Bug 1913503 (CVE-2020-16044)
| Summary: | CVE-2020-16044 Mozilla: Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Doran Moppert <dmoppert> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | urgent | Docs Contact: | |
| Priority: | urgent | ||
| Version: | unspecified | CC: | cschalle, erack, gecko-bugs-nobody, jhorak, spotrh, stransky, tpopela, yaneti |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | firefox 84.0.2, firefox 78.6.1, thunderbird 78.6.1, chromium-browser 88.0.4324.96 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2021-01-11 12:27:55 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1913504, 1913505, 1913506, 1913507, 1913508, 1915088, 1915089, 1915090, 1915091, 1915092, 1918277, 1918278 | ||
| Bug Blocks: | 1913502 | ||
|
Description
Doran Moppert
2021-01-06 23:54:39 UTC
Acknowledgments: Name: the Mozilla project Upstream: Ned Williamson This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:0052 https://access.redhat.com/errata/RHSA-2021:0052 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Extended Update Support Via RHSA-2021:0054 https://access.redhat.com/errata/RHSA-2021:0054 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2021:0055 https://access.redhat.com/errata/RHSA-2021:0055 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2021:0053 https://access.redhat.com/errata/RHSA-2021:0053 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-16044 Statement: Regarding Thunderbird: in general this flaw cannot be exploited through email in Thunderbird because scripting is disabled when reading mail, but it is potentially a risk in browser or browser-like contexts. This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:0089 https://access.redhat.com/errata/RHSA-2021:0089 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2021:0088 https://access.redhat.com/errata/RHSA-2021:0088 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2021:0087 https://access.redhat.com/errata/RHSA-2021:0087 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Extended Update Support Via RHSA-2021:0160 https://access.redhat.com/errata/RHSA-2021:0160 Chromium reference for this CVE: https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html Chromium upstream bug: https://bugs.chromium.org/p/chromium/issues/detail?id=1163228 |