager", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-13726" }, { "category": "external", "summary": "RHBZ#1781974", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781974" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-13726", "url": "https://www.cve.org/CVERecord?id=CVE-2019-13726" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13726", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13726" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html" } ], "release_date": "2019-12-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-12-16T09:09:31+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:4238" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.6, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "chromium-browser: Heap buffer overflow in password manager" }, { "cve": "CVE-2019-13727", "discovery_date": "2019-12-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1781975" } ], "notes": [ { "category": "description", "text": "Insufficient policy enforcement in WebSockets in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass same origin policy via a crafted HTML page.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Insufficient policy enforcement in WebSockets", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-13727" }, { "category": "external", "summary": "RHBZ#1781975", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781975" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-13727", "url": "https://www.cve.org/CVERecord?id=CVE-2019-13727" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13727", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13727" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html" } ], "release_date": "2019-12-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-12-16T09:09:31+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:4238" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "chromium-browser: Insufficient policy enforcement in WebSockets" }, { "cve": "CVE-2019-13728", "discovery_date": "2019-12-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1781976" } ], "notes": [ { "category": "description", "text": "Out of bounds write in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Out of bounds write in V8", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-13728" }, { "category": "external", "summary": "RHBZ#1781976", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781976" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-13728", "url": "https://www.cve.org/CVERecord?id=CVE-2019-13728" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13728", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13728" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html" } ], "release_date": "2019-12-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-12-16T09:09:31+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:4238" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "chromium-browser: Out of bounds write in V8" }, { "cve": "CVE-2019-13729", "discovery_date": "2019-12-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1781977" } ], "notes": [ { "category": "description", "text": "Use-after-free in WebSockets in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Use after free in WebSockets", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-13729" }, { "category": "external", "summary": "RHBZ#1781977", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781977" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-13729", "url": "https://www.cve.org/CVERecord?id=CVE-2019-13729" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13729", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13729" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html" } ], "release_date": "2019-12-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-12-16T09:09:31+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:4238" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "chromium-browser: Use after free in WebSockets" }, { "cve": "CVE-2019-13730", "discovery_date": "2019-12-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1781978" } ], "notes": [ { "category": "description", "text": "Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Type Confusion in V8", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-13730" }, { "category": "external", "summary": "RHBZ#1781978", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781978" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-13730", "url": "https://www.cve.org/CVERecord?id=CVE-2019-13730" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13730", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13730" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html" } ], "release_date": "2019-12-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-12-16T09:09:31+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:4238" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "chromium-browser: Type Confusion in V8" }, { "cve": "CVE-2019-13732", "discovery_date": "2019-12-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1781979" } ], "notes": [ { "category": "description", "text": "Use-after-free in WebAudio in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Use after free in WebAudio", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-13732" }, { "category": "external", "summary": "RHBZ#1781979", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781979" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-13732", "url": "https://www.cve.org/CVERecord?id=CVE-2019-13732" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13732", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13732" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html" } ], "release_date": "2019-12-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-12-16T09:09:31+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:4238" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "chromium-browser: Use after free in WebAudio" }, { "cve": "CVE-2019-13734", "discovery_date": "2019-12-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1781980" } ], "notes": [ { "category": "description", "text": "Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "title": "Vulnerability description" }, { "category": "summary", "text": "sqlite: fts3: improve shadow table corruption detection", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-13734" }, { "category": "external", "summary": "RHBZ#1781980", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781980" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-13734", "url": "https://www.cve.org/CVERecord?id=CVE-2019-13734" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13734", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13734" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html" } ], "release_date": "2019-12-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-12-16T09:09:31+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:4238" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "sqlite: fts3: improve shadow table corruption detection" }, { "cve": "CVE-2019-13735", "discovery_date": "2019-12-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1781981" } ], "notes": [ { "category": "description", "text": "Out of bounds write in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Out of bounds write in V8", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-13735" }, { "category": "external", "summary": "RHBZ#1781981", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781981" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-13735", "url": "https://www.cve.org/CVERecord?id=CVE-2019-13735" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13735", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13735" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html" } ], "release_date": "2019-12-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-12-16T09:09:31+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:4238" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "chromium-browser: Out of bounds write in V8" }, { "cve": "CVE-2019-13736", "discovery_date": "2019-12-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1781983" } ], "notes": [ { "category": "description", "text": "Integer overflow in PDFium in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Integer overflow in PDFium", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-13736" }, { "category": "external", "summary": "RHBZ#1781983", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781983" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-13736", "url": "https://www.cve.org/CVERecord?id=CVE-2019-13736" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13736", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13736" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html" } ], "release_date": "2019-12-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-12-16T09:09:31+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:4238" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "chromium-browser: Integer overflow in PDFium" }, { "cve": "CVE-2019-13737", "discovery_date": "2019-12-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1781984" } ], "notes": [ { "category": "description", "text": "Insufficient policy enforcement in autocomplete in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Insufficient policy enforcement in autocomplete", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-13737" }, { "category": "external", "summary": "RHBZ#1781984", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781984" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-13737", "url": "https://www.cve.org/CVERecord?id=CVE-2019-13737" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13737", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13737" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html" } ], "release_date": "2019-12-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-12-16T09:09:31+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:4238" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "chromium-browser: Insufficient policy enforcement in autocomplete" }, { "cve": "CVE-2019-13738", "discovery_date": "2019-12-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1781985" } ], "notes": [ { "category": "description", "text": "Insufficient policy enforcement in navigation in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass site isolation via a crafted HTML page.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Insufficient policy enforcement in navigation", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-13738" }, { "category": "external", "summary": "RHBZ#1781985", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781985" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-13738", "url": "https://www.cve.org/CVERecord?id=CVE-2019-13738" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13738", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13738" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html" } ], "release_date": "2019-12-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-12-16T09:09:31+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:4238" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "chromium-browser: Insufficient policy enforcement in navigation" }, { "cve": "CVE-2019-13739", "discovery_date": "2019-12-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1781986" } ], "notes": [ { "category": "description", "text": "Insufficient policy enforcement in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Incorrect security UI in Omnibox", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-13739" }, { "category": "external", "summary": "RHBZ#1781986", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781986" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-13739", "url": "https://www.cve.org/CVERecord?id=CVE-2019-13739" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13739", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13739" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html" } ], "release_date": "2019-12-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-12-16T09:09:31+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:4238" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "chromium-browser: Incorrect security UI in Omnibox" }, { "cve": "CVE-2019-13740", "discovery_date": "2019-12-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1781987" } ], "notes": [ { "category": "description", "text": "Incorrect security UI in sharing in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted HTML page.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Incorrect security UI in sharing", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-13740" }, { "category": "external", "summary": "RHBZ#1781987", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781987" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-13740", "url": "https://www.cve.org/CVERecord?id=CVE-2019-13740" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13740", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13740" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html" } ], "release_date": "2019-12-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-12-16T09:09:31+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:4238" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "chromium-browser: Incorrect security UI in sharing" }, { "cve": "CVE-2019-13741", "discovery_date": "2019-12-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1781988" } ], "notes": [ { "category": "description", "text": "Insufficient validation of untrusted input in Blink in Google Chrome prior to 79.0.3945.79 allowed a local attacker to bypass same origin policy via crafted clipboard content.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Insufficient validation of untrusted input in Blink", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-13741" }, { "category": "external", "summary": "RHBZ#1781988", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781988" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-13741", "url": "https://www.cve.org/CVERecord?id=CVE-2019-13741" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13741", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13741" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html" } ], "release_date": "2019-12-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-12-16T09:09:31+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:4238" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "chromium-browser: Insufficient validation of untrusted input in Blink" }, { "cve": "CVE-2019-13742", "discovery_date": "2019-12-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1781989" } ], "notes": [ { "category": "description", "text": "Incorrect security UI in Omnibox in Google Chrome on iOS prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Incorrect security UI in Omnibox", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-13742" }, { "category": "external", "summary": "RHBZ#1781989", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781989" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-13742", "url": "https://www.cve.org/CVERecord?id=CVE-2019-13742" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13742", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13742" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html" } ], "release_date": "2019-12-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-12-16T09:09:31+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:4238" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "chromium-browser: Incorrect security UI in Omnibox" }, { "cve": "CVE-2019-13743", "discovery_date": "2019-12-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1781990" } ], "notes": [ { "category": "description", "text": "Incorrect security UI in external protocol handling in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to spoof security UI via a crafted HTML page.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Incorrect security UI in external protocol handling", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-13743" }, { "category": "external", "summary": "RHBZ#1781990", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781990" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-13743", "url": "https://www.cve.org/CVERecord?id=CVE-2019-13743" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13743", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13743" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html" } ], "release_date": "2019-12-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-12-16T09:09:31+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:4238" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "chromium-browser: Incorrect security UI in external protocol handling" }, { "cve": "CVE-2019-13744", "discovery_date": "2019-12-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1782021" } ], "notes": [ { "category": "description", "text": "Insufficient policy enforcement in cookies in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Insufficient policy enforcement in cookies", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-13744" }, { "category": "external", "summary": "RHBZ#1782021", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1782021" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-13744", "url": "https://www.cve.org/CVERecord?id=CVE-2019-13744" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13744", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13744" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html" } ], "release_date": "2019-12-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-12-16T09:09:31+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:4238" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "chromium-browser: Insufficient policy enforcement in cookies" }, { "cve": "CVE-2019-13745", "discovery_date": "2019-12-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1781991" } ], "notes": [ { "category": "description", "text": "Insufficient policy enforcement in audio in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Insufficient policy enforcement in audio", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-13745" }, { "category": "external", "summary": "RHBZ#1781991", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781991" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-13745", "url": "https://www.cve.org/CVERecord?id=CVE-2019-13745" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13745", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13745" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html" } ], "release_date": "2019-12-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-12-16T09:09:31+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:4238" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "chromium-browser: Insufficient policy enforcement in audio" }, { "cve": "CVE-2019-13746", "discovery_date": "2019-12-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1781992" } ], "notes": [ { "category": "description", "text": "Insufficient policy enforcement in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Insufficient policy enforcement in Omnibox", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-13746" }, { "category": "external", "summary": "RHBZ#1781992", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781992" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-13746", "url": "https://www.cve.org/CVERecord?id=CVE-2019-13746" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13746", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13746" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html" } ], "release_date": "2019-12-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-12-16T09:09:31+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:4238" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "chromium-browser: Insufficient policy enforcement in Omnibox" }, { "cve": "CVE-2019-13747", "discovery_date": "2019-12-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1781993" } ], "notes": [ { "category": "description", "text": "Uninitialized data in rendering in Google Chrome on Android prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Uninitialized Use in rendering", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-13747" }, { "category": "external", "summary": "RHBZ#1781993", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781993" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-13747", "url": "https://www.cve.org/CVERecord?id=CVE-2019-13747" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13747", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13747" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html" } ], "release_date": "2019-12-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-12-16T09:09:31+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:4238" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "chromium-browser: Uninitialized Use in rendering" }, { "cve": "CVE-2019-13748", "discovery_date": "2019-12-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1781994" } ], "notes": [ { "category": "description", "text": "Insufficient policy enforcement in developer tools in Google Chrome prior to 79.0.3945.79 allowed a local attacker to obtain potentially sensitive information from process memory via a crafted HTML page.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Insufficient policy enforcement in developer tools", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-13748" }, { "category": "external", "summary": "RHBZ#1781994", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781994" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-13748", "url": "https://www.cve.org/CVERecord?id=CVE-2019-13748" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13748", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13748" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html" } ], "release_date": "2019-12-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-12-16T09:09:31+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:4238" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "chromium-browser: Insufficient policy enforcement in developer tools" }, { "cve": "CVE-2019-13749", "discovery_date": "2019-12-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1781995" } ], "notes": [ { "category": "description", "text": "Incorrect security UI in Omnibox in Google Chrome on iOS prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Incorrect security UI in Omnibox", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-13749" }, { "category": "external", "summary": "RHBZ#1781995", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781995" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-13749", "url": "https://www.cve.org/CVERecord?id=CVE-2019-13749" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13749", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13749" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html" } ], "release_date": "2019-12-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-12-16T09:09:31+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:4238" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "chromium-browser: Incorrect security UI in Omnibox" }, { "cve": "CVE-2019-13750", "discovery_date": "2019-12-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1781997" } ], "notes": [ { "category": "description", "text": "Insufficient data validation in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass defense-in-depth measures via a crafted HTML page.", "title": "Vulnerability description" }, { "category": "summary", "text": "sqlite: dropping of shadow tables not restricted in defensive mode", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-13750" }, { "category": "external", "summary": "RHBZ#1781997", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781997" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-13750", "url": "https://www.cve.org/CVERecord?id=CVE-2019-13750" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13750", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13750" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html" } ], "release_date": "2019-12-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-12-16T09:09:31+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:4238" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "sqlite: dropping of shadow tables not restricted in defensive mode" }, { "cve": "CVE-2019-13751", "discovery_date": "2019-12-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1781998" } ], "notes": [ { "category": "description", "text": "Uninitialized data in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.", "title": "Vulnerability description" }, { "category": "summary", "text": "sqlite: fts3: improve detection of corrupted records", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-13751" }, { "category": "external", "summary": "RHBZ#1781998", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781998" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-13751", "url": "https://www.cve.org/CVERecord?id=CVE-2019-13751" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13751", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13751" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html" } ], "release_date": "2019-12-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-12-16T09:09:31+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:4238" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "sqlite: fts3: improve detection of corrupted records" }, { "cve": "CVE-2019-13752", "discovery_date": "2019-12-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1781999" } ], "notes": [ { "category": "description", "text": "Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.", "title": "Vulnerability description" }, { "category": "summary", "text": "sqlite: fts3: improve shadow table corruption detection", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-13752" }, { "category": "external", "summary": "RHBZ#1781999", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781999" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-13752", "url": "https://www.cve.org/CVERecord?id=CVE-2019-13752" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13752", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13752" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html" } ], "release_date": "2019-12-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-12-16T09:09:31+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:4238" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "sqlite: fts3: improve shadow table corruption detection" }, { "cve": "CVE-2019-13753", "discovery_date": "2019-12-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1782000" } ], "notes": [ { "category": "description", "text": "Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.", "title": "Vulnerability description" }, { "category": "summary", "text": "sqlite: fts3: incorrectly removed corruption check", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-13753" }, { "category": "external", "summary": "RHBZ#1782000", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1782000" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-13753", "url": "https://www.cve.org/CVERecord?id=CVE-2019-13753" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13753", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13753" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html" } ], "release_date": "2019-12-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-12-16T09:09:31+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:4238" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "sqlite: fts3: incorrectly removed corruption check" }, { "cve": "CVE-2019-13754", "discovery_date": "2019-12-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1782001" } ], "notes": [ { "category": "description", "text": "Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Insufficient policy enforcement in extensions", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-13754" }, { "category": "external", "summary": "RHBZ#1782001", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1782001" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-13754", "url": "https://www.cve.org/CVERecord?id=CVE-2019-13754" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13754", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13754" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html" } ], "release_date": "2019-12-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-12-16T09:09:31+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:4238" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "chromium-browser: Insufficient policy enforcement in extensions" }, { "cve": "CVE-2019-13755", "discovery_date": "2019-12-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1782002" } ], "notes": [ { "category": "description", "text": "Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to disable extensions via a crafted HTML page.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Insufficient policy enforcement in extensions", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-13755" }, { "category": "external", "summary": "RHBZ#1782002", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1782002" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-13755", "url": "https://www.cve.org/CVERecord?id=CVE-2019-13755" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13755", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13755" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html" } ], "release_date": "2019-12-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-12-16T09:09:31+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:4238" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "chromium-browser: Insufficient policy enforcement in extensions" }, { "cve": "CVE-2019-13756", "discovery_date": "2019-12-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1782003" } ], "notes": [ { "category": "description", "text": "Incorrect security UI in printing in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted HTML page.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Incorrect security UI in printing", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-13756" }, { "category": "external", "summary": "RHBZ#1782003", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1782003" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-13756", "url": "https://www.cve.org/CVERecord?id=CVE-2019-13756" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13756", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13756" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html" } ], "release_date": "2019-12-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-12-16T09:09:31+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:4238" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "chromium-browser: Incorrect security UI in printing" }, { "cve": "CVE-2019-13757", "discovery_date": "2019-12-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1782004" } ], "notes": [ { "category": "description", "text": "Incorrect security UI in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Incorrect security UI in Omnibox", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-13757" }, { "category": "external", "summary": "RHBZ#1782004", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1782004" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-13757", "url": "https://www.cve.org/CVERecord?id=CVE-2019-13757" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13757", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13757" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html" } ], "release_date": "2019-12-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-12-16T09:09:31+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:4238" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "chromium-browser: Incorrect security UI in Omnibox" }, { "cve": "CVE-2019-13758", "discovery_date": "2019-12-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1782017" } ], "notes": [ { "category": "description", "text": "Insufficient policy enforcement in navigation in Google Chrome on Android prior to 79.0.3945.79 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Insufficient policy enforcement in navigation", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-13758" }, { "category": "external", "summary": "RHBZ#1782017", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1782017" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-13758", "url": "https://www.cve.org/CVERecord?id=CVE-2019-13758" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13758", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13758" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html" } ], "release_date": "2019-12-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-12-16T09:09:31+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:4238" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "chromium-browser: Insufficient policy enforcement in navigation" }, { "cve": "CVE-2019-13759", "discovery_date": "2019-12-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1782005" } ], "notes": [ { "category": "description", "text": "Incorrect security UI in interstitials in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted HTML page.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Incorrect security UI in interstitials", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-13759" }, { "category": "external", "summary": "RHBZ#1782005", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1782005" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-13759", "url": "https://www.cve.org/CVERecord?id=CVE-2019-13759" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13759", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13759" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html" } ], "release_date": "2019-12-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-12-16T09:09:31+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:4238" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "chromium-browser: Incorrect security UI in interstitials" }, { "cve": "CVE-2019-13761", "discovery_date": "2019-12-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1782006" } ], "notes": [ { "category": "description", "text": "Incorrect security UI in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Incorrect security UI in Omnibox", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-13761" }, { "category": "external", "summary": "RHBZ#1782006", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1782006" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-13761", "url": "https://www.cve.org/CVERecord?id=CVE-2019-13761" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13761", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13761" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html" } ], "release_date": "2019-12-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-12-16T09:09:31+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:4238" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "chromium-browser: Incorrect security UI in Omnibox" }, { "cve": "CVE-2019-13762", "discovery_date": "2019-12-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1782007" } ], "notes": [ { "category": "description", "text": "Insufficient policy enforcement in downloads in Google Chrome on Windows prior to 79.0.3945.79 allowed a local attacker to spoof downloaded files via local code.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Insufficient policy enforcement in downloads", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-13762" }, { "category": "external", "summary": "RHBZ#1782007", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1782007" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-13762", "url": "https://www.cve.org/CVERecord?id=CVE-2019-13762" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13762", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13762" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html" } ], "release_date": "2019-12-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-12-16T09:09:31+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:4238" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "chromium-browser: Insufficient policy enforcement in downloads" }, { "cve": "CVE-2019-13763", "discovery_date": "2019-12-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1782008" } ], "notes": [ { "category": "description", "text": "Insufficient policy enforcement in payments in Google Chrome prior to 79.0.3945.79 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Insufficient policy enforcement in payments", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-13763" }, { "category": "external", "summary": "RHBZ#1782008", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1782008" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-13763", "url": "https://www.cve.org/CVERecord?id=CVE-2019-13763" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13763", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13763" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html" } ], "release_date": "2019-12-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-12-16T09:09:31+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:4238" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "chromium-browser: Insufficient policy enforcement in payments" }, { "cve": "CVE-2019-13764", "discovery_date": "2019-12-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1781982" } ], "notes": [ { "category": "description", "text": "Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Type Confusion in V8", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-13764" }, { "category": "external", "summary": "RHBZ#1781982", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781982" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-13764", "url": "https://www.cve.org/CVERecord?id=CVE-2019-13764" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13764", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13764" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html" } ], "release_date": "2019-12-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-12-16T09:09:31+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:4238" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "chromium-browser: Type Confusion in V8" } ] }
gsd-2019-13753
Vulnerability from gsd
Modified
2023-12-13 01:23
Details
Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
Aliases
Aliases
{ "GSD": { "alias": "CVE-2019-13753", "description": "Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.", "id": "GSD-2019-13753", "references": [ "https://www.suse.com/security/cve/CVE-2019-13753.html", "https://www.debian.org/security/2020/dsa-4606", "https://access.redhat.com/errata/RHSA-2020:1810", "https://access.redhat.com/errata/RHSA-2019:4238", "https://ubuntu.com/security/CVE-2019-13753", "https://advisories.mageia.org/CVE-2019-13753.html", "https://security.archlinux.org/CVE-2019-13753", "https://linux.oracle.com/cve/CVE-2019-13753.html" ] }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2019-13753" ], "details": "Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.", "id": "GSD-2019-13753", "modified": "2023-12-13T01:23:41.352791Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "chrome-cve-admin@google.com", "ID": "CVE-2019-13753", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Chrome", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "79.0.3945.79" } ] } } ] }, "vendor_name": "Google" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Out of bounds read" } ] } ] }, "references": { "reference_data": [ { "name": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", "refsource": "MISC", "url": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html" }, { "name": "https://crbug.com/1025471", "refsource": "MISC", "url": "https://crbug.com/1025471" }, { "name": "RHSA-2019:4238", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:4238" }, { "name": "openSUSE-SU-2019:2692", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html" }, { "name": "FEDORA-2019-1a10c04281", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/" }, { "name": "openSUSE-SU-2019:2694", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html" }, { "name": "FEDORA-2020-4355ea258e", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" }, { "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2020/Jan/27" }, { "name": "DSA-4606", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2020/dsa-4606" }, { "name": "GLSA-202003-08", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202003-08" }, { "name": "USN-4298-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4298-1/" }, { "name": "USN-4298-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4298-2/" } ] } }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "79.0.3945.79", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:x64:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:6.0:*:*:*:*:*:x64:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:6.0:*:*:*:*:*:x86:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:x86:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:x64:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:x86:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:x64:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:x86:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "chrome-cve-admin@google.com", "ID": "CVE-2019-13753" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "CWE-125" } ] } ] }, "references": { "reference_data": [ { "name": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", "refsource": "MISC", "tags": [ "Vendor Advisory" ], "url": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html" }, { "name": "https://crbug.com/1025471", "refsource": "MISC", "tags": [ "Permissions Required" ], "url": "https://crbug.com/1025471" }, { "name": "RHSA-2019:4238", "refsource": "REDHAT", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2019:4238" }, { "name": "openSUSE-SU-2019:2692", "refsource": "SUSE", "tags": [ "Broken Link" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html" }, { "name": "FEDORA-2019-1a10c04281", "refsource": "FEDORA", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/" }, { "name": "openSUSE-SU-2019:2694", "refsource": "SUSE", "tags": [ "Broken Link" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html" }, { "name": "FEDORA-2020-4355ea258e", "refsource": "FEDORA", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" }, { "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", "refsource": "BUGTRAQ", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://seclists.org/bugtraq/2020/Jan/27" }, { "name": "DSA-4606", "refsource": "DEBIAN", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2020/dsa-4606" }, { "name": "GLSA-202003-08", "refsource": "GENTOO", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202003-08" }, { "name": "USN-4298-1", "refsource": "UBUNTU", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/4298-1/" }, { "name": "USN-4298-2", "refsource": "UBUNTU", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/4298-2/" } ] } }, "impact": { "baseMetricV2": { "acInsufInfo": false, "cvssV2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true }, "baseMetricV3": { "cvssV3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 3.6 } }, "lastModifiedDate": "2023-02-10T18:52Z", "publishedDate": "2019-12-10T22:15Z" } } }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.