Linux Security
    Linux Security
    Linux Security

    Debian: DSA-4638-1: chromium security update

    Date
    143
    Posted By
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512
    
    - -------------------------------------------------------------------------
    Debian Security Advisory DSA-4638-1                   This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.debian.org/security/                          Michael Gilbert
    March 10, 2020                        https://www.debian.org/security/faq
    - -------------------------------------------------------------------------
    
    Package        : chromium
    CVE ID         : CVE-2019-19880 CVE-2019-19923 CVE-2019-19925 CVE-2019-19926
                     CVE-2020-6381 CVE-2020-6382 CVE-2020-6383 CVE-2020-6384
                     CVE-2020-6385 CVE-2020-6386 CVE-2020-6387 CVE-2020-6388
                     CVE-2020-6389 CVE-2020-6390 CVE-2020-6391 CVE-2020-6392
                     CVE-2020-6393 CVE-2020-6394 CVE-2020-6395 CVE-2020-6396
                     CVE-2020-6397 CVE-2020-6398 CVE-2020-6399 CVE-2020-6400
                     CVE-2020-6401 CVE-2020-6402 CVE-2020-6403 CVE-2020-6404
                     CVE-2020-6405 CVE-2020-6406 CVE-2020-6407 CVE-2020-6408
                     CVE-2020-6409 CVE-2020-6410 CVE-2020-6411 CVE-2020-6412
                     CVE-2020-6413 CVE-2020-6414 CVE-2020-6415 CVE-2020-6416
                     CVE-2020-6418 CVE-2020-6420
    
    Several vulnerabilities have been discovered in the chromium web browser.
    
    CVE-2019-19880
    
        Richard Lorenz discovered an issue in the sqlite library.
    
    CVE-2019-19923
    
        Richard Lorenz discovered an out-of-bounds read issue in the sqlite
        library.
    
    CVE-2019-19925
    
        Richard Lorenz discovered an issue in the sqlite library.
    
    CVE-2019-19926
    
        Richard Lorenz discovered an implementation error in the sqlite library.
    
    CVE-2020-6381
    
        UK's National Cyber Security Centre discovered an integer overflow issue
        in the v8 javascript library.
    
    CVE-2020-6382
    
        Soyeon Park and Wen Xu discovered a type error in the v8 javascript
        library.
    
    CVE-2020-6383
    
        Sergei Glazunov discovered a type error in the v8 javascript library.
    
    CVE-2020-6384
    
        David Manoucheri discovered a use-after-free issue in WebAudio.
    
    CVE-2020-6385
    
        Sergei Glazunov discovered a policy enforcement error.
    
    CVE-2020-6386
    
        Zhe Jin discovered a use-after-free issue in speech processing.
    
    CVE-2020-6387
    
        Natalie Silvanovich discovered an out-of-bounds write error in the WebRTC
        implementation.
    
    CVE-2020-6388
    
        Sergei Glazunov discovered an out-of-bounds read error in the WebRTC
        implementation.
    
    CVE-2020-6389
    
        Natalie Silvanovich discovered an out-of-bounds write error in the WebRTC
        implementation.
    
    CVE-2020-6390
    
        Sergei Glazunov discovered an out-of-bounds read error.
    
    CVE-2020-6391
    
        Michał Bentkowski discoverd that untrusted input was insufficiently
        validated.
    
    CVE-2020-6392
    
        The Microsoft Edge Team discovered a policy enforcement error.
    
    CVE-2020-6393
    
        Mark Amery discovered a policy enforcement error.
    
    CVE-2020-6394
    
        Phil Freo discovered a policy enforcement error.
    
    CVE-2020-6395
    
        Pierre Langlois discovered an out-of-bounds read error in the v8
        javascript library.
    
    CVE-2020-6396
    
        William Luc Ritchie discovered an error in the skia library.
    
    CVE-2020-6397
    
        Khalil Zhani discovered a user interface error.
    
    CVE-2020-6398
    
        pdknsk discovered an uninitialized variable in the pdfium library.
    
    CVE-2020-6399
    
        Luan Herrera discovered a policy enforcement error.
    
    CVE-2020-6400
    
        Takashi Yoneuchi discovered an error in Cross-Origin Resource Sharing.
    
    CVE-2020-6401
    
        Tzachy Horesh discovered that user input was insufficiently validated.
    
    CVE-2020-6402
    
        Vladimir Metnew discovered a policy enforcement error.
    
    CVE-2020-6403
    
        Khalil Zhani discovered a user interface error.
    
    CVE-2020-6404
    
        kanchi discovered an error in Blink/Webkit.
    
    CVE-2020-6405
    
        Yongheng Chen and Rui Zhong discovered an out-of-bounds read issue in the
        sqlite library.
    
    CVE-2020-6406
    
        Sergei Glazunov discovered a use-after-free issue.
    
    CVE-2020-6407
    
        Sergei Glazunov discovered an out-of-bounds read error.
    
    CVE-2020-6408
    
        Zhong Zhaochen discovered a policy enforcement error in Cross-Origin
        Resource Sharing.
    
    CVE-2020-6409
    
        Divagar S and Bharathi V discovered an error in the omnibox
        implementation.
    
    CVE-2020-6410
    
        evil1m0 discovered a policy enforcement error.
    
    CVE-2020-6411
    
        Khalil Zhani discovered that user input was insufficiently validated.
    
    CVE-2020-6412
    
        Zihan Zheng discovered that user input was insufficiently validated.
    
    CVE-2020-6413
    
        Michał Bentkowski discovered an error in Blink/Webkit.
    
    CVE-2020-6414
    
        Lijo A.T discovered a policy safe browsing policy enforcement error.
    
    CVE-2020-6415
    
        Avihay Cohen discovered an implementation error in the v8 javascript
        library.
    
    CVE-2020-6416
    
        Woojin Oh discovered that untrusted input was insufficiently validated.
    
    CVE-2020-6418
    
        Clement Lecigne discovered a type error in the v8 javascript library.
    
    CVE-2020-6420
    
        Taras Uzdenov discovered a policy enforcement error.
    
    For the oldstable distribution (stretch), security support for chromium has
    been discontinued.
    
    For the stable distribution (buster), these problems have been fixed in
    version 80.0.3987.132-1~deb10u1.
    
    We recommend that you upgrade your chromium packages.
    
    For the detailed security status of chromium please refer to
    its security tracker page at:
    https://security-tracker.debian.org/tracker/chromium
    
    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/
    
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    -----BEGIN PGP SIGNATURE-----
    
    iQQzBAEBCgAdFiEEIwTlZiOEpzUxIyp4mD40ZYkUaygFAl5oNcAACgkQmD40ZYkU
    ayh0Rh/+PrQfatkM3FrjJJww29+dsIOZ3S2MGR6mggmYcfN8VBIurnBoa/T48RpX
    PH0JtNNXmGFXgByL877ykk9cgWeFgnTYlxc5RICKup2qlcZrXugqhN029AtjlMwl
    Ynw2tbgyHEEh+aRg/tiMMMDYhDtQpnIpgKJ3L206F9KEpjxgnCAuLMbabwfgf4lX
    +5ErU+4LEhWBESkUJCEJA/OFCFfsfBVaz+H564PgsIh1OG/Sm4QL0DoYma3iN+KQ
    f/jFejdSFkiTNfZgRmcOU2dqvzf0qfY/iJWrma/RPiF8r5ta5Ew65qoodCxz1pB5
    Q7A2c/4ckNYpe+RvafkHZ7TX13IHYOPTaG2lR/lCK0wyuTi1m6KceI6O9fR7mrii
    pV9cnTFFYFV2i/Hjq59LFlVh3gfBU9fiO2cps/SVVpCkenxvD372S8NCijBWd3we
    K1xmyhmR07zTircuY305T8Sj5qJ/Gb+V0uvhOPeBhkC1cTHUSf/oeU2r+L2fnl41
    ctYUfXIfwG5aqr47Q5N+6WuxZMJW/eTHA765/5HhLysyXqw7/fUWrZDU6G6wS9Ij
    2pxFzxl2NFHbAl7rBRyrOVfzIT6lAj5OJhqktwI5+8ZSqOO0c+ETkZekfMJXB/H9
    +mX1FLAJtxpDKwpqNWt3ZW/vdWF2fnnHifE3BmrdvAv6aBklUWmRGJwBA8/8YTjD
    noxg4JZG58GNonsU641iwP0YR4ncI2o0Qq7+plPzm+iG4iiLBsL6+zRe1hAaS38Q
    TZioSM3QVsFPKcWQ9pn3xengFVGsMaDH/nAHUfxyD4y6VEvIfJGQsNm2CN9c9Sz1
    2ZltQIwtKPe0N2iEA/edzIzINrAmg9g7JB9h2XAsSU+48NtkVZ8gk2nzu/oreRDR
    EWe8PNPkHfWDQMv31TcXmqrZfS3RjmoOzlJxOk4iuYnhkhUpv2N/IuhOrVUg0e1v
    kVZiRUpdJAh31dKEUNTlEkNH5aCWELhxlr6FJb1tLYqV8Cfg7rHxB9knTzdgz93d
    MTsN2Ig6J+bDsBi8HclE0gYLwCbdGx08bFth7Tyd/WbdAlhaZaoMfZkTWXm9rl3e
    ReLx4VEZh8fEAXnYU7EqPuWv2UiQBQYSD713+WCmSNCnM7uDkobCJ1CF961FcX7u
    BtnFsjE5F1F7bE+FP9zOHXd3fhYCJHkKcg+BTNxYn9ORMYQhhfK0ms5awNT4CyFX
    AeWQh5/szmJHowmgfgRmcVSkHNK02R984kvYnRd+oqJg6R+P8PSZWXTmS0X2RnU3
    BdoniwUi2Qrtx++E5KtH+qFUEaKJTB5NYub87ZVGJ1wvsHxAQxCW1iOcrZ7KV+Ly
    Cf9ugJha6dD2cjM09JPVBrHMzJVKbA==
    =Ho61
    -----END PGP SIGNATURE-----
    
    

    Advisories

    LinuxSecurity Poll

    Tails is the most secure Linux distro out there.

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).
    /main-polls/41-ubuntu-is-a-more-secure-distro-than-fedora?task=poll.vote&format=json
    41
    radio
    [{"id":"142","title":"Yes - Tails get my vote!","votes":"1","type":"x","order":"1","pct":100,"resources":[]},{"id":"143","title":"Nope - Parrot OS has surpassed Tails in its security and privacy.","votes":"0","type":"x","order":"2","pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.