1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 4395-1] chromium security update (1/2)

    From Michael Gilbert@1:229/2 to All on Tue Feb 19 04:00:01 2019
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-4395-1 [email protected] https://www.debian.org/security/ Michael Gilbert February 18, 2019 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : chromium
    CVE ID : CVE-2018-17481 CVE-2019-5754 CVE-2019-5755 CVE-2019-5756
    CVE-2019-5757 CVE-2019-5758 CVE-2019-5759 CVE-2019-5760
    CVE-2019-5762 CVE-2019-5763 CVE-2019-5764 CVE-2019-5765
    CVE-2019-5766 CVE-2019-5767 CVE-2019-5768 CVE-2019-5769
    CVE-2019-5770 CVE-2019-5772 CVE-2019-5773 CVE-2019-5774
    CVE-2019-5775 CVE-2019-5776 CVE-2019-5777 CVE-2019-5778
    CVE-2019-5779 CVE-2019-5780 CVE-2019-5781 CVE-2019-5782
    CVE-2019-5783 CVE-2019-5784

    Several vulnerabilities have been discovered in the chromium web browser.

    CVE-2018-17481

    A use-after-free issue was discovered in the pdfium library.

    CVE-2019-5754

    Klzgrad discovered an error in the QUIC networking implementation.

    CVE-2019-5755

    Jay Bosamiya discovered an implementation error in the v8 javascript
    library.

    CVE-2019-5756

    A use-after-free issue was discovered in the pdfium library.

    CVE-2019-5757

    Alexandru Pitis discovered a type confusion error in the SVG image
    format implementation.

    CVE-2019-5758

    Zhe Jin discovered a use-after-free issue in blink/webkit.

    CVE-2019-5759

    Almog Benin discovered a use-after-free issue when handling HTML pages
    containing select elements.

    CVE-2019-5760

    Zhe Jin discovered a use-after-free issue in the WebRTC implementation.

    CVE-2019-5762

    A use-after-free issue was discovered in the pdfium library.

    CVE-2019-5763

    Guang Gon discovered an input validation error in the v8 javascript
    library.

    CVE-2019-5764

    Eyal Itkin discovered a use-after-free issue in the WebRTC implementation.

    CVE-2019-5765

    Sergey Toshin discovered a policy enforcement error.

    CVE-2019-5766

    David Erceg discovered a policy enforcement error.

    CVE-2019-5767

    Haoran Lu, Yifan Zhang, Luyi Xing, and Xiaojing Liao reported an error
    in the WebAPKs user interface.

    CVE-2019-5768

    Rob Wu discovered a policy enforcement error in the developer tools.

    CVE-2019-5769

    Guy Eshel discovered an input validation error in blink/webkit.

    CVE-2019-5770

    hemidallt discovered a buffer overflow issue in the WebGL implementation.

    CVE-2019-5772

    Zhen Zhou discovered a use-after-free issue in the pdfium library.

    CVE-2019-5773

    Yongke Wong discovered an input validation error in the IndexDB
    implementation.

    CVE-2019-5774

    Jnghwan Kang and Juno Im discovered an input validation error in the
    SafeBrowsing implementation.

    CVE-2019-5775

    evil1m0 discovered a policy enforcement error.

    CVE-2019-5776

    Lnyas Zhang discovered a policy enforcement error.

    CVE-2019-5777

    Khalil Zhani discovered a policy enforcement error.

    CVE-2019-5778

    David Erceg discovered a policy enforcement error in the Extensions
    implementation.

    CVE-2019-5779

    David Erceg discovered a policy enforcement error in the ServiceWorker
    implementation.

    CVE-2019-5780

    Andreas Hegenberg discovered a policy enforcement error.

    CVE-2019-5781

    evil1m0 discovered a policy enforcement error.

    CVE-2019-5782

    Qixun Zhao discovered an implementation error in the v8 javascript library.

    CVE-2019-5783

    Shintaro Kobori discovered an input validation error in the developer
    tools.

    CVE-2019-5784

    Lucas Pinheiro discovered an implementation error in the v8 javascript
    library.

    For the stable distribution (stretch), these problems have been fixed in version 72.0.3626.96-1~deb9u1.

    We recommend that you upgrade your chromium packages.

    For the detailed security status of chromium please refer to
    its security tracker page at: https://security-tracker.debian.org/tracker/chromium

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----

    iQQzBAEBCgAdFiEEluhy7ASCBulP9FUWuNayzQLW9HMFAlxrbrQACgkQuNayzQLW 9HNIgSAAsHumjm9w9vEeKVTHul1sou7vCptw36hqj5ueIxnGRPJNdFEAttzXqbyo 2qaNYcJ1iBt362k12iqECOq8pF9JA61WK26OL+kb6vWohT6X1uyK8aJ5EN8cGElB

    [continued in next message]

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)