ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2023.0322
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2023-0322)
Resumen:	The remote host is missing an update for the 'chromium-browser-stable' package(s) announced via the MGASA-2023-0322 advisory.
Descripción:	Summary: The remote host is missing an update for the 'chromium-browser-stable' package(s) announced via the MGASA-2023-0322 advisory. Vulnerability Insight: The chromium-browser-stable package has been updated to the 119.0.6045.159 release, fixing bugs and 15 vulnerabilities, together with 119.0.6045.123 and 119.0.6045.105, some of them are listed below: High CVE-2023-5480: Inappropriate implementation in Payments. Reported by Vsevolod Kokorin (Slonser) of Solidlab on 2023-10-14 High CVE-2023-5482: Insufficient data validation in USB. Reported by DarkNavy on 2023-10-13 High CVE-2023-5849: Integer overflow in USB. Reported by DarkNavy on 2023-10-13 High CVE-2023-5996: Use after free in WebAudio. Reported by Huang Xilin of Ant Group Light-Year Security Lab via Tianfu Cup 2023 on 2023-10-30 High CVE-2023-5997: Use after free in Garbage Collection. Reported by Anonymous on 2023-10-31 High CVE-2023-6112: Use after free in Navigation. Reported by Sergei Glazunov of Google Project Zero on 2023-11-04 Medium CVE-2023-5850: Incorrect security UI in Downloads. Reported by Mohit Raj (shadow2639) on 2021-12-22 Medium CVE-2023-5851: Inappropriate implementation in Downloads. Reported by Shaheen Fazim on 2023-08-18 Medium CVE-2023-5852: Use after free in Printing. Reported by [pwn2car] on 2023-09-10 Medium CVE-2023-5853: Incorrect security UI in Downloads. Reported by Hafiizh on 2023-06-22 Medium CVE-2023-5854: Use after free in Profiles. Reported by Dohyun Lee (@l33d0hyun) of SSD-Disclosure Labs & DNSLab, Korea Univ on 2023-10-01 Medium CVE-2023-5855: Use after free in Reading Mode. Reported by ChaobinZhang on 2023-10-13 Medium CVE-2023-5856: Use after free in Side Panel. Reported by Weipeng Jiang (@Krace) of VRI on 2023-10-17 Medium CVE-2023-5857: Inappropriate implementation in Downloads. Reported by Will Dormann on 2023-10-18 Low CVE-2023-5858: Inappropriate implementation in WebApp Provider. Reported by Axel Chong on 2023-06-24 Low CVE-2023-5859: Incorrect security UI in Picture In Picture. Reported by Junsung Lee on 2023-09-13 Affected Software/OS: 'chromium-browser-stable' package(s) on Mageia 9. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2023-5480 Debian Security Information: DSA-5546 (Google Search) https://www.debian.org/security/2023/dsa-5546 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EBA4KD5ZSV6XWWFLVR5UBYKKNOYMH33H/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MHLJRFWZNY6BFOW25Q4FEESVWZKS4C2/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PHWLT3M2AQDFD7RNAM3NJMYUC5KHMO5V/ https://security.gentoo.org/glsa/202311-11 https://security.gentoo.org/glsa/202312-07 https://security.gentoo.org/glsa/202401-34 https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_31.html https://crbug.com/1492698 Common Vulnerability Exposure (CVE) ID: CVE-2023-5482 https://crbug.com/1492381 Common Vulnerability Exposure (CVE) ID: CVE-2023-5849 https://crbug.com/1492384 Common Vulnerability Exposure (CVE) ID: CVE-2023-5850 https://crbug.com/1281972 Common Vulnerability Exposure (CVE) ID: CVE-2023-5851 https://crbug.com/1473957 Common Vulnerability Exposure (CVE) ID: CVE-2023-5852 https://crbug.com/1480852 Common Vulnerability Exposure (CVE) ID: CVE-2023-5853 https://crbug.com/1456876 Common Vulnerability Exposure (CVE) ID: CVE-2023-5854 https://crbug.com/1488267 Common Vulnerability Exposure (CVE) ID: CVE-2023-5855 https://crbug.com/1492396 Common Vulnerability Exposure (CVE) ID: CVE-2023-5856 https://crbug.com/1493380 Common Vulnerability Exposure (CVE) ID: CVE-2023-5857 https://crbug.com/1493435 Common Vulnerability Exposure (CVE) ID: CVE-2023-5858 https://crbug.com/1457704 Common Vulnerability Exposure (CVE) ID: CVE-2023-5996 Debian Security Information: DSA-5551 (Google Search) https://www.debian.org/security/2023/dsa-5551 https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop.html https://crbug.com/1497859 Common Vulnerability Exposure (CVE) ID: CVE-2023-5997 Debian Security Information: DSA-5556 (Google Search) https://www.debian.org/security/2023/dsa-5556 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MN3JQGEC4EFQP3WTI33YBD3CLC3I7P4X/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JHUI5HW7QXT3U74MJMTLUMF5REDO5HD5/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWHRLW3GDNFBFSBHDD4QOPUPX7ORTUEC/ https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop_14.html https://crbug.com/1497997 Common Vulnerability Exposure (CVE) ID: CVE-2023-6112 http://packetstormsecurity.com/files/176721/Chrome-content-NavigationURLLoaderImpl-FallbackToNonInterceptedRequest-Heap-Use-After-Free.html https://crbug.com/1499298
Copyright	Copyright (C) 2023 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.