summaryrefslogtreecommitdiff
path: root/metadata/glsa/glsa-202309-17.xml
diff options
context:
space:
mode:
Diffstat (limited to 'metadata/glsa/glsa-202309-17.xml')
-rw-r--r--metadata/glsa/glsa-202309-17.xml152
1 files changed, 152 insertions, 0 deletions
diff --git a/metadata/glsa/glsa-202309-17.xml b/metadata/glsa/glsa-202309-17.xml
new file mode 100644
index 000000000000..d19efa9eb3d2
--- /dev/null
+++ b/metadata/glsa/glsa-202309-17.xml
@@ -0,0 +1,152 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202309-17">
+ <title>Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been found in Chromium and its derivatives, the worst of which could result in remote code execution.</synopsis>
+ <product type="ebuild">chromium,chromium-bin,google-chrome,microsoft-edge</product>
+ <announced>2023-09-30</announced>
+ <revised count="1">2023-09-30</revised>
+ <bug>893660</bug>
+ <bug>904252</bug>
+ <bug>904394</bug>
+ <bug>904560</bug>
+ <bug>905297</bug>
+ <bug>905620</bug>
+ <bug>905883</bug>
+ <bug>906586</bug>
+ <access>remote</access>
+ <affected>
+ <package name="www-client/chromium" auto="yes" arch="*">
+ <unaffected range="ge">113.0.5672.126</unaffected>
+ <vulnerable range="lt">113.0.5672.126</vulnerable>
+ </package>
+ <package name="www-client/chromium-bin" auto="yes" arch="*">
+ <vulnerable range="lt">113.0.5672.126</vulnerable>
+ </package>
+ <package name="www-client/google-chrome" auto="yes" arch="*">
+ <unaffected range="ge">113.0.5672.126</unaffected>
+ <vulnerable range="lt">113.0.5672.126</vulnerable>
+ </package>
+ <package name="www-client/microsoft-edge" auto="yes" arch="*">
+ <unaffected range="ge">113.0.1774.50</unaffected>
+ <vulnerable range="lt">113.0.1774.50</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web.
+
+Google Chrome is one fast, simple, and secure browser for all your devices.
+
+Microsoft Edge is a browser that combines a minimal design with sophisticated technology to make the web faster, safer, and easier.</p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in Chromium and its derivatives. Please review the CVE identifiers referenced below for details.</p>
+ </description>
+ <impact type="high">
+ <p>Please review the referenced CVE identifiers for details.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All Chromium users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/chromium-113.0.5672.126"
+ </code>
+
+ <p>All Google Chrome users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/google-chrome-113.0.5672.126"
+ </code>
+
+ <p>All Microsoft Edge users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/microsoft-edge-113.0.1774.50"
+ </code>
+
+ <p>Gentoo has discontinued support for www-client/chromium-bin. Users should unmerge it in favor of the above alternatives:</p>
+
+ <code>
+ # emerge --ask --depclean --verbose "www-client/chromium-bin"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0696">CVE-2023-0696</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0697">CVE-2023-0697</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0698">CVE-2023-0698</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0699">CVE-2023-0699</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0700">CVE-2023-0700</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0701">CVE-2023-0701</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0702">CVE-2023-0702</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0703">CVE-2023-0703</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0704">CVE-2023-0704</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0705">CVE-2023-0705</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0927">CVE-2023-0927</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0928">CVE-2023-0928</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0929">CVE-2023-0929</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0930">CVE-2023-0930</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0931">CVE-2023-0931</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0932">CVE-2023-0932</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0933">CVE-2023-0933</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0941">CVE-2023-0941</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-1528">CVE-2023-1528</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-1529">CVE-2023-1529</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-1530">CVE-2023-1530</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-1531">CVE-2023-1531</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-1532">CVE-2023-1532</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-1533">CVE-2023-1533</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-1534">CVE-2023-1534</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-1810">CVE-2023-1810</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-1811">CVE-2023-1811</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-1812">CVE-2023-1812</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-1813">CVE-2023-1813</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-1814">CVE-2023-1814</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-1815">CVE-2023-1815</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-1816">CVE-2023-1816</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-1817">CVE-2023-1817</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-1818">CVE-2023-1818</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-1819">CVE-2023-1819</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-1820">CVE-2023-1820</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-1821">CVE-2023-1821</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-1822">CVE-2023-1822</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-1823">CVE-2023-1823</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-2033">CVE-2023-2033</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-2133">CVE-2023-2133</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-2134">CVE-2023-2134</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-2135">CVE-2023-2135</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-2136">CVE-2023-2136</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-2137">CVE-2023-2137</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-2459">CVE-2023-2459</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-2460">CVE-2023-2460</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-2461">CVE-2023-2461</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-2462">CVE-2023-2462</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-2463">CVE-2023-2463</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-2464">CVE-2023-2464</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-2465">CVE-2023-2465</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-2466">CVE-2023-2466</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-2467">CVE-2023-2467</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-2468">CVE-2023-2468</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-2721">CVE-2023-2721</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-2722">CVE-2023-2722</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-2723">CVE-2023-2723</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-2724">CVE-2023-2724</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-2725">CVE-2023-2725</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-2726">CVE-2023-2726</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-21720">CVE-2023-21720</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-21794">CVE-2023-21794</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-23374">CVE-2023-23374</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-28261">CVE-2023-28261</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-28286">CVE-2023-28286</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-29334">CVE-2023-29334</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-29350">CVE-2023-29350</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-29354">CVE-2023-29354</uri>
+ </references>
+ <metadata tag="requester" timestamp="2023-09-30T08:56:23.910135Z">ajak</metadata>
+ <metadata tag="submitter" timestamp="2023-09-30T08:56:23.912398Z">graaff</metadata>
+</glsa> \ No newline at end of file
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-12 04:58:54 +0000