Debian: DSA-4562-1: chromium security update

    Date10 Nov 2019
    CategoryDebian
    393
    Posted ByLinuxSecurity Advisories
    Several vulnerabilities have been discovered in the chromium web browser. CVE-2019-5869
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512
    
    - --------------------------------------------------------------------------
    Debian Security Advisory DSA-4562-1                   This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.debian.org/security/                          Michael Gilbert
    November 10, 2019                     https://www.debian.org/security/faq
    - --------------------------------------------------------------------------
    
    Package        : chromium
    CVE ID         : CVE-2019-5869 CVE-2019-5870 CVE-2019-5871 CVE-2019-5872
                     CVE-2019-5874 CVE-2019-5875 CVE-2019-5876 CVE-2019-5877
                     CVE-2019-5878 CVE-2019-5879 CVE-2019-5880 CVE-2019-13659
                     CVE-2019-13660 CVE-2019-13661 CVE-2019-13662 CVE-2019-13663
                     CVE-2019-13664 CVE-2019-13665 CVE-2019-13666 CVE-2019-13667
                     CVE-2019-13668 CVE-2019-13669 CVE-2019-13670 CVE-2019-13671
                     CVE-2019-13673 CVE-2019-13674 CVE-2019-13675 CVE-2019-13676
                     CVE-2019-13677 CVE-2019-13678 CVE-2019-13679 CVE-2019-13680
                     CVE-2019-13681 CVE-2019-13682 CVE-2019-13683 CVE-2019-13685
                     CVE-2019-13686 CVE-2019-13687 CVE-2019-13688 CVE-2019-13691
                     CVE-2019-13692 CVE-2019-13693 CVE-2019-13694 CVE-2019-13695
                     CVE-2019-13696 CVE-2019-13697 CVE-2019-13699 CVE-2019-13700
                     CVE-2019-13701 CVE-2019-13702 CVE-2019-13703 CVE-2019-13704
                     CVE-2019-13705 CVE-2019-13706 CVE-2019-13707 CVE-2019-13708
                     CVE-2019-13709 CVE-2019-13710 CVE-2019-13711 CVE-2019-13713
                     CVE-2019-13714 CVE-2019-13715 CVE-2019-13716 CVE-2019-13717
                     CVE-2019-13718 CVE-2019-13719 CVE-2019-13720 CVE-2019-13721
    
    Several vulnerabilities have been discovered in the chromium web browser.
    
    CVE-2019-5869
    
        Zhe Jin discovered a use-after-free issue.
    
    CVE-2019-5870
    
        Guang Gong discovered a use-after-free issue.
    
    CVE-2019-5871
    
        A buffer overflow issue was discovered in the skia library.
    
    CVE-2019-5872
    
        Zhe Jin discovered a use-after-free issue.
    
    CVE-2019-5874
    
        James Lee discovered an issue with external Uniform Resource Identifiers.
    
    CVE-2019-5875
    
        Khalil Zhani discovered a URL spoofing issue.
    
    CVE-2019-5876
    
        Man Yue Mo discovered a use-after-free issue.
    
    CVE-2019-5877
    
        Guang Gong discovered an out-of-bounds read issue.
    
    CVE-2019-5878
    
        Guang Gong discovered an use-after-free issue in the v8 javascript
        library.
    
    CVE-2019-5879
    
        Jinseo Kim discover that extensions could read files on the local
        system.
    
    CVE-2019-5880
    
        Jun Kokatsu discovered a way to bypass the SameSite cookie feature.
    
    CVE-2019-13659
    
        Lnyas Zhang discovered a URL spoofing issue.
    
    CVE-2019-13660
    
        Wenxu Wu discovered a user interface error in full screen mode.
    
    CVE-2019-13661
    
        Wenxu Wu discovered a user interface spoofing issue in full screen mode.
    
    CVE-2019-13662
    
        David Erceg discovered a way to bypass the Content Security Policy.
    
    CVE-2019-13663
    
        Lnyas Zhang discovered a way to spoof Internationalized Domain Names.
    
    CVE-2019-13664
    
        Thomas Shadwell discovered a way to bypass the SameSite cookie feature.
    
    CVE-2019-13665
    
        Jun Kokatsu discovered a way to bypass the multiple file download
        protection feature.
    
    CVE-2019-13666
    
        Tom Van Goethem discovered an information leak.
    
    CVE-2019-13667
    
        Khalil Zhani discovered a URL spoofing issue.
    
    CVE-2019-13668
    
        David Erceg discovered an information leak.
    
    CVE-2019-13669
    
        Khalil Zhani discovered an authentication spoofing issue.
    
    CVE-2019-13670
    
        Guang Gong discovered a memory corruption issue in the v8 javascript
        library.
    
    CVE-2019-13671
    
        xisigr discovered a user interface error.
    
    CVE-2019-13673
    
        David Erceg discovered an information leak.
    
    CVE-2019-13674
    
        Khalil Zhani discovered a way to spoof Internationalized Domain Names.
    
    CVE-2019-13675
    
        Jun Kokatsu discovered a way to disable extensions.
    
    CVE-2019-13676
    
        Wenxu Wu discovered an error in a certificate warning.
    
    CVE-2019-13677
    
        Jun Kokatsu discovered an error in the chrome web store.
    
    CVE-2019-13678
    
        Ronni Skansing discovered a spoofing issue in the download dialog window.
    
    CVE-2019-13679
    
        Conrad Irwin discovered that user activation was not required for
        printing.
    
    CVE-2019-13680
    
        Thijs Alkamade discovered an IP address spoofing issue.
    
    CVE-2019-13681
    
        David Erceg discovered a way to bypass download restrictions.
    
    CVE-2019-13682
    
        Jun Kokatsu discovered a way to bypass the site isolation feature.
    
    CVE-2019-13683
    
        David Erceg discovered an information leak.
    
    CVE-2019-13685
    
        Khalil Zhani discovered a use-after-free issue.
    
    CVE-2019-13686
    
        Brendon discovered a use-after-free issue.
    
    CVE-2019-13687
    
        Man Yue Mo discovered a use-after-free issue.
    
    CVE-2019-13688
    
        Man Yue Mo discovered a use-after-free issue.
    
    CVE-2019-13691
    
        David Erceg discovered a user interface spoofing issue.
    
    CVE-2019-13692
    
        Jun Kokatsu discovered a way to bypass the Same Origin Policy.
    
    CVE-2019-13693
    
        Guang Gong discovered a use-after-free issue.
    
    CVE-2019-13694
    
        banananapenguin discovered a use-after-free issue.
    
    CVE-2019-13695
    
        Man Yue Mo discovered a use-after-free issue.
    
    CVE-2019-13696
    
        Guang Gong discovered a use-after-free issue in the v8 javascript library.
    
    CVE-2019-13697
    
        Luan Herrera discovered an information leak.
    
    CVE-2019-13699
    
        Man Yue Mo discovered a use-after-free issue.
    
    CVE-2019-13700
    
        Man Yue Mo discovered a buffer overflow issue.
    
    CVE-2019-13701
    
        David Erceg discovered a URL spoofing issue.
    
    CVE-2019-13702
    
        Phillip Langlois and Edward Torkington discovered a privilege escalation
        issue in the installer.
    
    CVE-2019-13703
    
        Khalil Zhani discovered a URL spoofing issue.
    
    CVE-2019-13704
    
        Jun Kokatsu discovered a way to bypass the Content Security Policy.
    
    CVE-2019-13705
    
        Luan Herrera discovered a way to bypass extension permissions.
    
    CVE-2019-13706
    
        pdknsk discovered an out-of-bounds read issue in the pdfium library.
    
    CVE-2019-13707
    
        Andrea Palazzo discovered an information leak.
    
    CVE-2019-13708
    
        Khalil Zhani discovered an authentication spoofing issue.
    
    CVE-2019-13709
    
        Zhong Zhaochen discovered a way to bypass download restrictions.
    
    CVE-2019-13710
    
        bernardo.mrod discovered a way to bypass download restrictions.
    
    CVE-2019-13711
    
        David Erceg discovered an information leak.
    
    CVE-2019-13713
    
        David Erceg discovered an information leak.
    
    CVE-2019-13714
    
        Jun Kokatsu discovered an issue with Cascading Style Sheets.
    
    CVE-2019-13715
    
        xisigr discovered a URL spoofing issue.
    
    CVE-2019-13716
    
        Barron Hagerman discovered an error in the service worker implementation.
    
    CVE-2019-13717
    
        xisigr discovered a user interface spoofing issue.
    
    CVE-2019-13718
    
        Khalil Zhani discovered a way to spoof Internationalized Domain Names.
    
    CVE-2019-13719
    
        Khalil Zhani discovered a user interface spoofing issue.
    
    CVE-2019-13720
    
        Anton Ivanov and Alexey Kulaev discovered a use-after-free issue.
    
    CVE-2019-13721
    
       banananapenguin discovered a use-after-free issue in the pdfium library.
    
    For the oldstable distribution (stretch), support for chromium has been
    discontinued.  Please upgrade to the stable release (buster) to continue
    receiving chromium updates or switch to firefox, which continues to be
    supported in the oldstable release.
    
    For the stable distribution (buster), these problems have been fixed in
    version 78.0.3904.97-1~deb10u1.
    
    We recommend that you upgrade your chromium packages.
    
    For the detailed security status of chromium please refer to
    its security tracker page at:
    https://security-tracker.debian.org/tracker/chromium
    
    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/
    
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"65","type":"x","order":"1","pct":57.52,"resources":[]},{"id":"88","title":"Should be more technical","votes":"15","type":"x","order":"2","pct":13.27,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"33","type":"x","order":"3","pct":29.2,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.