security advisorydebiancritical update
. -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512 - -------------------------------------------------------------------------Debian Security Advisory DSA-4638-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Michael Gilbert March 10, 2020 https://www.debian.org/security/faq - -------------------------------------------------------------------------Package : chromium CVE ID : CVE-2019-19880 CVE-2019-19923 CVE-2019-19925 CVE-2019-19926 CVE-2020-6381 CVE-2020-6382 CVE-2020-6383 CVE-2020-6384 CVE-2020-6385 CVE-2020-6386 CVE-2020-6387 CVE-2020-6388 CVE-2020-6389 CVE-2020-6390 CVE-2020-6391 CVE-2020-6392 CVE-2020-6393 CVE-2020-6394 CVE-2020-6395 CVE-2020-6396 CVE-2020-6397 CVE-2020-6398 CVE-2020-6399 CVE-2020-6400 CVE-2020-6401 CVE-2020-6402 CVE-2020-6403 CVE-2020-6404 CVE-2020-6405 CVE-2020-6406 CVE-2020-6407 CVE-2020-6408 CVE-2020-6409 CVE-2020-6410 CVE-2020-6411 CVE-2020-6412 CVE-2020-6413 CVE-2020-6414 CVE-2020-6415 CVE-2020-6416 CVE-2020-6418 CVE-2020-6420 Several vulnerabilities have been discovered in the chromium web browser. CVE-2019-19880 Richard Lorenz discovered an issue in the sqlite library. CVE-2019-19923 Richard Lorenz discovered an out-of-bounds read issue in the sqlite library. CVE-2019-19925 Richard Lorenz discovered an issue in the sqlite library. CVE-2019-19926 Richard Lorenz discovered an implementation error in the sqlite library. CVE-2020-6381 UK's National Cyber Security Centre discovered an integer overflow issue in the v8 javascript library. CVE-2020-6382 Soyeon Park and Wen Xu discovered a type error in the v8 javascript library. CVE-2020-6383 Sergei Glazunov discovered a type error in the v8 javascript library. CVE-2020-6384 David Manoucheri discovered a use-after-free issue in WebAudio. CVE-2020-6385 Sergei Glazunov discovered a policy enforcement error. CVE-2020-6386 Zhe Jin discovered a use-after-free issue in speech processing. CVE-2020-6387 Natalie Silvanovich discovered an out-of-bounds write error in the WebRTC implementation. CVE-2020-6388 Sergei Glazunov discovered an out-of-bounds read error in the WebRTC implementation. CVE-2020-6389 Natalie Silvanovich discovered an out-of-bounds write error in the WebRTC implementation. CVE-2020-6390 Sergei Glazunov discovered an out-of-bounds read error. CVE-2020-6391 Michał Bentkowski discoverd that untrusted input was insufficiently validated. CVE-2020-6392 The Microsoft Edge Team discovered a policy enforcement error. CVE-2020-6393 Mark Amery discovered a policy enforcement error. CVE-2020-6394 Phil Freo discovered a policy enforcement error. CVE-2020-6395 Pierre Langlois discovered an out-of-bounds read error in the v8 javascript library. CVE-2020-6396 William Luc Ritchie discovered an error in the skia library. CVE-2020-6397 Khalil Zhani discovered a user interface error. CVE-2020-6398 pdknsk discovered an uninitialized variable in the pdfium library. CVE-2020-6399 Luan Herrera discovered a policy enforcement error. CVE-2020-6400 Takashi Yoneuchi discovered an error in Cross-Origin Resource Sharing. CVE-2020-6401 Tzachy Horesh discovered that user input was insufficiently validated. CVE-2020-6402 Vladimir Metnew discovered a policy enforcement error. CVE-2020-6403 Khalil Zhani discovered a user interface error. CVE-2020-6404 kanchi discovered an error in Blink/Webkit. CVE-2020-6405 Yongheng Chen and Rui Zhong discovered an out-of-bounds read issue in the sqlite library. CVE-2020-6406 Sergei Glazunov discovered a use-after-freeissue. CVE-2020-6407 Sergei Glazunov discovered an out-of-bounds read error. CVE-2020-6408 Zhong Zhaochen discovered a policy enforcement error in Cross-Origin Resource Sharing. CVE-2020-6409 Divagar S and Bharathi V discovered an error in the omnibox implementation. CVE-2020-6410 evil1m0 discovered a policy enforcement error. CVE-2020-6411 Khalil Zhani discovered that user input was insufficiently validated. CVE-2020-6412 Zihan Zheng discovered that user input was insufficiently validated. CVE-2020-6413 Michał Bentkowski discovered an error in Blink/Webkit. CVE-2020-6414 Lijo A.T discovered a policy safe browsing policy enforcement error. CVE-2020-6415 Avihay Cohen discovered an implementation error in the v8 javascript library. CVE-2020-6416 Woojin Oh discovered that untrusted input was insufficiently validated. CVE-2020-6418 Clement Lecigne discovered a type error in the v8 javascript library. CVE-2020-6420 Taras Uzdenov discovered a policy enforcement error. For the oldstable distribution (stretch), security support for chromium has been discontinued. For the stable distribution (buster), these problems have been fixed in version 80.0.3987.132-1~deb10u1. We recommend that you upgrade your chromium packages. For the detailed security status of chromium please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/chromium Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. -----BEGIN PGPSIGNATURE-----iQQzBAEBCgAdFiEEIwTlZiOEpzUxIyp4mD40ZYkUaygFAl5oNcAACgkQmD40ZYkU ayh0Rh/+PrQfatkM3FrjJJww29+dsIOZ3S2MGR6mggmYcfN8VBIurnBoa/T48RpX PH0JtNNXmGFXgByL877ykk9cgWeFgnTYlxc5RICKup2qlcZrXugqhN029AtjlMwl Ynw2tbgyHEEh+aRg/tiMMMDYhDtQpnIpgKJ3L206F9KEpjxgnCAuLMbabwfgf4lX +5ErU+4LEhWBESkUJCEJA/OFCFfsfBVaz+H564PgsIh1OG/Sm4QL0DoYma3iN+KQ f/jFejdSFkiTNfZgRmcOU2dqvzf0qfY/iJWrma/RPiF8r5ta5Ew65qoodCxz1pB5 Q7A2c/4ckNYpe+RvafkHZ7TX13IHYOPTaG2lR/lCK0wyuTi1m6KceI6O9fR7mrii pV9cnTFFYFV2i/Hjq59LFlVh3gfBU9fiO2cps/SVVpCkenxvD372S8NCijBWd3we K1xmyhmR07zTircuY305T8Sj5qJ/Gb+V0uvhOPeBhkC1cTHUSf/oeU2r+L2fnl41 ctYUfXIfwG5aqr47Q5N+6WuxZMJW/eTHA765/5HhLysyXqw7/fUWrZDU6G6wS9Ij 2pxFzxl2NFHbAl7rBRyrOVfzIT6lAj5OJhqktwI5+8ZSqOO0c+ETkZekfMJXB/H9 +mX1FLAJtxpDKwpqNWt3ZW/vdWF2fnnHifE3BmrdvAv6aBklUWmRGJwBA8/8YTjD noxg4JZG58GNonsU641iwP0YR4ncI2o0Qq7+plPzm+iG4iiLBsL6+zRe1hAaS38Q TZioSM3QVsFPKcWQ9pn3xengFVGsMaDH/nAHUfxyD4y6VEvIfJGQsNm2CN9c9Sz1 2ZltQIwtKPe0N2iEA/edzIzINrAmg9g7JB9h2XAsSU+48NtkVZ8gk2nzu/oreRDR EWe8PNPkHfWDQMv31TcXmqrZfS3RjmoOzlJxOk4iuYnhkhUpv2N/IuhOrVUg0e1v kVZiRUpdJAh31dKEUNTlEkNH5aCWELhxlr6FJb1tLYqV8Cfg7rHxB9knTzdgz93d MTsN2Ig6J+bDsBi8HclE0gYLwCbdGx08bFth7Tyd/WbdAlhaZaoMfZkTWXm9rl3e ReLx4VEZh8fEAXnYU7EqPuWv2UiQBQYSD713+WCmSNCnM7uDkobCJ1CF961FcX7u BtnFsjE5F1F7bE+FP9zOHXd3fhYCJHkKcg+BTNxYn9ORMYQhhfK0ms5awNT4CyFX AeWQh5/szmJHowmgfgRmcVSkHNK02R984kvYnRd+oqJg6R+P8PSZWXTmS0X2RnU3 BdoniwUi2Qrtx++E5KtH+qFUEaKJTB5NYub87ZVGJ1wvsHxAQxCW1iOcrZ7KV+Ly Cf9ugJha6dD2cjM09JPVBrHMzJVKbA==Ho61 -----END PGP SIGNATURE----- . Update your Debian chromium software packages in light of numerous patches addressing vulnerabilities such as buffer overflows and security policy misconfigurations.. Debian Chromium Security Update, Browser Security Advisory, Policy Enforcement Errors. . Severity: Critical. LinuxSecurity.com Team
Mar 10, 2020
•Critical
Debian
Refine advisories
