Commit 17a023fe authored by Lev Lamberov's avatar Lev Lamberov

[SECURITY] [DSA 4395-1] chromium security update

parent 16d42027
<define-tag pagetitle>DSA-4395-1 chromium</define-tag>
<define-tag report_date>2019-2-18</define-tag>
<define-tag secrefs>CVE-2018-17481 CVE-2019-5754 CVE-2019-5755 CVE-2019-5756 CVE-2019-5757 CVE-2019-5758 CVE-2019-5759 CVE-2019-5760 CVE-2019-5762 CVE-2019-5763 CVE-2019-5764 CVE-2019-5765 CVE-2019-5766 CVE-2019-5767 CVE-2019-5768 CVE-2019-5769 CVE-2019-5770 CVE-2019-5772 CVE-2019-5773 CVE-2019-5774 CVE-2019-5775 CVE-2019-5776 CVE-2019-5777 CVE-2019-5778 CVE-2019-5779 CVE-2019-5780 CVE-2019-5781 CVE-2019-5782 CVE-2019-5783 CVE-2019-5784</define-tag>
<define-tag packages>chromium</define-tag>
<define-tag isvulnerable>yes</define-tag>
<define-tag fixed>yes</define-tag>
<define-tag fixed-section>no</define-tag>
#use wml::debian::security
</dl>
<define-tag description>security update</define-tag>
<define-tag moreinfo>
<p>Several vulnerabilities have been discovered in the chromium web browser.</p>
<ul>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2018-17481">CVE-2018-17481</a>
<p>A use-after-free issue was discovered in the pdfium library.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2019-5754">CVE-2019-5754</a>
<p>Klzgrad discovered an error in the QUIC networking implementation.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2019-5755">CVE-2019-5755</a>
<p>Jay Bosamiya discovered an implementation error in the v8 javascript
library.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2019-5756">CVE-2019-5756</a>
<p>A use-after-free issue was discovered in the pdfium library.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2019-5757">CVE-2019-5757</a>
<p>Alexandru Pitis discovered a type confusion error in the SVG image
format implementation.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2019-5758">CVE-2019-5758</a>
<p>Zhe Jin discovered a use-after-free issue in blink/webkit.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2019-5759">CVE-2019-5759</a>
<p>Almog Benin discovered a use-after-free issue when handling HTML pages
containing select elements.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2019-5760">CVE-2019-5760</a>
<p>Zhe Jin discovered a use-after-free issue in the WebRTC implementation.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2019-5762">CVE-2019-5762</a>
<p>A use-after-free issue was discovered in the pdfium library.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2019-5763">CVE-2019-5763</a>
<p>Guang Gon discovered an input validation error in the v8 javascript
library.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2019-5764">CVE-2019-5764</a>
<p>Eyal Itkin discovered a use-after-free issue in the WebRTC implementation.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2019-5765">CVE-2019-5765</a>
<p>Sergey Toshin discovered a policy enforcement error.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2019-5766">CVE-2019-5766</a>
<p>David Erceg discovered a policy enforcement error.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2019-5767">CVE-2019-5767</a>
<p>Haoran Lu, Yifan Zhang, Luyi Xing, and Xiaojing Liao reported an error
in the WebAPKs user interface.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2019-5768">CVE-2019-5768</a>
<p>Rob Wu discovered a policy enforcement error in the developer tools.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2019-5769">CVE-2019-5769</a>
<p>Guy Eshel discovered an input validation error in blink/webkit.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2019-5770">CVE-2019-5770</a>
<p>hemidallt discovered a buffer overflow issue in the WebGL implementation.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2019-5772">CVE-2019-5772</a>
<p>Zhen Zhou discovered a use-after-free issue in the pdfium library.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2019-5773">CVE-2019-5773</a>
<p>Yongke Wong discovered an input validation error in the IndexDB
implementation.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2019-5774">CVE-2019-5774</a>
<p>Jnghwan Kang and Juno Im discovered an input validation error in the
SafeBrowsing implementation.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2019-5775">CVE-2019-5775</a>
<p>evil1m0 discovered a policy enforcement error.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2019-5776">CVE-2019-5776</a>
<p>Lnyas Zhang discovered a policy enforcement error.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2019-5777">CVE-2019-5777</a>
<p>Khalil Zhani discovered a policy enforcement error.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2019-5778">CVE-2019-5778</a>
<p>David Erceg discovered a policy enforcement error in the Extensions
implementation.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2019-5779">CVE-2019-5779</a>
<p>David Erceg discovered a policy enforcement error in the ServiceWorker
implementation.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2019-5780">CVE-2019-5780</a>
<p>Andreas Hegenberg discovered a policy enforcement error.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2019-5781">CVE-2019-5781</a>
<p>evil1m0 discovered a policy enforcement error.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2019-5782">CVE-2019-5782</a>
<p>Qixun Zhao discovered an implementation error in the v8 javascript library.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2019-5783">CVE-2019-5783</a>
<p>Shintaro Kobori discovered an input validation error in the developer
tools.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2019-5784">CVE-2019-5784</a>
<p>Lucas Pinheiro discovered an implementation error in the v8 javascript
library.</p></li>
</ul>
<p>For the stable distribution (stretch), these problems have been fixed in
version 72.0.3626.96-1~deb9u1.</p>
<p>We recommend that you upgrade your chromium packages.</p>
<p>For the detailed security status of chromium please refer to
its security tracker page at:
<a href="https://security-tracker.debian.org/tracker/chromium">\
https://security-tracker.debian.org/tracker/chromium</a></p>
</define-tag>
# do not modify the following line
#include "$(ENGLISHDIR)/security/2019/dsa-4395.data"
# $Id: $
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment