Debian: DSA-4638-1: chromium security update

    Date 10 Mar 2020
    109
    Posted By LinuxSecurity Advisories
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512
    
    - -------------------------------------------------------------------------
    Debian Security Advisory DSA-4638-1                   This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.debian.org/security/                          Michael Gilbert
    March 10, 2020                        https://www.debian.org/security/faq
    - -------------------------------------------------------------------------
    
    Package        : chromium
    CVE ID         : CVE-2019-19880 CVE-2019-19923 CVE-2019-19925 CVE-2019-19926
                     CVE-2020-6381 CVE-2020-6382 CVE-2020-6383 CVE-2020-6384
                     CVE-2020-6385 CVE-2020-6386 CVE-2020-6387 CVE-2020-6388
                     CVE-2020-6389 CVE-2020-6390 CVE-2020-6391 CVE-2020-6392
                     CVE-2020-6393 CVE-2020-6394 CVE-2020-6395 CVE-2020-6396
                     CVE-2020-6397 CVE-2020-6398 CVE-2020-6399 CVE-2020-6400
                     CVE-2020-6401 CVE-2020-6402 CVE-2020-6403 CVE-2020-6404
                     CVE-2020-6405 CVE-2020-6406 CVE-2020-6407 CVE-2020-6408
                     CVE-2020-6409 CVE-2020-6410 CVE-2020-6411 CVE-2020-6412
                     CVE-2020-6413 CVE-2020-6414 CVE-2020-6415 CVE-2020-6416
                     CVE-2020-6418 CVE-2020-6420
    
    Several vulnerabilities have been discovered in the chromium web browser.
    
    CVE-2019-19880
    
        Richard Lorenz discovered an issue in the sqlite library.
    
    CVE-2019-19923
    
        Richard Lorenz discovered an out-of-bounds read issue in the sqlite
        library.
    
    CVE-2019-19925
    
        Richard Lorenz discovered an issue in the sqlite library.
    
    CVE-2019-19926
    
        Richard Lorenz discovered an implementation error in the sqlite library.
    
    CVE-2020-6381
    
        UK's National Cyber Security Centre discovered an integer overflow issue
        in the v8 javascript library.
    
    CVE-2020-6382
    
        Soyeon Park and Wen Xu discovered a type error in the v8 javascript
        library.
    
    CVE-2020-6383
    
        Sergei Glazunov discovered a type error in the v8 javascript library.
    
    CVE-2020-6384
    
        David Manoucheri discovered a use-after-free issue in WebAudio.
    
    CVE-2020-6385
    
        Sergei Glazunov discovered a policy enforcement error.
    
    CVE-2020-6386
    
        Zhe Jin discovered a use-after-free issue in speech processing.
    
    CVE-2020-6387
    
        Natalie Silvanovich discovered an out-of-bounds write error in the WebRTC
        implementation.
    
    CVE-2020-6388
    
        Sergei Glazunov discovered an out-of-bounds read error in the WebRTC
        implementation.
    
    CVE-2020-6389
    
        Natalie Silvanovich discovered an out-of-bounds write error in the WebRTC
        implementation.
    
    CVE-2020-6390
    
        Sergei Glazunov discovered an out-of-bounds read error.
    
    CVE-2020-6391
    
        Michał Bentkowski discoverd that untrusted input was insufficiently
        validated.
    
    CVE-2020-6392
    
        The Microsoft Edge Team discovered a policy enforcement error.
    
    CVE-2020-6393
    
        Mark Amery discovered a policy enforcement error.
    
    CVE-2020-6394
    
        Phil Freo discovered a policy enforcement error.
    
    CVE-2020-6395
    
        Pierre Langlois discovered an out-of-bounds read error in the v8
        javascript library.
    
    CVE-2020-6396
    
        William Luc Ritchie discovered an error in the skia library.
    
    CVE-2020-6397
    
        Khalil Zhani discovered a user interface error.
    
    CVE-2020-6398
    
        pdknsk discovered an uninitialized variable in the pdfium library.
    
    CVE-2020-6399
    
        Luan Herrera discovered a policy enforcement error.
    
    CVE-2020-6400
    
        Takashi Yoneuchi discovered an error in Cross-Origin Resource Sharing.
    
    CVE-2020-6401
    
        Tzachy Horesh discovered that user input was insufficiently validated.
    
    CVE-2020-6402
    
        Vladimir Metnew discovered a policy enforcement error.
    
    CVE-2020-6403
    
        Khalil Zhani discovered a user interface error.
    
    CVE-2020-6404
    
        kanchi discovered an error in Blink/Webkit.
    
    CVE-2020-6405
    
        Yongheng Chen and Rui Zhong discovered an out-of-bounds read issue in the
        sqlite library.
    
    CVE-2020-6406
    
        Sergei Glazunov discovered a use-after-free issue.
    
    CVE-2020-6407
    
        Sergei Glazunov discovered an out-of-bounds read error.
    
    CVE-2020-6408
    
        Zhong Zhaochen discovered a policy enforcement error in Cross-Origin
        Resource Sharing.
    
    CVE-2020-6409
    
        Divagar S and Bharathi V discovered an error in the omnibox
        implementation.
    
    CVE-2020-6410
    
        evil1m0 discovered a policy enforcement error.
    
    CVE-2020-6411
    
        Khalil Zhani discovered that user input was insufficiently validated.
    
    CVE-2020-6412
    
        Zihan Zheng discovered that user input was insufficiently validated.
    
    CVE-2020-6413
    
        Michał Bentkowski discovered an error in Blink/Webkit.
    
    CVE-2020-6414
    
        Lijo A.T discovered a policy safe browsing policy enforcement error.
    
    CVE-2020-6415
    
        Avihay Cohen discovered an implementation error in the v8 javascript
        library.
    
    CVE-2020-6416
    
        Woojin Oh discovered that untrusted input was insufficiently validated.
    
    CVE-2020-6418
    
        Clement Lecigne discovered a type error in the v8 javascript library.
    
    CVE-2020-6420
    
        Taras Uzdenov discovered a policy enforcement error.
    
    For the oldstable distribution (stretch), security support for chromium has
    been discontinued.
    
    For the stable distribution (buster), these problems have been fixed in
    version 80.0.3987.132-1~deb10u1.
    
    We recommend that you upgrade your chromium packages.
    
    For the detailed security status of chromium please refer to
    its security tracker page at:
    https://security-tracker.debian.org/tracker/chromium
    
    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/
    
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    -----BEGIN PGP SIGNATURE-----
    
    iQQzBAEBCgAdFiEEIwTlZiOEpzUxIyp4mD40ZYkUaygFAl5oNcAACgkQmD40ZYkU
    ayh0Rh/+PrQfatkM3FrjJJww29+dsIOZ3S2MGR6mggmYcfN8VBIurnBoa/T48RpX
    PH0JtNNXmGFXgByL877ykk9cgWeFgnTYlxc5RICKup2qlcZrXugqhN029AtjlMwl
    Ynw2tbgyHEEh+aRg/tiMMMDYhDtQpnIpgKJ3L206F9KEpjxgnCAuLMbabwfgf4lX
    +5ErU+4LEhWBESkUJCEJA/OFCFfsfBVaz+H564PgsIh1OG/Sm4QL0DoYma3iN+KQ
    f/jFejdSFkiTNfZgRmcOU2dqvzf0qfY/iJWrma/RPiF8r5ta5Ew65qoodCxz1pB5
    Q7A2c/4ckNYpe+RvafkHZ7TX13IHYOPTaG2lR/lCK0wyuTi1m6KceI6O9fR7mrii
    pV9cnTFFYFV2i/Hjq59LFlVh3gfBU9fiO2cps/SVVpCkenxvD372S8NCijBWd3we
    K1xmyhmR07zTircuY305T8Sj5qJ/Gb+V0uvhOPeBhkC1cTHUSf/oeU2r+L2fnl41
    ctYUfXIfwG5aqr47Q5N+6WuxZMJW/eTHA765/5HhLysyXqw7/fUWrZDU6G6wS9Ij
    2pxFzxl2NFHbAl7rBRyrOVfzIT6lAj5OJhqktwI5+8ZSqOO0c+ETkZekfMJXB/H9
    +mX1FLAJtxpDKwpqNWt3ZW/vdWF2fnnHifE3BmrdvAv6aBklUWmRGJwBA8/8YTjD
    noxg4JZG58GNonsU641iwP0YR4ncI2o0Qq7+plPzm+iG4iiLBsL6+zRe1hAaS38Q
    TZioSM3QVsFPKcWQ9pn3xengFVGsMaDH/nAHUfxyD4y6VEvIfJGQsNm2CN9c9Sz1
    2ZltQIwtKPe0N2iEA/edzIzINrAmg9g7JB9h2XAsSU+48NtkVZ8gk2nzu/oreRDR
    EWe8PNPkHfWDQMv31TcXmqrZfS3RjmoOzlJxOk4iuYnhkhUpv2N/IuhOrVUg0e1v
    kVZiRUpdJAh31dKEUNTlEkNH5aCWELhxlr6FJb1tLYqV8Cfg7rHxB9knTzdgz93d
    MTsN2Ig6J+bDsBi8HclE0gYLwCbdGx08bFth7Tyd/WbdAlhaZaoMfZkTWXm9rl3e
    ReLx4VEZh8fEAXnYU7EqPuWv2UiQBQYSD713+WCmSNCnM7uDkobCJ1CF961FcX7u
    BtnFsjE5F1F7bE+FP9zOHXd3fhYCJHkKcg+BTNxYn9ORMYQhhfK0ms5awNT4CyFX
    AeWQh5/szmJHowmgfgRmcVSkHNK02R984kvYnRd+oqJg6R+P8PSZWXTmS0X2RnU3
    BdoniwUi2Qrtx++E5KtH+qFUEaKJTB5NYub87ZVGJ1wvsHxAQxCW1iOcrZ7KV+Ly
    Cf9ugJha6dD2cjM09JPVBrHMzJVKbA==
    =Ho61
    -----END PGP SIGNATURE-----
    
    

    LinuxSecurity Poll

    If you are using full-disk encryption: are you concerned about the resulting performance hit?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).
    /main-polls/34-if-you-are-using-full-disk-encryption-are-you-concerned-about-the-resulting-performance-hit?task=poll.vote&format=json
    34
    radio
    [{"id":"120","title":"Yes","votes":"13","type":"x","order":"1","pct":59.09,"resources":[]},{"id":"121","title":"No ","votes":"9","type":"x","order":"2","pct":40.91,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
    bottom 200

    Advisories

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.