lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Date: Sun, 31 Mar 2019 15:40:14 -0400
From: Michael Gilbert <mgilbert@...ian.org>
To: bugtraq@...urityfocus.com
Subject: [SECURITY] [DSA 4421-1] chromium security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4421-1                   security@...ian.org
https://www.debian.org/security/                          Michael Gilbert
March 31, 2019                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : chromium
CVE ID         : CVE-2019-5787 CVE-2019-5788 CVE-2019-5789 CVE-2019-5790
                 CVE-2019-5791 CVE-2019-5792 CVE-2019-5793 CVE-2019-5794
                 CVE-2019-5795 CVE-2019-5796 CVE-2019-5797 CVE-2019-5798
                 CVE-2019-5799 CVE-2019-5800 CVE-2019-5802 CVE-2019-5803

Several vulnerabilities have been discovered in the chromium web browser.

CVE-2019-5787

    Zhe Jin discovered a use-after-free issue.

CVE-2019-5788

    Mark Brand discovered a use-after-free issue in the in the FileAPI
    implementation.

CVE-2019-5789

    Mark Brand discovered a use-after-free issue in the in the WebMIDI
    implementation.

CVE-2019-5790

    Dimitri Fourny discovered a buffer overflow issue in the v8 javascript
    library.

CVE-2019-5791

    Choongwoo Han discovered a type confusion issue in the v8 javascript
    library.

CVE-2019-5792

    pdknsk discovered an integer overflow issue in the pdfium library.

CVE-2019-5793

    Jun Kokatsu discovered a permissions issue in the Extensions
    implementation.

CVE-2019-5794

    Juno Im of Theori discovered a user interface spoofing issue.

CVE-2019-5795

    pdknsk discovered an integer overflow issue in the pdfium library.

CVE-2019-5796

    Mark Brand discovered a race condition in the Extensions implementation.

CVE-2019-5797

    Mark Brand discovered a race condition in the DOMStorage implementation.

CVE-2019-5798

    Tran Tien Hung disoceved an out-of-bounds read issue in the skia library.

CVE-2019-5799

    sohalt discovered a way to bypass the Content Security Policy.

CVE-2019-5800

    Jun Kokatsu discovered a way to bypass the Content Security Policy.

CVE-2019-5802

    Ronni Skansing discovered a user interface spoofing issue.

CVE-2019-5803

    Andrew Comminos discovered a way to bypass the Content Security Policy.

For the stable distribution (stretch), these problems have been fixed in
version 73.0.3683.75-1~deb9u1.

We recommend that you upgrade your chromium packages.

For the detailed security status of chromium please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/chromium

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@...ts.debian.org
-----BEGIN PGP SIGNATURE-----

iQQzBAEBCgAdFiEEluhy7ASCBulP9FUWuNayzQLW9HMFAlyhFtQACgkQuNayzQLW
9HObTx//fcUdPrGy1LSyubHBOocVFnh0BDaljGywbCWCEThuXDoCJM24d41+tscd
MH3/Ule85bBm5c7wJiURgWXvNjUUeWvAafnCkXiwGvzpx6/U3DDnp1Af/CTMBT8k
6QTmhuzEqFt5Nf3UCXrfdR8I4ZZiwdE+7znS1P/3IPxjSyT9AOTcbOJzGm94Ig+I
t0Lvvcb8dcA0h9ETsvau5lXoLpsLkEzl8rGZlaof1uWZIbyEm+xxC6QcteooTsZd
oo30EgYeAlBsndkapzbVhQZD/SgmNvgIspMXrFP6rA5rNuFAJi5W92eApr5EKpLY
O5mISCYY5naCUhE/QDWPoaUyFiOV0D5mycIuieYLBFT0LjU41xjSuuh1M3KV49Er
fBeENaC1D9pehKQOH5aoa0ug0uzxyjzhOuBFQp/lMsuYlIWzD+HCo7EyPXFK13j+
2pIoUKqi8/CymSD8qj/LPmcFWKMNuR47CHUb2FVvQeyrAzRKAPJeB616xetYFSEW
23zzLdt09DhGitRhzGpSNj08Ata/uTcHfWgZdYPEeKNituVa0PrFvZ1V3Ki6WeeY
ulMoeW/GWTcfhcpauv84BXpy0oPFXCDYxYRgdxBtVtBbc35JZ39aJvmrdOOUIlff
mPaadmoe2Jp0GQZY24gmb2AX4y7bRD+gR1jvISsXr0749N+GvRmZBgiP7LfodCp4
chlw4GKtyhE8ZwdihPwt7q/7DNV/vfhiEmysdhkYq6NSicYlVBZ39qjv0e3pBXOm
bksuk/yRGvdPxQWdJ2OWuQY9DFxaLJduhNg6JLftMdCYSNtY6J8q/N5qm1oAGEqV
Pf3MB72OePHGL6aOyYeOI46q2il881gFp8HDeQYVpVQh14/YFAvXf8l77jb+7701
ZERMSzHkadybixmQW9VK0cEgXV9qrO+VwSQ+wz7c6UClTskPKT/+cVIfr4sfpIBh
AQ2u8TAIt2gxFbJv+T8y1gvGQaglR93W+WVYocBnw6MdBV5xdecnrj6KwzeGB7f0
/1T7c1Fv2+xE3OZRiQdXM1CFwh4YtjYsJwB4inYArR8ud9b/RQ2j1AFzX+pqzRjS
SIdY/AHcMV1gOvtJ8rUrl2WleIaX+GYblskZLqxx0lwpJ0Q+i9lSeRBD1oeHcHXm
cLOrbzKeYeIm7tAWQgV29Rg1Elm4gjQTjFWT49TmZ+FVjTjrupkNsskYfkqe/Xzt
geEUj0uAyz3lotRSUL/x5cIsKqAybTREUMjN9NHUuOQTvshUv1ltP92p3QENfhlg
OtS+ICE2LzR1DfpgvC40ZbM1Vb+ydy9aOrCG9+O968vBIzHO5J8zgvANnzevy8Ml
oVASke41lHKH0wFa2CMi1c/UNAJL0g==
=DdTh
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists