Debian: DSA-4500-1: chromium security update

    Date 12 Aug 2019
    5351
    Posted By LinuxSecurity Advisories
    Several vulnerabilities have been discovered in the chromium web browser. CVE-2019-5805
    
    - -------------------------------------------------------------------------
    Debian Security Advisory DSA-4500-1                   This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.debian.org/security/                          Michael Gilbert
    August 12, 2019                       https://www.debian.org/security/faq
    - -------------------------------------------------------------------------
    
    Package        : chromium
    CVE ID         : CVE-2019-5805 CVE-2019-5806 CVE-2019-5807 CVE-2019-5808
                     CVE-2019-5809 CVE-2019-5810 CVE-2019-5811 CVE-2019-5813
                     CVE-2019-5814 CVE-2019-5815 CVE-2019-5818 CVE-2019-5819
                     CVE-2019-5820 CVE-2019-5821 CVE-2019-5822 CVE-2019-5823
                     CVE-2019-5824 CVE-2019-5825 CVE-2019-5826 CVE-2019-5827
                     CVE-2019-5828 CVE-2019-5829 CVE-2019-5830 CVE-2019-5831
                     CVE-2019-5832 CVE-2019-5833 CVE-2019-5834 CVE-2019-5836
                     CVE-2019-5837 CVE-2019-5838 CVE-2019-5839 CVE-2019-5840
                     CVE-2019-5842 CVE-2019-5847 CVE-2019-5848 CVE-2019-5849
                     CVE-2019-5850 CVE-2019-5851 CVE-2019-5852 CVE-2019-5853
                     CVE-2019-5854 CVE-2019-5855 CVE-2019-5856 CVE-2019-5857
                     CVE-2019-5858 CVE-2019-5859 CVE-2019-5860 CVE-2019-5861
                     CVE-2019-5862 CVE-2019-5864 CVE-2019-5865 CVE-2019-5867
                     CVE-2019-5868
    
    Several vulnerabilities have been discovered in the chromium web browser.
    
    CVE-2019-5805
    
        A use-after-free issue was discovered in the pdfium library.
    
    CVE-2019-5806
    
        Wen Xu discovered an integer overflow issue in the Angle library.
    
    CVE-2019-5807
    
        TimGMichaud discovered a memory corruption issue in the v8 javascript
        library.
    
    CVE-2019-5808
    
        cloudfuzzer discovered a use-after-free issue in Blink/Webkit.
    
    CVE-2019-5809
    
        Mark Brand discovered a use-after-free issue in Blink/Webkit.
    
    CVE-2019-5810
    
        Mark Amery discovered an information disclosure issue.
    
    CVE-2019-5811
    
        Jun Kokatsu discovered a way to bypass the Cross-Origin Resource Sharing
        feature.
    
    CVE-2019-5813
    
        Aleksandar Nikolic discovered an out-of-bounds read issue in the v8
        javascript library.
    
    CVE-2019-5814
    
        @AaylaSecura1138 discovered a way to bypass the Cross-Origin Resource
        Sharing feature.
    
    CVE-2019-5815
    
        Nicolas Grégoire discovered a buffer overflow issue in Blink/Webkit.
    
    CVE-2019-5818
    
        Adrian Tolbaru discovered an uninitialized value issue.
    
    CVE-2019-5819
    
        Svyat Mitin discovered an error in the developer tools.
    
    CVE-2019-5820
    
        pdknsk discovered an integer overflow issue in the pdfium library.
    
    CVE-2019-5821
    
        pdknsk discovered another integer overflow issue in the pdfium library.
    
    CVE-2019-5822
    
        Jun Kokatsu discovered a way to bypass the Cross-Origin Resource Sharing
        feature.
    
    CVE-2019-5823
    
        David Erceg discovered a navigation error.
    
    CVE-2019-5824
    
        leecraso and Guang Gong discovered an error in the media player.
    
    CVE-2019-5825
    
        Genming Liu, Jianyu Chen, Zhen Feng, and Jessica Liu discovered an
        out-of-bounds write issue in the v8 javascript library.
    
    CVE-2019-5826
    
        Genming Liu, Jianyu Chen, Zhen Feng, and Jessica Liu discovered a
        use-after-free issue.
    
    CVE-2019-5827
    
        mlfbrown discovered an out-of-bounds read issue in the sqlite library.
    
    CVE-2019-5828
    
        leecraso and Guang Gong discovered a use-after-free issue.
    
    CVE-2019-5829
    
        Lucas Pinheiro discovered a use-after-free issue.
    
    CVE-2019-5830
    
        Andrew Krashichkov discovered a credential error in the Cross-Origin
        Resource Sharing feature.
    
    CVE-2019-5831
    
        yngwei discovered a map error in the v8 javascript library.
    
    CVE-2019-5832
    
        Sergey Shekyan discovered an error in the Cross-Origin Resource Sharing
        feature.
    
    CVE-2019-5833
    
        Khalil Zhani discovered a user interface error.
    
    CVE-2019-5834
    
        Khalil Zhani discovered a URL spoofing issue.
    
    CVE-2019-5836
    
        Omair discovered a buffer overflow issue in the Angle library.
    
    CVE-2019-5837
    
        Adam Iawniuk discovered an information disclosure issue.
    
    CVE-2019-5838
    
        David Erceg discovered an error in extension permissions.
    
    CVE-2019-5839
    
        Masato Kinugawa discovered implementation errors in Blink/Webkit.
    
    CVE-2019-5840
    
        Eliya Stein and Jerome Dangu discovered a way to bypass the popup blocker.
    
    CVE-2019-5842
    
        BUGFENSE discovered a use-after-free issue in Blink/Webkit.
    
    CVE-2019-5847
    
        m3plex discovered an error in the v8 javascript library.
    
    CVE-2019-5848
    
        Mark Amery discovered an information disclosure issue.
    
    CVE-2019-5849
    
        Zhen Zhou discovered an out-of-bounds read in the Skia library.
    
    CVE-2019-5850
    
        Brendon Tiszka discovered a use-after-free issue in the offline page
        fetcher.
    
    CVE-2019-5851
    
        Zhe Jin discovered a use-after-poison issue.
    
    CVE-2019-5852
    
        David Erceg discovered an information disclosure issue.
    
    CVE-2019-5853
    
        Yngwei and sakura discovered a memory corruption issue.
    
    CVE-2019-5854
    
        Zhen Zhou discovered an integer overflow issue in the pdfium library.
    
    CVE-2019-5855
    
        Zhen Zhou discovered an integer overflow issue in the pdfium library.
    
    CVE-2019-5856
    
        Yongke Wang discovered an error related to file system URL permissions.
    
    CVE-2019-5857
    
        cloudfuzzer discovered a way to crash chromium.
    
    CVE-2019-5858
    
        evil1m0 discovered an information disclosure issue.
    
    CVE-2019-5859
    
        James Lee discovered a way to launch alternative browsers.
    
    CVE-2019-5860
    
        A use-after-free issue was discovered in the v8 javascript library.
    
    CVE-2019-5861
    
        Robin Linus discovered an error determining click location.
    
    CVE-2019-5862
    
        Jun Kokatsu discovered an error in the AppCache implementation.
    
    CVE-2019-5864
    
        Devin Grindle discovered an error in the Cross-Origin Resourse Sharing
        feature for extensions.
    
    CVE-2019-5865
    
        Ivan Fratric discovered a way to bypass the site isolation feature.
    
    CVE-2019-5867
    
        Lucas Pinheiro discovered an out-of-bounds read issue in the v8 javascript
        library.
    
    CVE-2019-5868
    
        banananapenguin discovered a use-after-free issue in the v8 javascript
        library.
    
    For the stable distribution (buster), these problems have been fixed in
    version 76.0.3809.100-1~deb10u1.
    
    We recommend that you upgrade your chromium packages.
    
    For the detailed security status of chromium please refer to
    its security tracker page at:
    https://security-tracker.debian.org/tracker/chromium
    
    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/
    
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    

    LinuxSecurity Poll

    If you are using full-disk encryption: are you concerned about the resulting performance hit?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).
    /main-polls/34-if-you-are-using-full-disk-encryption-are-you-concerned-about-the-resulting-performance-hit?task=poll.vote&format=json
    34
    radio
    [{"id":"120","title":"Yes","votes":"13","type":"x","order":"1","pct":61.9,"resources":[]},{"id":"121","title":"No ","votes":"8","type":"x","order":"2","pct":38.1,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
    bottom 200

    Advisories

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.