Debian: DSA-4500-1: chromium security update

    Date12 Aug 2019
    CategoryDebian
    2536
    Posted ByLinuxSecurity Advisories
    Several vulnerabilities have been discovered in the chromium web browser. CVE-2019-5805
    
    - -------------------------------------------------------------------------
    Debian Security Advisory DSA-4500-1                   This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.debian.org/security/                          Michael Gilbert
    August 12, 2019                       https://www.debian.org/security/faq
    - -------------------------------------------------------------------------
    
    Package        : chromium
    CVE ID         : CVE-2019-5805 CVE-2019-5806 CVE-2019-5807 CVE-2019-5808
                     CVE-2019-5809 CVE-2019-5810 CVE-2019-5811 CVE-2019-5813
                     CVE-2019-5814 CVE-2019-5815 CVE-2019-5818 CVE-2019-5819
                     CVE-2019-5820 CVE-2019-5821 CVE-2019-5822 CVE-2019-5823
                     CVE-2019-5824 CVE-2019-5825 CVE-2019-5826 CVE-2019-5827
                     CVE-2019-5828 CVE-2019-5829 CVE-2019-5830 CVE-2019-5831
                     CVE-2019-5832 CVE-2019-5833 CVE-2019-5834 CVE-2019-5836
                     CVE-2019-5837 CVE-2019-5838 CVE-2019-5839 CVE-2019-5840
                     CVE-2019-5842 CVE-2019-5847 CVE-2019-5848 CVE-2019-5849
                     CVE-2019-5850 CVE-2019-5851 CVE-2019-5852 CVE-2019-5853
                     CVE-2019-5854 CVE-2019-5855 CVE-2019-5856 CVE-2019-5857
                     CVE-2019-5858 CVE-2019-5859 CVE-2019-5860 CVE-2019-5861
                     CVE-2019-5862 CVE-2019-5864 CVE-2019-5865 CVE-2019-5867
                     CVE-2019-5868
    
    Several vulnerabilities have been discovered in the chromium web browser.
    
    CVE-2019-5805
    
        A use-after-free issue was discovered in the pdfium library.
    
    CVE-2019-5806
    
        Wen Xu discovered an integer overflow issue in the Angle library.
    
    CVE-2019-5807
    
        TimGMichaud discovered a memory corruption issue in the v8 javascript
        library.
    
    CVE-2019-5808
    
        cloudfuzzer discovered a use-after-free issue in Blink/Webkit.
    
    CVE-2019-5809
    
        Mark Brand discovered a use-after-free issue in Blink/Webkit.
    
    CVE-2019-5810
    
        Mark Amery discovered an information disclosure issue.
    
    CVE-2019-5811
    
        Jun Kokatsu discovered a way to bypass the Cross-Origin Resource Sharing
        feature.
    
    CVE-2019-5813
    
        Aleksandar Nikolic discovered an out-of-bounds read issue in the v8
        javascript library.
    
    CVE-2019-5814
    
        @AaylaSecura1138 discovered a way to bypass the Cross-Origin Resource
        Sharing feature.
    
    CVE-2019-5815
    
        Nicolas Grégoire discovered a buffer overflow issue in Blink/Webkit.
    
    CVE-2019-5818
    
        Adrian Tolbaru discovered an uninitialized value issue.
    
    CVE-2019-5819
    
        Svyat Mitin discovered an error in the developer tools.
    
    CVE-2019-5820
    
        pdknsk discovered an integer overflow issue in the pdfium library.
    
    CVE-2019-5821
    
        pdknsk discovered another integer overflow issue in the pdfium library.
    
    CVE-2019-5822
    
        Jun Kokatsu discovered a way to bypass the Cross-Origin Resource Sharing
        feature.
    
    CVE-2019-5823
    
        David Erceg discovered a navigation error.
    
    CVE-2019-5824
    
        leecraso and Guang Gong discovered an error in the media player.
    
    CVE-2019-5825
    
        Genming Liu, Jianyu Chen, Zhen Feng, and Jessica Liu discovered an
        out-of-bounds write issue in the v8 javascript library.
    
    CVE-2019-5826
    
        Genming Liu, Jianyu Chen, Zhen Feng, and Jessica Liu discovered a
        use-after-free issue.
    
    CVE-2019-5827
    
        mlfbrown discovered an out-of-bounds read issue in the sqlite library.
    
    CVE-2019-5828
    
        leecraso and Guang Gong discovered a use-after-free issue.
    
    CVE-2019-5829
    
        Lucas Pinheiro discovered a use-after-free issue.
    
    CVE-2019-5830
    
        Andrew Krashichkov discovered a credential error in the Cross-Origin
        Resource Sharing feature.
    
    CVE-2019-5831
    
        yngwei discovered a map error in the v8 javascript library.
    
    CVE-2019-5832
    
        Sergey Shekyan discovered an error in the Cross-Origin Resource Sharing
        feature.
    
    CVE-2019-5833
    
        Khalil Zhani discovered a user interface error.
    
    CVE-2019-5834
    
        Khalil Zhani discovered a URL spoofing issue.
    
    CVE-2019-5836
    
        Omair discovered a buffer overflow issue in the Angle library.
    
    CVE-2019-5837
    
        Adam Iawniuk discovered an information disclosure issue.
    
    CVE-2019-5838
    
        David Erceg discovered an error in extension permissions.
    
    CVE-2019-5839
    
        Masato Kinugawa discovered implementation errors in Blink/Webkit.
    
    CVE-2019-5840
    
        Eliya Stein and Jerome Dangu discovered a way to bypass the popup blocker.
    
    CVE-2019-5842
    
        BUGFENSE discovered a use-after-free issue in Blink/Webkit.
    
    CVE-2019-5847
    
        m3plex discovered an error in the v8 javascript library.
    
    CVE-2019-5848
    
        Mark Amery discovered an information disclosure issue.
    
    CVE-2019-5849
    
        Zhen Zhou discovered an out-of-bounds read in the Skia library.
    
    CVE-2019-5850
    
        Brendon Tiszka discovered a use-after-free issue in the offline page
        fetcher.
    
    CVE-2019-5851
    
        Zhe Jin discovered a use-after-poison issue.
    
    CVE-2019-5852
    
        David Erceg discovered an information disclosure issue.
    
    CVE-2019-5853
    
        Yngwei and sakura discovered a memory corruption issue.
    
    CVE-2019-5854
    
        Zhen Zhou discovered an integer overflow issue in the pdfium library.
    
    CVE-2019-5855
    
        Zhen Zhou discovered an integer overflow issue in the pdfium library.
    
    CVE-2019-5856
    
        Yongke Wang discovered an error related to file system URL permissions.
    
    CVE-2019-5857
    
        cloudfuzzer discovered a way to crash chromium.
    
    CVE-2019-5858
    
        evil1m0 discovered an information disclosure issue.
    
    CVE-2019-5859
    
        James Lee discovered a way to launch alternative browsers.
    
    CVE-2019-5860
    
        A use-after-free issue was discovered in the v8 javascript library.
    
    CVE-2019-5861
    
        Robin Linus discovered an error determining click location.
    
    CVE-2019-5862
    
        Jun Kokatsu discovered an error in the AppCache implementation.
    
    CVE-2019-5864
    
        Devin Grindle discovered an error in the Cross-Origin Resourse Sharing
        feature for extensions.
    
    CVE-2019-5865
    
        Ivan Fratric discovered a way to bypass the site isolation feature.
    
    CVE-2019-5867
    
        Lucas Pinheiro discovered an out-of-bounds read issue in the v8 javascript
        library.
    
    CVE-2019-5868
    
        banananapenguin discovered a use-after-free issue in the v8 javascript
        library.
    
    For the stable distribution (buster), these problems have been fixed in
    version 76.0.3809.100-1~deb10u1.
    
    We recommend that you upgrade your chromium packages.
    
    For the detailed security status of chromium please refer to
    its security tracker page at:
    https://security-tracker.debian.org/tracker/chromium
    
    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/
    
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"5","type":"x","order":"1","pct":62.5,"resources":[]},{"id":"88","title":"Should be more technical","votes":"2","type":"x","order":"2","pct":25,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"1","type":"x","order":"3","pct":12.5,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.