Debian: DSA-4714-1: chromium security update

    Date 01 Jul 2020
    184
    Posted By LinuxSecurity Advisories
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512
    
    - -------------------------------------------------------------------------
    Debian Security Advisory DSA-4714-1                   This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.debian.org/security/                          Michael Gilbert
    July 01, 2020                         https://www.debian.org/security/faq
    - -------------------------------------------------------------------------
    
    Package        : chromium
    CVE ID         : CVE-2020-6423 CVE-2020-6430 CVE-2020-6431 CVE-2020-6432
                     CVE-2020-6433 CVE-2020-6434 CVE-2020-6435 CVE-2020-6436
                     CVE-2020-6437 CVE-2020-6438 CVE-2020-6439 CVE-2020-6440
                     CVE-2020-6441 CVE-2020-6442 CVE-2020-6443 CVE-2020-6444
                     CVE-2020-6445 CVE-2020-6446 CVE-2020-6447 CVE-2020-6448
                     CVE-2020-6454 CVE-2020-6455 CVE-2020-6456 CVE-2020-6457
                     CVE-2020-6458 CVE-2020-6459 CVE-2020-6460 CVE-2020-6461
                     CVE-2020-6462 CVE-2020-6463 CVE-2020-6464 CVE-2020-6465
                     CVE-2020-6466 CVE-2020-6467 CVE-2020-6468 CVE-2020-6469
                     CVE-2020-6470 CVE-2020-6471 CVE-2020-6472 CVE-2020-6473
                     CVE-2020-6474 CVE-2020-6475 CVE-2020-6476 CVE-2020-6478
                     CVE-2020-6479 CVE-2020-6480 CVE-2020-6481 CVE-2020-6482
                     CVE-2020-6483 CVE-2020-6484 CVE-2020-6485 CVE-2020-6486
                     CVE-2020-6487 CVE-2020-6488 CVE-2020-6489 CVE-2020-6490
                     CVE-2020-6491 CVE-2020-6493 CVE-2020-6494 CVE-2020-6495
                     CVE-2020-6496 CVE-2020-6497 CVE-2020-6498 CVE-2020-6505
                     CVE-2020-6506 CVE-2020-6507 CVE-2020-6509 CVE-2020-6831
    
    Several vulnerabilities have been discovered in the chromium web browser.
    
    CVE-2020-6423
    
        A use-after-free issue was found in the audio implementation.
    
    CVE-2020-6430
    
        Avihay Cohen discovered a type confusion issue in the v8 javascript
        library.
    
    CVE-2020-6431
    
        Luan Herrera discovered a policy enforcement error.
    
    CVE-2020-6432
    
        Luan Herrera discovered a policy enforcement error.
    
    CVE-2020-6433
    
        Luan Herrera discovered a policy enforcement error in extensions.
    
    CVE-2020-6434
    
        HyungSeok Han discovered a use-after-free issue in the developer tools.
    
    CVE-2020-6435
    
        Sergei Glazunov discovered a policy enforcement error in extensions.
    
    CVE-2020-6436
    
        Igor Bukanov discovered a use-after-free issue.
    
    CVE-2020-6437
    
        Jann Horn discovered an implementation error in WebView.
    
    CVE-2020-6438
    
        Ng Yik Phang discovered a policy enforcement error in extensions.
    
    CVE-2020-6439
    
        remkoboonstra discovered a policy enforcement error.
    
    CVE-2020-6440
    
        David Erceg discovered an implementation error in extensions.
    
    CVE-2020-6441
    
        David Erceg discovered a policy enforcement error.
    
    CVE-2020-6442
    
        [email protected] discovered an implementation error in the page cache.
    
    CVE-2020-6443
    
        @lovasoa discovered an implementation error in the developer tools.
    
    CVE-2020-6444
    
        mlfbrown discovered an uninitialized variable in the WebRTC
        implementation.
    
    CVE-2020-6445
    
        Jun Kokatsu discovered a policy enforcement error.
    
    CVE-2020-6446
    
        Jun Kokatsu discovered a policy enforcement error.
    
    CVE-2020-6447
    
        David Erceg discovered an implementation error in the developer tools.
    
    CVE-2020-6448
    
        Guang Gong discovered a use-after-free issue in the v8 javascript library.
    
    CVE-2020-6454
    
        Leecraso and Guang Gong discovered a use-after-free issue in extensions.
    
    CVE-2020-6455
    
        Nan Wang and Guang Gong discovered an out-of-bounds read issue in the
        WebSQL implementation.
    
    CVE-2020-6456
    
        Michał Bentkowski discovered insufficient validation of untrusted input.
    
    CVE-2020-6457
    
        Leecraso and Guang Gong discovered a use-after-free issue in the speech
        recognizer.
    
    CVE-2020-6458
    
        Aleksandar Nikolic discoved an out-of-bounds read and write issue in the
        pdfium library.
    
    CVE-2020-6459
    
        Zhe Jin discovered a use-after-free issue in the payments implementation.
    
    CVE-2020-6460
    
        It was discovered that URL formatting was insufficiently validated.
    
    CVE-2020-6461
    
        Zhe Jin discovered a use-after-free issue.
    
    CVE-2020-6462
    
        Zhe Jin discovered a use-after-free issue in task scheduling.
    
    CVE-2020-6463
    
        Pawel Wylecial discovered a use-after-free issue in the ANGLE library.
    
    CVE-2020-6464
    
        Looben Yang discovered a type confusion issue in Blink/Webkit.
    
    CVE-2020-6465
    
        Woojin Oh discovered a use-after-free issue.
    
    CVE-2020-6466
    
        Zhe Jin discovered a use-after-free issue.
    
    CVE-2020-6467
    
        ZhanJia Song discovered a use-after-free issue in the WebRTC
        implementation.
    
    CVE-2020-6468
    
        Chris Salls and Jake Corina discovered a type confusion issue in the v8
        javascript library.
    
    CVE-2020-6469
    
        David Erceg discovered a policy enforcement error in the developer tools.
    
    CVE-2020-6470
    
        Michał Bentkowski discovered insufficient validation of untrusted input.
    
    CVE-2020-6471
    
        David Erceg discovered a policy enforcement error in the developer tools.
    
    CVE-2020-6472
    
        David Erceg discovered a policy enforcement error in the developer tools.
    
    CVE-2020-6473
    
        Soroush Karami and Panagiotis Ilia discovered a policy enforcement error
        in Blink/Webkit.
    
    CVE-2020-6474
    
        Zhe Jin discovered a use-after-free issue in Blink/Webkit.
    
    CVE-2020-6475
    
        Khalil Zhani discovered a user interface error.
    
    CVE-2020-6476
    
        Alexandre Le Borgne discovered a policy enforcement error.
    
    CVE-2020-6478
    
        Khalil Zhani discovered an implementation error in full screen mode.
    
    CVE-2020-6479
    
        Zhong Zhaochen discovered an implementation error.
    
    CVE-2020-6480
    
        Marvin Witt discovered a policy enforcement error.
    
    CVE-2020-6481
    
        Rayyan Bijoora discovered a policy enforcement error.
    
    CVE-2020-6482
    
        Abdulrahman Alqabandi discovered a policy enforcement error in the
        developer tools.
    
    CVE-2020-6483
    
        Jun Kokatsu discovered a policy enforcement error in payments.
    
    CVE-2020-6484
    
        Artem Zinenko discovered insufficient validation of user data in the
        ChromeDriver implementation.
    
    CVE-2020-6485
    
        Sergei Glazunov discovered a policy enforcement error.
    
    CVE-2020-6486
    
        David Erceg discovered a policy enforcement error.
    
    CVE-2020-6487
    
        Jun Kokatsu discovered a policy enforcement error.
    
    CVE-2020-6488
    
        David Erceg discovered a policy enforcement error.
    
    CVE-2020-6489
    
        @lovasoa discovered an implementation error in the developer tools.
    
    CVE-2020-6490
    
        Insufficient validation of untrusted data was discovered.
    
    CVE-2020-6491
    
        Sultan Haikal discovered a user interface error.
    
    CVE-2020-6493
    
        A use-after-free issue was discovered in the WebAuthentication
        implementation.
    
    CVE-2020-6494
    
        Juho Nurimen discovered a user interface error.
    
    CVE-2020-6495
    
        David Erceg discovered a policy enforcement error in the developer tools.
    
    CVE-2020-6496
    
        Khalil Zhani discovered a use-after-free issue in payments.
    
    CVE-2020-6497
    
        Rayyan Bijoora discovered a policy enforcement issue.
    
    CVE-2020-6498
    
        Rayyan Bijoora discovered a user interface error.
    
    CVE-2020-6505
    
        Khalil Zhani discovered a use-after-free issue.
    
    CVE-2020-6506
    
        Alesandro Ortiz discovered a policy enforcement error.
    
    CVE-2020-6507
    
        Sergei Glazunov discovered an out-of-bounds write issue in the v8
        javascript library.
    
    CVE-2020-6509
    
        A use-after-free issue was discovered in extensions.
    
    CVE-2020-6831
    
        Natalie Silvanovich discovered a buffer overflow issue in the SCTP
        library.
    
    For the oldstable distribution (stretch), security support for chromium
    has been discontinued.
    
    For the stable distribution (buster), these problems have been fixed in
    version 83.0.4103.116-1~deb10u1.
    
    We recommend that you upgrade your chromium packages.
    
    For the detailed security status of chromium please refer to
    its security tracker page at:
    https://security-tracker.debian.org/tracker/chromium
    
    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/
    
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    -----BEGIN PGP SIGNATURE-----
    
    iQQzBAEBCgAdFiEEIwTlZiOEpzUxIyp4mD40ZYkUaygFAl79PrwACgkQmD40ZYkU
    ayj+4yAAlij5zApfa++eXf4kRR0DaDUSLH20zppWCPo4Qj3MPsQFJ3F7onHl/aYS
    QATCCzF+ZcA7c6Dw2k4fLv/+UNhI6FS1uioddeF8NWDantMu1xVxBsesGJTUiJk8
    OatCzBXdhSF4Zr8VCNW6YsIoj2DKEY6e1bzjMxhzEWYzRDcX9pHbUZHX92b34A2M
    VlnLdlPhfheiHxwlo6oaIGyDIZfjmCqTmlgv8RsxgGXn6OhfqL0MIMeirZLW6qJO
    Pr/b2R35gN2jZkKvpJ/7m4rplwdN814Eo0dzkHXyry9VlhtRCxswYGfOkwDcZ6C4
    /cESMESZime1B1Vq+Y1Ip9OhPj6hFY8zdwm56WNJPIHx97SH4dMfzNWpqGv+1dKN
    6gQFUPeM0eTJr5wLb4lZJDx7DA3ioXbotmN/bb9PnIRI6pSVVZ2jXp6QRLpO0UmL
    Akc/JkyMy3woVRkdy1tRN64YnvLeJZGUpL4aPykvkS6tgv5Kh9HD04B7BOHQl0HO
    z3CAPdwA0rE2wXF0oHgDMgdf6GucfV5xIUHUDdpqpFmQWRHGjaKvD25CVn35FXmf
    /YSs8VAK+EGqvXbhWhs6rxLaZ2DxmhCMyQ6RxnQ8BtAtvdGQ/r9h+yUzUJK3+NOo
    8M67ADHz/bN2Iw4yQ57Bscq0bG6JlQ/2xEhu17cer2nw2X3cklckI6GaoRCIl/+M
    6JHsTqQ1vNKlcLB8rwpJY2APfJHWR2el07VrCsk6h/Ojn0E9aSAhQiyaEoy3Eh1E
    GafVuMPEgy2AzAOIhG6F1Kglt+S9SlaGFo0VDU00E4Fs0o/h1Wlu3/Goorpfz1qj
    ZKvodZ1lDWbb2fhVMGOX3kTSHIWwnDoYv7zZXLvPSmMr7+TpVLLu4RrYPzBhaFYo
    S3MMtYt7ZkVUufidT7dYb+E5QMjx2h7V2lQ6AaLAbLR9sjfpjqYQ+LNbhoMYo4US
    MVT5c9Gw9v3jLPwD2N9K7stngpAISMyAEdXNwUMcGCaqhAiU3mo4s7/kFkKugyMA
    NHt8oAsR6FZr9TNNrV4GX5HSsMpaYQIEMtyfi27UHlnEFEMteTjLi2aaK9Qg5LSX
    qSqArjx4uzPL/YQx1bbm58NkQsJ6eNSYw3U1OFnEr5xhygFeb8qZ4HYuGc/Yzq29
    j63tAshrWOu10I6DpZ8CjfI8VAv6xRkocW1oX9upEAP4E65iBzQiPbTQUZOexckt
    iXd0dR4zHwfnzYpaVO+0hqf2z8NbkHZ3J9/3xrwmFqz0fKeLvBlMCnFIJo3elayN
    uVnWN49zfreVQEE+NWjbEq2ScPygfYDrxc+nR6tZevlgLFvFTM3K2IwUMb8gnAS9
    wcrW+6H7AjxgM4bKEC0Uy/7gThkVDw==
    =15jh
    -----END PGP SIGNATURE-----
    
    

    LinuxSecurity Poll

    If you are using full-disk encryption: are you concerned about the resulting performance hit?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).
    /main-polls/34-if-you-are-using-full-disk-encryption-are-you-concerned-about-the-resulting-performance-hit?task=poll.vote&format=json
    34
    radio
    [{"id":"120","title":"Yes","votes":"14","type":"x","order":"1","pct":60.87,"resources":[]},{"id":"121","title":"No ","votes":"9","type":"x","order":"2","pct":39.13,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.