Details of VAR-202011-0444

ID

VAR-202011-0444

CVE

CVE-2020-15969

TITLE

Red Hat Security Advisory 2020-4317-01

Trust: 0.1

sources: PACKETSTORM: 159686

DESCRIPTION

Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Google Chrome is a web browser developed by Google (Google). Chrome has security holes. 8.0) - aarch64, ppc64le, s390x, x86_64 3. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202101-30 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Qt WebEngine: Multiple vulnerabilities Date: January 26, 2021 Bugs: #734600, #754852 ID: 202101-30 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been found in Qt WebEngine, the worst of which could result in the arbitrary execution of code. Background ========= Library for rendering dynamic web content in Qt5 C++ and QML applications. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-qt/qtwebengine < 5.15.2 >= 5.15.2 Description ========== Multiple vulnerabilities have been discovered in Qt WebEngine. Please review the CVE identifiers referenced below for details. Impact ===== Please review the referenced CVE identifiers for details. Workaround ========= There is no known workaround at this time. Resolution ========= All Qt WebEngine users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">\xdev-qt/qtwebengine-5.15.2" References ========= [ 1 ] CVE-2020-15959 https://nvd.nist.gov/vuln/detail/CVE-2020-15959 [ 2 ] CVE-2020-15959 https://nvd.nist.gov/vuln/detail/CVE-2020-15959 [ 3 ] CVE-2020-15960 https://nvd.nist.gov/vuln/detail/CVE-2020-15960 [ 4 ] CVE-2020-15960 https://nvd.nist.gov/vuln/detail/CVE-2020-15960 [ 5 ] CVE-2020-15961 https://nvd.nist.gov/vuln/detail/CVE-2020-15961 [ 6 ] CVE-2020-15961 https://nvd.nist.gov/vuln/detail/CVE-2020-15961 [ 7 ] CVE-2020-15962 https://nvd.nist.gov/vuln/detail/CVE-2020-15962 [ 8 ] CVE-2020-15962 https://nvd.nist.gov/vuln/detail/CVE-2020-15962 [ 9 ] CVE-2020-15963 https://nvd.nist.gov/vuln/detail/CVE-2020-15963 [ 10 ] CVE-2020-15963 https://nvd.nist.gov/vuln/detail/CVE-2020-15963 [ 11 ] CVE-2020-15964 https://nvd.nist.gov/vuln/detail/CVE-2020-15964 [ 12 ] CVE-2020-15964 https://nvd.nist.gov/vuln/detail/CVE-2020-15964 [ 13 ] CVE-2020-15965 https://nvd.nist.gov/vuln/detail/CVE-2020-15965 [ 14 ] CVE-2020-15965 https://nvd.nist.gov/vuln/detail/CVE-2020-15965 [ 15 ] CVE-2020-15966 https://nvd.nist.gov/vuln/detail/CVE-2020-15966 [ 16 ] CVE-2020-15966 https://nvd.nist.gov/vuln/detail/CVE-2020-15966 [ 17 ] CVE-2020-15968 https://nvd.nist.gov/vuln/detail/CVE-2020-15968 [ 18 ] CVE-2020-15968 https://nvd.nist.gov/vuln/detail/CVE-2020-15968 [ 19 ] CVE-2020-15969 https://nvd.nist.gov/vuln/detail/CVE-2020-15969 [ 20 ] CVE-2020-15969 https://nvd.nist.gov/vuln/detail/CVE-2020-15969 [ 21 ] CVE-2020-15972 https://nvd.nist.gov/vuln/detail/CVE-2020-15972 [ 22 ] CVE-2020-15972 https://nvd.nist.gov/vuln/detail/CVE-2020-15972 [ 23 ] CVE-2020-15974 https://nvd.nist.gov/vuln/detail/CVE-2020-15974 [ 24 ] CVE-2020-15974 https://nvd.nist.gov/vuln/detail/CVE-2020-15974 [ 25 ] CVE-2020-15976 https://nvd.nist.gov/vuln/detail/CVE-2020-15976 [ 26 ] CVE-2020-15976 https://nvd.nist.gov/vuln/detail/CVE-2020-15976 [ 27 ] CVE-2020-15977 https://nvd.nist.gov/vuln/detail/CVE-2020-15977 [ 28 ] CVE-2020-15977 https://nvd.nist.gov/vuln/detail/CVE-2020-15977 [ 29 ] CVE-2020-15978 https://nvd.nist.gov/vuln/detail/CVE-2020-15978 [ 30 ] CVE-2020-15978 https://nvd.nist.gov/vuln/detail/CVE-2020-15978 [ 31 ] CVE-2020-15979 https://nvd.nist.gov/vuln/detail/CVE-2020-15979 [ 32 ] CVE-2020-15979 https://nvd.nist.gov/vuln/detail/CVE-2020-15979 [ 33 ] CVE-2020-15985 https://nvd.nist.gov/vuln/detail/CVE-2020-15985 [ 34 ] CVE-2020-15985 https://nvd.nist.gov/vuln/detail/CVE-2020-15985 [ 35 ] CVE-2020-15987 https://nvd.nist.gov/vuln/detail/CVE-2020-15987 [ 36 ] CVE-2020-15987 https://nvd.nist.gov/vuln/detail/CVE-2020-15987 [ 37 ] CVE-2020-15989 https://nvd.nist.gov/vuln/detail/CVE-2020-15989 [ 38 ] CVE-2020-15989 https://nvd.nist.gov/vuln/detail/CVE-2020-15989 [ 39 ] CVE-2020-15992 https://nvd.nist.gov/vuln/detail/CVE-2020-15992 [ 40 ] CVE-2020-15992 https://nvd.nist.gov/vuln/detail/CVE-2020-15992 [ 41 ] CVE-2020-16001 https://nvd.nist.gov/vuln/detail/CVE-2020-16001 [ 42 ] CVE-2020-16001 https://nvd.nist.gov/vuln/detail/CVE-2020-16001 [ 43 ] CVE-2020-16002 https://nvd.nist.gov/vuln/detail/CVE-2020-16002 [ 44 ] CVE-2020-16002 https://nvd.nist.gov/vuln/detail/CVE-2020-16002 [ 45 ] CVE-2020-16003 https://nvd.nist.gov/vuln/detail/CVE-2020-16003 [ 46 ] CVE-2020-16003 https://nvd.nist.gov/vuln/detail/CVE-2020-16003 [ 47 ] CVE-2020-6467 https://nvd.nist.gov/vuln/detail/CVE-2020-6467 [ 48 ] CVE-2020-6467 https://nvd.nist.gov/vuln/detail/CVE-2020-6467 [ 49 ] CVE-2020-6470 https://nvd.nist.gov/vuln/detail/CVE-2020-6470 [ 50 ] CVE-2020-6470 https://nvd.nist.gov/vuln/detail/CVE-2020-6470 [ 51 ] CVE-2020-6471 https://nvd.nist.gov/vuln/detail/CVE-2020-6471 [ 52 ] CVE-2020-6471 https://nvd.nist.gov/vuln/detail/CVE-2020-6471 [ 53 ] CVE-2020-6472 https://nvd.nist.gov/vuln/detail/CVE-2020-6472 [ 54 ] CVE-2020-6473 https://nvd.nist.gov/vuln/detail/CVE-2020-6473 [ 55 ] CVE-2020-6474 https://nvd.nist.gov/vuln/detail/CVE-2020-6474 [ 56 ] CVE-2020-6475 https://nvd.nist.gov/vuln/detail/CVE-2020-6475 [ 57 ] CVE-2020-6476 https://nvd.nist.gov/vuln/detail/CVE-2020-6476 [ 58 ] CVE-2020-6480 https://nvd.nist.gov/vuln/detail/CVE-2020-6480 [ 59 ] CVE-2020-6481 https://nvd.nist.gov/vuln/detail/CVE-2020-6481 [ 60 ] CVE-2020-6482 https://nvd.nist.gov/vuln/detail/CVE-2020-6482 [ 61 ] CVE-2020-6483 https://nvd.nist.gov/vuln/detail/CVE-2020-6483 [ 62 ] CVE-2020-6486 https://nvd.nist.gov/vuln/detail/CVE-2020-6486 [ 63 ] CVE-2020-6487 https://nvd.nist.gov/vuln/detail/CVE-2020-6487 [ 64 ] CVE-2020-6489 https://nvd.nist.gov/vuln/detail/CVE-2020-6489 [ 65 ] CVE-2020-6490 https://nvd.nist.gov/vuln/detail/CVE-2020-6490 [ 66 ] CVE-2020-6506 https://nvd.nist.gov/vuln/detail/CVE-2020-6506 [ 67 ] CVE-2020-6510 https://nvd.nist.gov/vuln/detail/CVE-2020-6510 [ 68 ] CVE-2020-6511 https://nvd.nist.gov/vuln/detail/CVE-2020-6511 [ 69 ] CVE-2020-6512 https://nvd.nist.gov/vuln/detail/CVE-2020-6512 [ 70 ] CVE-2020-6513 https://nvd.nist.gov/vuln/detail/CVE-2020-6513 [ 71 ] CVE-2020-6514 https://nvd.nist.gov/vuln/detail/CVE-2020-6514 [ 72 ] CVE-2020-6518 https://nvd.nist.gov/vuln/detail/CVE-2020-6518 [ 73 ] CVE-2020-6523 https://nvd.nist.gov/vuln/detail/CVE-2020-6523 [ 74 ] CVE-2020-6524 https://nvd.nist.gov/vuln/detail/CVE-2020-6524 [ 75 ] CVE-2020-6526 https://nvd.nist.gov/vuln/detail/CVE-2020-6526 [ 76 ] CVE-2020-6529 https://nvd.nist.gov/vuln/detail/CVE-2020-6529 [ 77 ] CVE-2020-6530 https://nvd.nist.gov/vuln/detail/CVE-2020-6530 [ 78 ] CVE-2020-6531 https://nvd.nist.gov/vuln/detail/CVE-2020-6531 [ 79 ] CVE-2020-6532 https://nvd.nist.gov/vuln/detail/CVE-2020-6532 [ 80 ] CVE-2020-6533 https://nvd.nist.gov/vuln/detail/CVE-2020-6533 [ 81 ] CVE-2020-6534 https://nvd.nist.gov/vuln/detail/CVE-2020-6534 [ 82 ] CVE-2020-6535 https://nvd.nist.gov/vuln/detail/CVE-2020-6535 [ 83 ] CVE-2020-6540 https://nvd.nist.gov/vuln/detail/CVE-2020-6540 [ 84 ] CVE-2020-6541 https://nvd.nist.gov/vuln/detail/CVE-2020-6541 [ 85 ] CVE-2020-6542 https://nvd.nist.gov/vuln/detail/CVE-2020-6542 [ 86 ] CVE-2020-6543 https://nvd.nist.gov/vuln/detail/CVE-2020-6543 [ 87 ] CVE-2020-6544 https://nvd.nist.gov/vuln/detail/CVE-2020-6544 [ 88 ] CVE-2020-6545 https://nvd.nist.gov/vuln/detail/CVE-2020-6545 [ 89 ] CVE-2020-6548 https://nvd.nist.gov/vuln/detail/CVE-2020-6548 [ 90 ] CVE-2020-6549 https://nvd.nist.gov/vuln/detail/CVE-2020-6549 [ 91 ] CVE-2020-6550 https://nvd.nist.gov/vuln/detail/CVE-2020-6550 [ 92 ] CVE-2020-6551 https://nvd.nist.gov/vuln/detail/CVE-2020-6551 [ 93 ] CVE-2020-6555 https://nvd.nist.gov/vuln/detail/CVE-2020-6555 [ 94 ] CVE-2020-6557 https://nvd.nist.gov/vuln/detail/CVE-2020-6557 [ 95 ] CVE-2020-6559 https://nvd.nist.gov/vuln/detail/CVE-2020-6559 [ 96 ] CVE-2020-6561 https://nvd.nist.gov/vuln/detail/CVE-2020-6561 [ 97 ] CVE-2020-6562 https://nvd.nist.gov/vuln/detail/CVE-2020-6562 [ 98 ] CVE-2020-6569 https://nvd.nist.gov/vuln/detail/CVE-2020-6569 [ 99 ] CVE-2020-6570 https://nvd.nist.gov/vuln/detail/CVE-2020-6570 [ 100 ] CVE-2020-6571 https://nvd.nist.gov/vuln/detail/CVE-2020-6571 [ 101 ] CVE-2020-6573 https://nvd.nist.gov/vuln/detail/CVE-2020-6573 [ 102 ] CVE-2020-6575 https://nvd.nist.gov/vuln/detail/CVE-2020-6575 [ 103 ] CVE-2020-6576 https://nvd.nist.gov/vuln/detail/CVE-2020-6576 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202101-30 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ====== Copyright 2021 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . 8) - aarch64, ppc64le, x86_64 3. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Critical: chromium-browser security update Advisory ID: RHSA-2020:4235-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://access.redhat.com/errata/RHSA-2020:4235 Issue date: 2020-10-13 CVE Names: CVE-2020-6557 CVE-2020-15967 CVE-2020-15968 CVE-2020-15969 CVE-2020-15970 CVE-2020-15971 CVE-2020-15972 CVE-2020-15973 CVE-2020-15974 CVE-2020-15975 CVE-2020-15976 CVE-2020-15977 CVE-2020-15978 CVE-2020-15979 CVE-2020-15980 CVE-2020-15981 CVE-2020-15982 CVE-2020-15983 CVE-2020-15984 CVE-2020-15985 CVE-2020-15986 CVE-2020-15987 CVE-2020-15988 CVE-2020-15989 CVE-2020-15990 CVE-2020-15991 CVE-2020-15992 ==================================================================== 1. Summary: An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, i686, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - i686, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, i686, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, i686, x86_64 3. Description: Chromium is an open-source web browser, powered by WebKit (Blink). This update upgrades Chromium to version 86.0.4240.75. Security Fix(es): * chromium-browser: Use after free in payments (CVE-2020-15967) * chromium-browser: Use after free in Blink (CVE-2020-15968) * chromium-browser: Use after free in WebRTC (CVE-2020-15969) * chromium-browser: Use after free in NFC (CVE-2020-15970) * chromium-browser: Use after free in printing (CVE-2020-15971) * chromium-browser: Use after free in audio (CVE-2020-15972) * chromium-browser: Use after free in autofill (CVE-2020-15990) * chromium-browser: Use after free in password manager (CVE-2020-15991) * chromium-browser: Inappropriate implementation in networking (CVE-2020-6557) * chromium-browser: Insufficient policy enforcement in extensions (CVE-2020-15973) * chromium-browser: Integer overflow in Blink (CVE-2020-15974) * chromium-browser: Integer overflow in SwiftShader (CVE-2020-15975) * chromium-browser: Use after free in WebXR (CVE-2020-15976) * chromium-browser: Insufficient data validation in dialogs (CVE-2020-15977) * chromium-browser: Insufficient data validation in navigation (CVE-2020-15978) * chromium-browser: Inappropriate implementation in V8 (CVE-2020-15979) * chromium-browser: Insufficient policy enforcement in Intents (CVE-2020-15980) * chromium-browser: Out of bounds read in audio (CVE-2020-15981) * chromium-browser: Side-channel information leakage in cache (CVE-2020-15982) * chromium-browser: Insufficient data validation in webUI (CVE-2020-15983) * chromium-browser: Insufficient policy enforcement in Omnibox (CVE-2020-15984) * chromium-browser: Inappropriate implementation in Blink (CVE-2020-15985) * chromium-browser: Integer overflow in media (CVE-2020-15986) * chromium-browser: Use after free in WebRTC (CVE-2020-15987) * chromium-browser: Insufficient policy enforcement in networking (CVE-2020-15992) * chromium-browser: Insufficient policy enforcement in downloads (CVE-2020-15988) * chromium-browser: Uninitialized use in PDFium (CVE-2020-15989) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the update, Chromium must be restarted for the changes to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1885883 - CVE-2020-15967 chromium-browser: Use after free in payments 1885884 - CVE-2020-15968 chromium-browser: Use after free in Blink 1885885 - CVE-2020-15969 chromium-browser: Use after free in WebRTC 1885886 - CVE-2020-15970 chromium-browser: Use after free in NFC 1885887 - CVE-2020-15971 chromium-browser: Use after free in printing 1885888 - CVE-2020-15972 chromium-browser: Use after free in audio 1885889 - CVE-2020-15990 chromium-browser: Use after free in autofill 1885890 - CVE-2020-15991 chromium-browser: Use after free in password manager 1885891 - CVE-2020-15973 chromium-browser: Insufficient policy enforcement in extensions 1885892 - CVE-2020-15974 chromium-browser: Integer overflow in Blink 1885893 - CVE-2020-15975 chromium-browser: Integer overflow in SwiftShader 1885894 - CVE-2020-15976 chromium-browser: Use after free in WebXR 1885896 - CVE-2020-6557 chromium-browser: Inappropriate implementation in networking 1885897 - CVE-2020-15977 chromium-browser: Insufficient data validation in dialogs 1885899 - CVE-2020-15978 chromium-browser: Insufficient data validation in navigation 1885901 - CVE-2020-15979 chromium-browser: Inappropriate implementation in V8 1885902 - CVE-2020-15980 chromium-browser: Insufficient policy enforcement in Intents 1885903 - CVE-2020-15981 chromium-browser: Out of bounds read in audio 1885904 - CVE-2020-15982 chromium-browser: Side-channel information leakage in cache 1885905 - CVE-2020-15983 chromium-browser: Insufficient data validation in webUI 1885906 - CVE-2020-15984 chromium-browser: Insufficient policy enforcement in Omnibox 1885907 - CVE-2020-15985 chromium-browser: Inappropriate implementation in Blink 1885908 - CVE-2020-15986 chromium-browser: Integer overflow in media 1885909 - CVE-2020-15987 chromium-browser: Use after free in WebRTC 1885910 - CVE-2020-15992 chromium-browser: Insufficient policy enforcement in networking 1885911 - CVE-2020-15988 chromium-browser: Insufficient policy enforcement in downloads 1885912 - CVE-2020-15989 chromium-browser: Uninitialized use in PDFium 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: chromium-browser-86.0.4240.75-1.el6_10.i686.rpm chromium-browser-debuginfo-86.0.4240.75-1.el6_10.i686.rpm i686: chromium-browser-86.0.4240.75-1.el6_10.i686.rpm chromium-browser-debuginfo-86.0.4240.75-1.el6_10.i686.rpm x86_64: chromium-browser-86.0.4240.75-1.el6_10.x86_64.rpm chromium-browser-debuginfo-86.0.4240.75-1.el6_10.x86_64.rpm Red Hat Enterprise Linux HPC Node Supplementary (v. 6): i686: chromium-browser-86.0.4240.75-1.el6_10.i686.rpm chromium-browser-debuginfo-86.0.4240.75-1.el6_10.i686.rpm x86_64: chromium-browser-86.0.4240.75-1.el6_10.x86_64.rpm chromium-browser-debuginfo-86.0.4240.75-1.el6_10.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: chromium-browser-86.0.4240.75-1.el6_10.i686.rpm chromium-browser-debuginfo-86.0.4240.75-1.el6_10.i686.rpm i686: chromium-browser-86.0.4240.75-1.el6_10.i686.rpm chromium-browser-debuginfo-86.0.4240.75-1.el6_10.i686.rpm x86_64: chromium-browser-86.0.4240.75-1.el6_10.x86_64.rpm chromium-browser-debuginfo-86.0.4240.75-1.el6_10.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: chromium-browser-86.0.4240.75-1.el6_10.i686.rpm chromium-browser-debuginfo-86.0.4240.75-1.el6_10.i686.rpm i686: chromium-browser-86.0.4240.75-1.el6_10.i686.rpm chromium-browser-debuginfo-86.0.4240.75-1.el6_10.i686.rpm x86_64: chromium-browser-86.0.4240.75-1.el6_10.x86_64.rpm chromium-browser-debuginfo-86.0.4240.75-1.el6_10.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-6557 https://access.redhat.com/security/cve/CVE-2020-15967 https://access.redhat.com/security/cve/CVE-2020-15968 https://access.redhat.com/security/cve/CVE-2020-15969 https://access.redhat.com/security/cve/CVE-2020-15970 https://access.redhat.com/security/cve/CVE-2020-15971 https://access.redhat.com/security/cve/CVE-2020-15972 https://access.redhat.com/security/cve/CVE-2020-15973 https://access.redhat.com/security/cve/CVE-2020-15974 https://access.redhat.com/security/cve/CVE-2020-15975 https://access.redhat.com/security/cve/CVE-2020-15976 https://access.redhat.com/security/cve/CVE-2020-15977 https://access.redhat.com/security/cve/CVE-2020-15978 https://access.redhat.com/security/cve/CVE-2020-15979 https://access.redhat.com/security/cve/CVE-2020-15980 https://access.redhat.com/security/cve/CVE-2020-15981 https://access.redhat.com/security/cve/CVE-2020-15982 https://access.redhat.com/security/cve/CVE-2020-15983 https://access.redhat.com/security/cve/CVE-2020-15984 https://access.redhat.com/security/cve/CVE-2020-15985 https://access.redhat.com/security/cve/CVE-2020-15986 https://access.redhat.com/security/cve/CVE-2020-15987 https://access.redhat.com/security/cve/CVE-2020-15988 https://access.redhat.com/security/cve/CVE-2020-15989 https://access.redhat.com/security/cve/CVE-2020-15990 https://access.redhat.com/security/cve/CVE-2020-15991 https://access.redhat.com/security/cve/CVE-2020-15992 https://access.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBX4VjutzjgjWX9erEAQiBog/8D4EAnQmD6yqmkt9gVgCzoz1v/uOgnTHv lghXbEidNiTmb8DlvwZKbqA/2wz/kz+vW5v0bXZNjngYnbZsev252qT9L2LQ99UA +uirPF/zddn+T0tZ5PQHWBYpWgjF8XRQu7lJo7QHbB7GEMXJJ4SBN3erYqOjKKUo 3DakSX4DH1VIrSY+6kJ6fx26IwD7tWSBlsRklatxX1NkhrBg0Ha7lWjHhRV6WLjz CZFxwFNJJ6bGsf8eIaaps8Ab21m87BbwOyGt2aaFT9sC5noR4mTTjBGB4lmbslB3 Vcl7PSxqs/AzDK6fAqLOJ7nqZJpiQq9ii5Z3oBbiG3J8BO6sgY7cG+D2bVWD+3eV 9L13REiW/iPXqGbpgPre8WhAwg3wdNYDiaYO6pIC7N1a/btxIdq5Gjb31dWiFdyq XOtdEO9CieZGYNEoKf+wfe03SXCEvJz0EZZVwcFhqd8cF8xhUa2MNjpKDHryUjXg 8rJGA+5uS/UJHwToK++Q4+0Ze/jIxSuKRA7h9UhdACksgeMmFUdyfuLVfx1RdgEX TRtO8kHaGBHz60SY4Kd6xkZks1+FqotFF2zvs4gq8XvPFbHvPgt36qbtxOHYj1BF pl+WqaRsDOp6VmbMLAEJwZnRsR0dNN62MCgxB5sNRb5l7sSYOqYClV2zR47cEgFJ ObQiF6iTAHk=AItV -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2020-12-14-5 watchOS 7.2 watchOS 7.2 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT212009. CoreAudio Available for: Apple Watch Series 3 and later Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2020-27948: JunDong Xie of Ant Security Light-Year Lab FontParser Available for: Apple Watch Series 3 and later Impact: Processing a maliciously crafted font may result in the disclosure of process memory Description: An information disclosure issue was addressed with improved state management. CVE-2020-27946: Mateusz Jurczyk of Google Project Zero FontParser Available for: Apple Watch Series 3 and later Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A memory corruption issue existed in the processing of font files. This issue was addressed with improved input validation. CVE-2020-27943: Mateusz Jurczyk of Google Project Zero CVE-2020-27944: Mateusz Jurczyk of Google Project Zero ImageIO Available for: Apple Watch Series 3 and later Impact: Processing a maliciously crafted image may lead to heap corruption Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-29617: XingWei Lin of Ant Security Light-Year Lab CVE-2020-29619: XingWei Lin of Ant Security Light-Year Lab ImageIO Available for: Apple Watch Series 3 and later Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-29618: XingWei Lin of Ant Security Light-Year Lab ImageIO Available for: Apple Watch Series 3 and later Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2020-29611: Ivan Fratric of Google Project Zero Security Available for: Apple Watch Series 3 and later Impact: Unauthorized code execution may lead to an authentication policy violation Description: This issue was addressed with improved checks. CVE-2020-27951: Apple WebRTC Available for: Apple Watch Series 3 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2020-15969: an anonymous researcher Installation note: Instructions on how to update your Apple Watch software are available at https://support.apple.com/kb/HT204641 To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About". Alternatively, on your watch, select "My Watch > General > About". 8.1) - ppc64le, x86_64 3. 7) - x86_64 3. Description: Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4 (CVE-2020-15683) * chromium-browser: Use after free in WebRTC (CVE-2020-15969) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/): 1885885 - CVE-2020-15969 chromium-browser: Use after free in WebRTC 1889932 - CVE-2020-15683 Mozilla: Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4 6

Trust: 1.89

sources: NVD: CVE-2020-15969 // VULHUB: VHN-169000 // PACKETSTORM: 159686 // PACKETSTORM: 159679 // PACKETSTORM: 160542 // PACKETSTORM: 161131 // PACKETSTORM: 159888 // PACKETSTORM: 159536 // PACKETSTORM: 160540 // PACKETSTORM: 160543 // PACKETSTORM: 159909 // PACKETSTORM: 159893

AFFECTED PRODUCTS

vendor:	fedoraproject	model:	fedora	scope:	eq	version:	33	Trust: 1.0
vendor:	apple	model:	watchos	scope:	lt	version:	7.2	Trust: 1.0
vendor:	opensuse	model:	backports sle	scope:	eq	version:	15.0	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	31	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	10.0	Trust: 1.0
vendor:	apple	model:	macos	scope:	lt	version:	11.1	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	32	Trust: 1.0
vendor:	apple	model:	tvos	scope:	lt	version:	14.3	Trust: 1.0
vendor:	apple	model:	ipados	scope:	lt	version:	14.3	Trust: 1.0
vendor:	google	model:	chrome	scope:	lt	version:	86.0.4240.75	Trust: 1.0
vendor:	apple	model:	safari	scope:	lt	version:	14.0.2	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	lt	version:	14.3	Trust: 1.0

sources: NVD: CVE-2020-15969

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-15969
value:	HIGH
Trust: 1.0
VULHUB:	VHN-169000
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-15969
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-169000
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-15969
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-169000 // NVD: CVE-2020-15969

PROBLEMTYPE DATA

problemtype:	CWE-416	Trust: 1.1
problemtype:	CWE-787	Trust: 1.1

sources: VULHUB: VHN-169000 // NVD: CVE-2020-15969

TYPE

code execution

Trust: 0.3

sources: PACKETSTORM: 160542 // PACKETSTORM: 160540 // PACKETSTORM: 160543

EXTERNAL IDS

db:	NVD	id:	CVE-2020-15969	Trust: 2.1
db:	PACKETSTORM	id:	159893	Trust: 0.2
db:	PACKETSTORM	id:	159909	Trust: 0.2
db:	PACKETSTORM	id:	160543	Trust: 0.2
db:	PACKETSTORM	id:	161131	Trust: 0.2
db:	PACKETSTORM	id:	159679	Trust: 0.2
db:	PACKETSTORM	id:	159536	Trust: 0.2
db:	PACKETSTORM	id:	160542	Trust: 0.2
db:	PACKETSTORM	id:	160540	Trust: 0.2
db:	PACKETSTORM	id:	159888	Trust: 0.2
db:	PACKETSTORM	id:	159686	Trust: 0.2
db:	PACKETSTORM	id:	159683	Trust: 0.1
db:	PACKETSTORM	id:	160538	Trust: 0.1
db:	PACKETSTORM	id:	159910	Trust: 0.1
db:	PACKETSTORM	id:	159695	Trust: 0.1
db:	PACKETSTORM	id:	159906	Trust: 0.1
db:	PACKETSTORM	id:	160536	Trust: 0.1
db:	PACKETSTORM	id:	159587	Trust: 0.1
db:	PACKETSTORM	id:	159907	Trust: 0.1
db:	PACKETSTORM	id:	159746	Trust: 0.1
db:	PACKETSTORM	id:	159682	Trust: 0.1
db:	VULHUB	id:	VHN-169000	Trust: 0.1

sources: VULHUB: VHN-169000 // PACKETSTORM: 159686 // PACKETSTORM: 159679 // PACKETSTORM: 160542 // PACKETSTORM: 161131 // PACKETSTORM: 159888 // PACKETSTORM: 159536 // PACKETSTORM: 160540 // PACKETSTORM: 160543 // PACKETSTORM: 159909 // PACKETSTORM: 159893 // NVD: CVE-2020-15969

REFERENCES

url:	https://security.gentoo.org/glsa/202101-30	Trust: 1.2
url:	https://support.apple.com/kb/ht212003	Trust: 1.1
url:	https://support.apple.com/kb/ht212005	Trust: 1.1
url:	https://support.apple.com/kb/ht212007	Trust: 1.1
url:	https://support.apple.com/kb/ht212009	Trust: 1.1
url:	https://support.apple.com/kb/ht212011	Trust: 1.1
url:	https://www.debian.org/security/2021/dsa-4824	Trust: 1.1
url:	http://seclists.org/fulldisclosure/2020/dec/24	Trust: 1.1
url:	http://seclists.org/fulldisclosure/2020/dec/26	Trust: 1.1
url:	http://seclists.org/fulldisclosure/2020/dec/27	Trust: 1.1
url:	http://seclists.org/fulldisclosure/2020/dec/29	Trust: 1.1
url:	http://seclists.org/fulldisclosure/2020/dec/30	Trust: 1.1
url:	https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop.html	Trust: 1.1
url:	https://crbug.com/1124659	Trust: 1.1
url:	http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00016.html	Trust: 1.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-15969	Trust: 1.0
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4gwcwnhttyoh6hsfuxpgpbb6j6jyzhze/	Trust: 1.0
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/24qfl4c3azkmfvl7lvsymu2dne5vvugs/	Trust: 1.0
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/sc3u3h6aisvzb5plzllnf4hmq4uffl7m/	Trust: 1.0
url:	https://www.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.6
url:	https://access.redhat.com/security/cve/cve-2020-15969	Trust: 0.6
url:	https://bugzilla.redhat.com/):	Trust: 0.6
url:	https://access.redhat.com/security/team/key/	Trust: 0.6
url:	https://access.redhat.com/articles/11258	Trust: 0.6
url:	https://access.redhat.com/security/team/contact/	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2020-15683	Trust: 0.5
url:	https://access.redhat.com/security/cve/cve-2020-15683	Trust: 0.5
url:	https://access.redhat.com/security/updates/classification/#important	Trust: 0.5
url:	https://www.apple.com/support/security/pgp/	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2020-27948	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-27943	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-27946	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-29618	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-29617	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-29611	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-29619	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-27944	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-15972	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-15977	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-15978	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-15992	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-15968	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-15979	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-15989	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-15987	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-15974	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-15976	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-15985	Trust: 0.2
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4gwcwnhttyoh6hsfuxpgpbb6j6jyzhze/	Trust: 0.1
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/sc3u3h6aisvzb5plzllnf4hmq4uffl7m/	Trust: 0.1
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/24qfl4c3azkmfvl7lvsymu2dne5vvugs/	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:4317	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:4311	Trust: 0.1
url:	https://support.apple.com/ht212005.	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6472	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-15966	Trust: 0.1
url:	https://security.gentoo.org/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6506	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6467	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6534	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6545	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6571	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6514	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6482	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6532	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6475	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6540	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6470	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6511	Trust: 0.1
url:	https://creativecommons.org/licenses/by-sa/2.5	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6559	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6471	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6576	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-15961	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-16002	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6573	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6549	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-15965	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6487	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6569	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6510	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-15963	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6551	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6486	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-16001	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6483	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6490	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-15960	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-16003	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6531	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6476	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6480	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6524	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6548	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6555	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6535	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6550	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6562	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6543	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6474	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6533	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6523	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6575	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6542	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-15964	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6489	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6526	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6518	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6512	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6481	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6557	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6513	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6544	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6530	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6473	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-15962	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6561	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-15959	Trust: 0.1
url:	https://bugs.gentoo.org.	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6570	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6529	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6541	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:4913	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:4235	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-15990	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-15974	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-15971	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-15968	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-15984	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-15986	Trust: 0.1
url:	https://access.redhat.com/security/updates/classification/#critical	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-15972	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-15973	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-15987	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-15988	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-15978	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-15989	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-15983	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-15991	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-15971	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-15970	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-6557	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-15973	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-15975	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-15977	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-15981	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-15988	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-15985	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-15984	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-15992	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-15970	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-15980	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-15975	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-15980	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-15982	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-15967	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-15982	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-15967	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-15981	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-15983	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-15976	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-15991	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-15990	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-15979	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-15986	Trust: 0.1
url:	https://support.apple.com/ht212009.	Trust: 0.1
url:	https://support.apple.com/kb/ht204641	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-27951	Trust: 0.1
url:	https://support.apple.com/ht212007.	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:4945	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:4909	Trust: 0.1

CREDITS

Red Hat

Trust: 0.6

sources: PACKETSTORM: 159686 // PACKETSTORM: 159679 // PACKETSTORM: 159888 // PACKETSTORM: 159536 // PACKETSTORM: 159909 // PACKETSTORM: 159893

SOURCES

db:	VULHUB	id:	VHN-169000
db:	PACKETSTORM	id:	159686
db:	PACKETSTORM	id:	159679
db:	PACKETSTORM	id:	160542
db:	PACKETSTORM	id:	161131
db:	PACKETSTORM	id:	159888
db:	PACKETSTORM	id:	159536
db:	PACKETSTORM	id:	160540
db:	PACKETSTORM	id:	160543
db:	PACKETSTORM	id:	159909
db:	PACKETSTORM	id:	159893
db:	NVD	id:	CVE-2020-15969

LAST UPDATE DATE

2025-10-07T20:41:24.856000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-169000	date:	2021-07-21T00:00:00
db:	NVD	id:	CVE-2020-15969	date:	2024-11-21T05:06:34.250

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-169000	date:	2020-11-03T00:00:00
db:	PACKETSTORM	id:	159686	date:	2020-10-22T23:56:11
db:	PACKETSTORM	id:	159679	date:	2020-10-22T17:19:42
db:	PACKETSTORM	id:	160542	date:	2020-12-16T18:02:43
db:	PACKETSTORM	id:	161131	date:	2021-01-26T14:27:32
db:	PACKETSTORM	id:	159888	date:	2020-11-04T15:34:38
db:	PACKETSTORM	id:	159536	date:	2020-10-13T20:24:04
db:	PACKETSTORM	id:	160540	date:	2020-12-16T18:00:54
db:	PACKETSTORM	id:	160543	date:	2020-12-16T18:03:10
db:	PACKETSTORM	id:	159909	date:	2020-11-05T17:01:15
db:	PACKETSTORM	id:	159893	date:	2020-11-04T15:35:33
db:	NVD	id:	CVE-2020-15969	date:	2020-11-03T03:15:12.790