1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 4421-1] chromium security update

    From Michael Gilbert@1:229/2 to All on Sun Mar 31 21:40:02 2019
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-4421-1 [email protected] https://www.debian.org/security/ Michael Gilbert
    March 31, 2019 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : chromium
    CVE ID : CVE-2019-5787 CVE-2019-5788 CVE-2019-5789 CVE-2019-5790
    CVE-2019-5791 CVE-2019-5792 CVE-2019-5793 CVE-2019-5794
    CVE-2019-5795 CVE-2019-5796 CVE-2019-5797 CVE-2019-5798
    CVE-2019-5799 CVE-2019-5800 CVE-2019-5802 CVE-2019-5803

    Several vulnerabilities have been discovered in the chromium web browser.

    CVE-2019-5787

    Zhe Jin discovered a use-after-free issue.

    CVE-2019-5788

    Mark Brand discovered a use-after-free issue in the in the FileAPI
    implementation.

    CVE-2019-5789

    Mark Brand discovered a use-after-free issue in the in the WebMIDI
    implementation.

    CVE-2019-5790

    Dimitri Fourny discovered a buffer overflow issue in the v8 javascript
    library.

    CVE-2019-5791

    Choongwoo Han discovered a type confusion issue in the v8 javascript
    library.

    CVE-2019-5792

    pdknsk discovered an integer overflow issue in the pdfium library.

    CVE-2019-5793

    Jun Kokatsu discovered a permissions issue in the Extensions
    implementation.

    CVE-2019-5794

    Juno Im of Theori discovered a user interface spoofing issue.

    CVE-2019-5795

    pdknsk discovered an integer overflow issue in the pdfium library.

    CVE-2019-5796

    Mark Brand discovered a race condition in the Extensions implementation.

    CVE-2019-5797

    Mark Brand discovered a race condition in the DOMStorage implementation.

    CVE-2019-5798

    Tran Tien Hung disoceved an out-of-bounds read issue in the skia library.

    CVE-2019-5799

    sohalt discovered a way to bypass the Content Security Policy.

    CVE-2019-5800

    Jun Kokatsu discovered a way to bypass the Content Security Policy.

    CVE-2019-5802

    Ronni Skansing discovered a user interface spoofing issue.

    CVE-2019-5803

    Andrew Comminos discovered a way to bypass the Content Security Policy.

    For the stable distribution (stretch), these problems have been fixed in version 73.0.3683.75-1~deb9u1.

    We recommend that you upgrade your chromium packages.

    For the detailed security status of chromium please refer to
    its security tracker page at: https://security-tracker.debian.org/tracker/chromium

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----

    iQQzBAEBCgAdFiEEluhy7ASCBulP9FUWuNayzQLW9HMFAlyhFtQACgkQuNayzQLW 9HObTx//fcUdPrGy1LSyubHBOocVFnh0BDaljGywbCWCEThuXDoCJM24d41+tscd MH3/Ule85bBm5c7wJiURgWXvNjUUeWvAafnCkXiwGvzpx6/U3DDnp1Af/CTMBT8k 6QTmhuzEqFt5Nf3UCXrfdR8I4ZZiwdE+7znS1P/3IPxjSyT9AOTcbOJzGm94Ig+I t0Lvvcb8dcA0h9ETsvau5lXoLpsLkEzl8rGZlaof1uWZIbyEm+xxC6QcteooTsZd oo30EgYeAlBsndkapzbVhQZD/SgmNvgIspMXrFP6rA5rNuFAJi5W92eApr5EKpLY O5mISCYY5naCUhE/QDWPoaUyFiOV0D5mycIuieYLBFT0LjU41xjSuuh1M3KV49Er fBeENaC1D9pehKQOH5aoa0ug0uzxyjzhOuBFQp/lMsuYlIWzD+HCo7EyPXFK13j+ 2pIoUKqi8/CymSD8qj/LPmcFWKMNuR47CHUb2FVvQeyrAzRKAPJeB616xetYFSEW 23zzLdt09DhGitRhzGpSNj08Ata/uTcHfWgZdYPEeKNituVa0PrFvZ1V3Ki6WeeY ulMoeW/GWTcfhcpauv84BXpy0oPFXCDYxYRgdxBtVtBbc35JZ39aJvmrdOOUIlff mPaadmoe2Jp0GQZY24gmb2AX4y7bRD+gR1jvISsXr0749N+GvRmZBgiP7LfodCp4 chlw4GKtyhE8ZwdihPwt7q/7DNV/vfhiEmysdhkYq6NSicYlVBZ39qjv0e3pBXOm bksuk/yRGvdPxQWdJ2OWuQY9DFxaLJduhNg6JLftMdCYSNtY6J8q/N5qm1oAGEqV Pf3MB72OePHGL6aOyYeOI46q2il881gFp8HDeQYVpVQh14/YFAvXf8l77jb+7701 ZERMSzHkadybixmQW9VK0cEgXV9qrO+VwSQ+wz7c6UClTskPKT/+cVIfr4sfpIBh AQ2u8TAIt2gxFbJv+T8y1gvGQaglR93W+WVYocBnw6MdBV5xdecnrj6KwzeGB7f0 /1T7c1Fv2+xE3OZRiQdXM1CFwh4YtjYsJwB4inYArR8ud9b/RQ2j1AFzX+pqzRjS SIdY/AHcMV1gOvtJ8rUrl2WleIaX+GYblskZLqxx0lwpJ0Q+i9lSeRBD1oeHcHXm cLOrbzKeYeIm7tAWQgV29Rg1Elm4gjQTjFWT49TmZ+FVjTjrupkNsskYfkqe/Xzt geEUj0uAyz3lotRSUL/x5cIsKqAybTREUMjN9NHUuOQTvshUv1ltP92p3QENfhlg OtS+ICE2LzR1DfpgvC40ZbM1Vb+ydy9aOrCG9+O968vBIzHO5J8zgvANnzevy8Ml oVASke41lHKH0wFa2CMi1c/UNAJL0g==
    =DdTh
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)