Debian: DSA-4421-1: chromium security update

    Date31 Mar 2019
    CategoryDebian
    4526
    Posted ByLinuxSecurity Advisories
    Several vulnerabilities have been discovered in the chromium web browser. CVE-2019-5787
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512
    
    - -------------------------------------------------------------------------
    Debian Security Advisory DSA-4421-1                   This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.debian.org/security/                          Michael Gilbert
    March 31, 2019                        https://www.debian.org/security/faq
    - -------------------------------------------------------------------------
    
    Package        : chromium
    CVE ID         : CVE-2019-5787 CVE-2019-5788 CVE-2019-5789 CVE-2019-5790
                     CVE-2019-5791 CVE-2019-5792 CVE-2019-5793 CVE-2019-5794
                     CVE-2019-5795 CVE-2019-5796 CVE-2019-5797 CVE-2019-5798
                     CVE-2019-5799 CVE-2019-5800 CVE-2019-5802 CVE-2019-5803
    
    Several vulnerabilities have been discovered in the chromium web browser.
    
    CVE-2019-5787
    
        Zhe Jin discovered a use-after-free issue.
    
    CVE-2019-5788
    
        Mark Brand discovered a use-after-free issue in the in the FileAPI
        implementation.
    
    CVE-2019-5789
    
        Mark Brand discovered a use-after-free issue in the in the WebMIDI
        implementation.
    
    CVE-2019-5790
    
        Dimitri Fourny discovered a buffer overflow issue in the v8 javascript
        library.
    
    CVE-2019-5791
    
        Choongwoo Han discovered a type confusion issue in the v8 javascript
        library.
    
    CVE-2019-5792
    
        pdknsk discovered an integer overflow issue in the pdfium library.
    
    CVE-2019-5793
    
        Jun Kokatsu discovered a permissions issue in the Extensions
        implementation.
    
    CVE-2019-5794
    
        Juno Im of Theori discovered a user interface spoofing issue.
    
    CVE-2019-5795
    
        pdknsk discovered an integer overflow issue in the pdfium library.
    
    CVE-2019-5796
    
        Mark Brand discovered a race condition in the Extensions implementation.
    
    CVE-2019-5797
    
        Mark Brand discovered a race condition in the DOMStorage implementation.
    
    CVE-2019-5798
    
        Tran Tien Hung disoceved an out-of-bounds read issue in the skia library.
    
    CVE-2019-5799
    
        sohalt discovered a way to bypass the Content Security Policy.
    
    CVE-2019-5800
    
        Jun Kokatsu discovered a way to bypass the Content Security Policy.
    
    CVE-2019-5802
    
        Ronni Skansing discovered a user interface spoofing issue.
    
    CVE-2019-5803
    
        Andrew Comminos discovered a way to bypass the Content Security Policy.
    
    For the stable distribution (stretch), these problems have been fixed in
    version 73.0.3683.75-1~deb9u1.
    
    We recommend that you upgrade your chromium packages.
    
    For the detailed security status of chromium please refer to
    its security tracker page at:
    https://security-tracker.debian.org/tracker/chromium
    
    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/
    
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"25","type":"x","order":"1","pct":54.35,"resources":[]},{"id":"88","title":"Should be more technical","votes":"5","type":"x","order":"2","pct":10.87,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"16","type":"x","order":"3","pct":34.78,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.