Debian: DSA-4606-1: chromium security update

    Date 20 Jan 2020
    358
    Posted By LinuxSecurity Advisories
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512
    
    - -------------------------------------------------------------------------
    Debian Security Advisory DSA-4606-1                   This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.debian.org/security/                          Michael Gilbert
    January 20, 2020                      https://www.debian.org/security/faq
    - -------------------------------------------------------------------------
    
    Package        : chromium
    CVE ID         : CVE-2019-13725 CVE-2019-13726 CVE-2019-13727 CVE-2019-13728
                     CVE-2019-13729 CVE-2019-13730 CVE-2019-13732 CVE-2019-13734
                     CVE-2019-13735 CVE-2019-13736 CVE-2019-13737 CVE-2019-13738
                     CVE-2019-13739 CVE-2019-13740 CVE-2019-13741 CVE-2019-13742
                     CVE-2019-13743 CVE-2019-13744 CVE-2019-13745 CVE-2019-13746
                     CVE-2019-13747 CVE-2019-13748 CVE-2019-13749 CVE-2019-13750
                     CVE-2019-13751 CVE-2019-13752 CVE-2019-13753 CVE-2019-13754
                     CVE-2019-13755 CVE-2019-13756 CVE-2019-13757 CVE-2019-13758
                     CVE-2019-13759 CVE-2019-13761 CVE-2019-13762 CVE-2019-13763
                     CVE-2019-13764 CVE-2019-13767 CVE-2020-6377 CVE-2020-6378
                     CVE-2020-6379 CVE-2020-6380
    
    Several vulnerabilities have been discovered in the chromium web browser.
    
    CVE-2019-13725
    
        Gengming Liu and Jianyu Chen discovered a use-after-free issue in the
        bluetooth implementation.
    
    CVE-2019-13726
    
        Sergei Lazunov discovered a buffer overflow issue.
    
    CVE-2019-13727
    
        @piochu discovered a policy enforcement error.
    
    CVE-2019-13728
    
        Rong Jian and Guang Gong discovered an out-of-bounds write error in the
        v8 javascript library.
    
    CVE-2019-13729
    
        Zhe Jin discovered a use-after-free issue.
    
    CVE-2019-13730
    
        Soyeon Park and Wen Xu discovered the use of a wrong type in the v8
        javascript library.
    
    CVE-2019-13732
    
        Sergei Glazunov discovered a use-after-free issue in the WebAudio
        implementation.
    
    CVE-2019-13734
    
        Wenxiang Qian discovered an out-of-bounds write issue in the sqlite
        library.
    
    CVE-2019-13735
    
        Gengming Liu and Zhen Feng discovered an out-of-bounds write issue in the
        v8 javascript library.
    
    CVE-2019-13736
    
        An integer overflow issue was discovered in the pdfium library.
    
    CVE-2019-13737
    
        Mark Amery discovered a policy enforcement error.
    
    CVE-2019-13738
    
        Johnathan Norman and Daniel Clark discovered a policy enforcement error.
    
    CVE-2019-13739
    
        xisigr discovered a user interface error.
    
    CVE-2019-13740
    
        Khalil Zhani discovered a user interface error.
    
    CVE-2019-13741
    
        Michał Bentkowski discovered that user input could be incompletely
        validated.
    
    CVE-2019-13742
    
        Khalil Zhani discovered a user interface error.
    
    CVE-2019-13743
    
        Zhiyang Zeng discovered a user interface error.
    
    CVE-2019-13744
    
        Prakash discovered a policy enforcement error.
    
    CVE-2019-13745
    
        Luan Herrera discovered a policy enforcement error.
    
    CVE-2019-13746
    
        David Erceg discovered a policy enforcement error.
    
    CVE-2019-13747
    
        Ivan Popelyshev and André Bonatti discovered an uninitialized value.
    
    CVE-2019-13748
    
        David Erceg discovered a policy enforcement error.
    
    CVE-2019-13749
    
        Khalil Zhani discovered a user interface error.
    
    CVE-2019-13750
    
        Wenxiang Qian discovered insufficient validation of data in the sqlite
        library.
    
    CVE-2019-13751
    
        Wenxiang Qian discovered an uninitialized value in the sqlite library.
    
    CVE-2019-13752
    
        Wenxiang Qian discovered an out-of-bounds read issue in the sqlite
        library.
    
    CVE-2019-13753
    
        Wenxiang Qian discovered an out-of-bounds read issue in the sqlite
        library.
    
    CVE-2019-13754
    
        Cody Crews discovered a policy enforcement error.
    
    CVE-2019-13755
    
        Masato Kinugawa discovered a policy enforcement error.
    
    CVE-2019-13756
    
        Khalil Zhani discovered a user interface error.
    
    CVE-2019-13757
    
        Khalil Zhani discovered a user interface error.
    
    CVE-2019-13758
    
        Khalil Zhani discovered a policy enforecement error.
    
    CVE-2019-13759
    
        Wenxu Wu discovered a user interface error.
    
    CVE-2019-13761
    
        Khalil Zhani discovered a user interface error.
    
    CVE-2019-13762
    
        csanuragjain discovered a policy enforecement error.
    
    CVE-2019-13763
    
        weiwangpp93 discovered a policy enforecement error.
    
    CVE-2019-13764
    
        Soyeon Park and Wen Xu discovered the use of a wrong type in the v8
        javascript library.
    
    CVE-2019-13767
    
        Sergei Glazunov discovered a use-after-free issue.
    
    CVE-2020-6377
    
        Zhe Jin discovered a use-after-free issue.
    
    CVE-2020-6378
    
        Antti Levomäki and Christian Jalio discovered a use-after-free issue.
    
    CVE-2020-6379
    
        Guang Gong discovered a use-after-free issue.
    
    CVE-2020-6380
    
        Sergei Glazunov discovered an error verifying extension messages.
    
    For the oldstable distribution (stretch), security support for chromium has
    been discontinued.
    
    For the stable distribution (buster), these problems have been fixed in
    version 79.0.3945.130-1~deb10u1.
    
    We recommend that you upgrade your chromium packages.
    
    For the detailed security status of chromium please refer to
    its security tracker page at:
    https://security-tracker.debian.org/tracker/chromium
    
    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/
    
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    -----BEGIN PGP SIGNATURE-----
    
    iQQzBAEBCgAdFiEEIwTlZiOEpzUxIyp4mD40ZYkUaygFAl4llMsACgkQmD40ZYkU
    ayg88R/5AeaSNr9uALF6AJWnrBebYbLQWcXp+Fnyjn5FTWfESBNXfbN45hOi4zv7
    dmGyowgxvo97Ai++3bu5mqQ/9xaHC2LmUNzxLsrnQqAUV9r4ZZcsCVU6nMJzM19Q
    +vDOYSvYEQ6geN0Es0ylB8dTPPIh+TP9UDgdjNw+BRN9vvdKKmNIT4NsgTFQVbVJ
    +fEPptfHMGpg0LUEIUQtUkQcvab+mEBWeRoKdDGNm4gpt1et0APv2tVZMP84cc5M
    JNn1Tq0oqdurf9xeMDgg7gx3MI5LIo7ua98BY8t3Y2a5dgLk8xv0PcmSGRqOprlG
    VreRNDM7MnJyrcQmDnObyfg2/fJ37VDUA45ROaevOAGjO+2cADrPuS5KfstVV/bc
    iwpQ4zIomH4qvDtOJL6CGeao7F9WTlr2ChQ/ftQTKwAkfi35+BNeQVEisd0iDeRT
    6bP6OP4kuzPmffNyZvfaGwwGqTd364fEAyHljRNPUxX4x3LPnwLyELizAjuUHKBr
    ZdrQcBUU4mN229Dp/jotFBVpWuZbxdXlbIdmPOhYkjBQKUUL+7uWvUGrYICU6TJe
    nQGUEdDzycuiciE1HeLaZywf6TFXU8LMwePO//m+TiqaLg9S6vHaP8PJz4M61Vik
    rlv59kaH5H0HA5S0gnFM6GEPdSWwLkpgSqcpPwHvDHW2WUEKBwQzuwj2LoLv20VD
    neUCizOVpltBOiUTulkV1kTK4mgNcfhOqRE9ReXjTE9hdQ5ITKkYj8+O4k2URB8u
    hdsEWy4m8q1/uy1w6Y9iAW8NaYmIK7U+pFX7D/d1j+R3Wsv5whZQQQ4iGX57UUgk
    7lwHTbCwFEp1g5I6UEqD8xtJeqr7m3lYk66R7Cdez1qV1JAMgK13c8nTu9w9IiAa
    ShjQ4PRAu5dlNeWecsobZs6h3e3Js0g0bCg0QwfbMgK1qE/OrZZ6J4A6ilLPzlcX
    poNP4hAnAzN22Q/18/T9Bm6t9IVcR1qmt8F/D3iEW0xXb2Pr9VA9kwKmUvxr1E9t
    2J65Yh1gz/okYaHONMDAK5bOkqohsV+p1geJkyywqTP8aTK+hzdZ4jRnOGQDddAO
    IAhADjGLDPuGeOnBX/otTmcNA883OOh/U9j/LA51m/3IchzfrtuAb8Y7EsYauAaw
    +ZdGaFuL0d5AgtS0CHkvHdtzAJcde7oyHAkiRH6O0Bnr+vvDkedneV0ubuz0p06Q
    E1ShBBvgRjQ3ZsRJhY57goxWTLHwpgAVz1QJNfU3GiDuPQnXsWwBRpLxhLhEIHl0
    eCrqE23BYBCibajwf+mS7SES1Oa/zuQz3WSmnpAvwJh7Y1j2jDoHdd+sDCdN+GLs
    GotIlVoZiFMd/ykx1yM/EE0ukZw/fg==
    =a1dW
    -----END PGP SIGNATURE-----
    
    

    LinuxSecurity Poll

    If you are using full-disk encryption: are you concerned about the resulting performance hit?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).
    /main-polls/34-if-you-are-using-full-disk-encryption-are-you-concerned-about-the-resulting-performance-hit?task=poll.vote&format=json
    34
    radio
    [{"id":"120","title":"Yes","votes":"13","type":"x","order":"1","pct":65,"resources":[]},{"id":"121","title":"No ","votes":"7","type":"x","order":"2","pct":35,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.