Gentoo Linux Security Advisory 202309-17

Gentoo Linux Security Advisory 202309-17: Posted Oct 2, 2023; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory 202309-17 - Multiple vulnerabilities have been found in Chromium and its derivatives, the worst of which could result in remote code execution. Versions greater than or equal to 113.0.5672.126 are affected.; tags | advisory, remote, vulnerability, code execution; systems | linux, gentoo; advisories | CVE-2023-0696, CVE-2023-0697, CVE-2023-0698, CVE-2023-0699, CVE-2023-0700, CVE-2023-0701, CVE-2023-0702, CVE-2023-0703, CVE-2023-0704, CVE-2023-0705, CVE-2023-0927, CVE-2023-0928, CVE-2023-0929, CVE-2023-0930; SHA-256 | 405a8ef4f4fdb4b2e5acdfa683735dd378fbfb67d3534ee2331748e62162fc10; Download | Favorite | View

Gentoo Linux Security Advisory 202309-17

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 202309-17
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                           https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High
    Title: Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities
     Date: September 30, 2023
     Bugs: #893660, #904252, #904394, #904560, #905297, #905620, #905883, #906586
       ID: 202309-17

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been found in Chromium and its
derivatives, the worst of which could result in remote code execution.

Background
==========

Chromium is an open-source browser project that aims to build a safer,
faster, and more stable way for all users to experience the web.

Google Chrome is one fast, simple, and secure browser for all your
devices.

Microsoft Edge is a browser that combines a minimal design with
sophisticated technology to make the web faster, safer, and easier.

Affected packages
=================

Package                    Vulnerable        Unaffected
-------------------------  ----------------  -----------------
www-client/chromium        < 113.0.5672.126  >= 113.0.5672.126
www-client/chromium-bin    < 113.0.5672.126  Vulnerable!
www-client/google-chrome   < 113.0.5672.126  >= 113.0.5672.126
www-client/microsoft-edge  < 113.0.1774.50   >= 113.0.1774.50

Description
===========

Multiple vulnerabilities have been discovered in Chromium and its
derivatives. Please review the CVE identifiers referenced below for
details.

Impact
======

Please review the referenced CVE identifiers for details.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Chromium users should upgrade to the latest version:

  # emerge --sync
  # emerge --ask --oneshot --verbose ">=www-client/chromium-113.0.5672.126"

All Google Chrome users should upgrade to the latest version:

  # emerge --sync
  # emerge --ask --oneshot --verbose ">=www-client/google-chrome-113.0.5672.126"

All Microsoft Edge users should upgrade to the latest version:

  # emerge --sync
  # emerge --ask --oneshot --verbose ">=www-client/microsoft-edge-113.0.1774.50"

Gentoo has discontinued support for www-client/chromium-bin. Users
should unmerge it in favor of the above alternatives:

  # emerge --ask --depclean --verbose "www-client/chromium-bin"

References
==========

[ 1 ] CVE-2023-0696
      https://nvd.nist.gov/vuln/detail/CVE-2023-0696
[ 2 ] CVE-2023-0697
      https://nvd.nist.gov/vuln/detail/CVE-2023-0697
[ 3 ] CVE-2023-0698
      https://nvd.nist.gov/vuln/detail/CVE-2023-0698
[ 4 ] CVE-2023-0699
      https://nvd.nist.gov/vuln/detail/CVE-2023-0699
[ 5 ] CVE-2023-0700
      https://nvd.nist.gov/vuln/detail/CVE-2023-0700
[ 6 ] CVE-2023-0701
      https://nvd.nist.gov/vuln/detail/CVE-2023-0701
[ 7 ] CVE-2023-0702
      https://nvd.nist.gov/vuln/detail/CVE-2023-0702
[ 8 ] CVE-2023-0703
      https://nvd.nist.gov/vuln/detail/CVE-2023-0703
[ 9 ] CVE-2023-0704
      https://nvd.nist.gov/vuln/detail/CVE-2023-0704
[ 10 ] CVE-2023-0705
      https://nvd.nist.gov/vuln/detail/CVE-2023-0705
[ 11 ] CVE-2023-0927
      https://nvd.nist.gov/vuln/detail/CVE-2023-0927
[ 12 ] CVE-2023-0928
      https://nvd.nist.gov/vuln/detail/CVE-2023-0928
[ 13 ] CVE-2023-0929
      https://nvd.nist.gov/vuln/detail/CVE-2023-0929
[ 14 ] CVE-2023-0930
      https://nvd.nist.gov/vuln/detail/CVE-2023-0930
[ 15 ] CVE-2023-0931
      https://nvd.nist.gov/vuln/detail/CVE-2023-0931
[ 16 ] CVE-2023-0932
      https://nvd.nist.gov/vuln/detail/CVE-2023-0932
[ 17 ] CVE-2023-0933
      https://nvd.nist.gov/vuln/detail/CVE-2023-0933
[ 18 ] CVE-2023-0941
      https://nvd.nist.gov/vuln/detail/CVE-2023-0941
[ 19 ] CVE-2023-1528
      https://nvd.nist.gov/vuln/detail/CVE-2023-1528
[ 20 ] CVE-2023-1529
      https://nvd.nist.gov/vuln/detail/CVE-2023-1529
[ 21 ] CVE-2023-1530
      https://nvd.nist.gov/vuln/detail/CVE-2023-1530
[ 22 ] CVE-2023-1531
      https://nvd.nist.gov/vuln/detail/CVE-2023-1531
[ 23 ] CVE-2023-1532
      https://nvd.nist.gov/vuln/detail/CVE-2023-1532
[ 24 ] CVE-2023-1533
      https://nvd.nist.gov/vuln/detail/CVE-2023-1533
[ 25 ] CVE-2023-1534
      https://nvd.nist.gov/vuln/detail/CVE-2023-1534
[ 26 ] CVE-2023-1810
      https://nvd.nist.gov/vuln/detail/CVE-2023-1810
[ 27 ] CVE-2023-1811
      https://nvd.nist.gov/vuln/detail/CVE-2023-1811
[ 28 ] CVE-2023-1812
      https://nvd.nist.gov/vuln/detail/CVE-2023-1812
[ 29 ] CVE-2023-1813
      https://nvd.nist.gov/vuln/detail/CVE-2023-1813
[ 30 ] CVE-2023-1814
      https://nvd.nist.gov/vuln/detail/CVE-2023-1814
[ 31 ] CVE-2023-1815
      https://nvd.nist.gov/vuln/detail/CVE-2023-1815
[ 32 ] CVE-2023-1816
      https://nvd.nist.gov/vuln/detail/CVE-2023-1816
[ 33 ] CVE-2023-1817
      https://nvd.nist.gov/vuln/detail/CVE-2023-1817
[ 34 ] CVE-2023-1818
      https://nvd.nist.gov/vuln/detail/CVE-2023-1818
[ 35 ] CVE-2023-1819
      https://nvd.nist.gov/vuln/detail/CVE-2023-1819
[ 36 ] CVE-2023-1820
      https://nvd.nist.gov/vuln/detail/CVE-2023-1820
[ 37 ] CVE-2023-1821
      https://nvd.nist.gov/vuln/detail/CVE-2023-1821
[ 38 ] CVE-2023-1822
      https://nvd.nist.gov/vuln/detail/CVE-2023-1822
[ 39 ] CVE-2023-1823
      https://nvd.nist.gov/vuln/detail/CVE-2023-1823
[ 40 ] CVE-2023-2033
      https://nvd.nist.gov/vuln/detail/CVE-2023-2033
[ 41 ] CVE-2023-2133
      https://nvd.nist.gov/vuln/detail/CVE-2023-2133
[ 42 ] CVE-2023-2134
      https://nvd.nist.gov/vuln/detail/CVE-2023-2134
[ 43 ] CVE-2023-2135
      https://nvd.nist.gov/vuln/detail/CVE-2023-2135
[ 44 ] CVE-2023-2136
      https://nvd.nist.gov/vuln/detail/CVE-2023-2136
[ 45 ] CVE-2023-2137
      https://nvd.nist.gov/vuln/detail/CVE-2023-2137
[ 46 ] CVE-2023-2459
      https://nvd.nist.gov/vuln/detail/CVE-2023-2459
[ 47 ] CVE-2023-2460
      https://nvd.nist.gov/vuln/detail/CVE-2023-2460
[ 48 ] CVE-2023-2461
      https://nvd.nist.gov/vuln/detail/CVE-2023-2461
[ 49 ] CVE-2023-2462
      https://nvd.nist.gov/vuln/detail/CVE-2023-2462
[ 50 ] CVE-2023-2463
      https://nvd.nist.gov/vuln/detail/CVE-2023-2463
[ 51 ] CVE-2023-2464
      https://nvd.nist.gov/vuln/detail/CVE-2023-2464
[ 52 ] CVE-2023-2465
      https://nvd.nist.gov/vuln/detail/CVE-2023-2465
[ 53 ] CVE-2023-2466
      https://nvd.nist.gov/vuln/detail/CVE-2023-2466
[ 54 ] CVE-2023-2467
      https://nvd.nist.gov/vuln/detail/CVE-2023-2467
[ 55 ] CVE-2023-2468
      https://nvd.nist.gov/vuln/detail/CVE-2023-2468
[ 56 ] CVE-2023-2721
      https://nvd.nist.gov/vuln/detail/CVE-2023-2721
[ 57 ] CVE-2023-2722
      https://nvd.nist.gov/vuln/detail/CVE-2023-2722
[ 58 ] CVE-2023-2723
      https://nvd.nist.gov/vuln/detail/CVE-2023-2723
[ 59 ] CVE-2023-2724
      https://nvd.nist.gov/vuln/detail/CVE-2023-2724
[ 60 ] CVE-2023-2725
      https://nvd.nist.gov/vuln/detail/CVE-2023-2725
[ 61 ] CVE-2023-2726
      https://nvd.nist.gov/vuln/detail/CVE-2023-2726
[ 62 ] CVE-2023-21720
      https://nvd.nist.gov/vuln/detail/CVE-2023-21720
[ 63 ] CVE-2023-21794
      https://nvd.nist.gov/vuln/detail/CVE-2023-21794
[ 64 ] CVE-2023-23374
      https://nvd.nist.gov/vuln/detail/CVE-2023-23374
[ 65 ] CVE-2023-28261
      https://nvd.nist.gov/vuln/detail/CVE-2023-28261
[ 66 ] CVE-2023-28286
      https://nvd.nist.gov/vuln/detail/CVE-2023-28286
[ 67 ] CVE-2023-29334
      https://nvd.nist.gov/vuln/detail/CVE-2023-29334
[ 68 ] CVE-2023-29350
      https://nvd.nist.gov/vuln/detail/CVE-2023-29350
[ 69 ] CVE-2023-29354
      https://nvd.nist.gov/vuln/detail/CVE-2023-29354

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202309-17

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2023 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Top Authors In Last 30 Days

Red Hat 236 files
Ubuntu 90 files
Gentoo 31 files
Debian 23 files
tmrswrr 10 files
Sina Kheirkhah 7 files
Amit Roy 4 files
bRpsd 4 files
Rodolfo Tavares 4 files
nu11secur1ty 3 files

File Archives

Systems

AIX (429)
Apple (2,090)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,077)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,531)
HPUX (880)
iOS (376)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,339)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,263)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,651)
UNIX (9,425)
UnixWare (187)
Windows (6,666)
Other

Gentoo Linux Security Advisory 202309-17

Gentoo Linux Security Advisory 202309-17

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Gentoo Linux Security Advisory 202309-17

Share This

Gentoo Linux Security Advisory 202309-17

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems