Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2020.0213 chromium security update 21 January 2020 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: chromium Publisher: Debian Operating System: Debian GNU/Linux 10 Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Denial of Service -- Remote with User Interaction Provide Misleading Information -- Remote with User Interaction Access Confidential Data -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2020-6380 CVE-2020-6379 CVE-2020-6378 CVE-2020-6377 CVE-2019-13767 CVE-2019-13764 CVE-2019-13763 CVE-2019-13762 CVE-2019-13761 CVE-2019-13759 CVE-2019-13758 CVE-2019-13757 CVE-2019-13756 CVE-2019-13755 CVE-2019-13754 CVE-2019-13753 CVE-2019-13752 CVE-2019-13751 CVE-2019-13750 CVE-2019-13749 CVE-2019-13748 CVE-2019-13747 CVE-2019-13746 CVE-2019-13745 CVE-2019-13744 CVE-2019-13743 CVE-2019-13742 CVE-2019-13741 CVE-2019-13740 CVE-2019-13739 CVE-2019-13738 CVE-2019-13737 CVE-2019-13736 CVE-2019-13735 CVE-2019-13734 CVE-2019-13732 CVE-2019-13730 CVE-2019-13729 CVE-2019-13728 CVE-2019-13727 CVE-2019-13726 CVE-2019-13725 CVE-2019-1376 CVE-2019-1375 CVE-2019-1374 CVE-2019-1373 CVE-2019-1372 Reference: ESB-2020.0134 ESB-2020.0042 ASB-2020.0032 Original Bulletin: http://www.debian.org/security/2020/dsa-4606 - --------------------------BEGIN INCLUDED TEXT-------------------- - ------------------------------------------------------------------------- Debian Security Advisory DSA-4606-1 security@debian.org https://www.debian.org/security/ Michael Gilbert January 20, 2020 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : chromium CVE ID : CVE-2019-13725 CVE-2019-13726 CVE-2019-13727 CVE-2019-13728 CVE-2019-13729 CVE-2019-13730 CVE-2019-13732 CVE-2019-13734 CVE-2019-13735 CVE-2019-13736 CVE-2019-13737 CVE-2019-13738 CVE-2019-13739 CVE-2019-13740 CVE-2019-13741 CVE-2019-13742 CVE-2019-13743 CVE-2019-13744 CVE-2019-13745 CVE-2019-13746 CVE-2019-13747 CVE-2019-13748 CVE-2019-13749 CVE-2019-13750 CVE-2019-13751 CVE-2019-13752 CVE-2019-13753 CVE-2019-13754 CVE-2019-13755 CVE-2019-13756 CVE-2019-13757 CVE-2019-13758 CVE-2019-13759 CVE-2019-13761 CVE-2019-13762 CVE-2019-13763 CVE-2019-13764 CVE-2019-13767 CVE-2020-6377 CVE-2020-6378 CVE-2020-6379 CVE-2020-6380 Several vulnerabilities have been discovered in the chromium web browser. CVE-2019-13725 Gengming Liu and Jianyu Chen discovered a use-after-free issue in the bluetooth implementation. CVE-2019-13726 Sergei Lazunov discovered a buffer overflow issue. CVE-2019-13727 @piochu discovered a policy enforcement error. CVE-2019-13728 Rong Jian and Guang Gong discovered an out-of-bounds write error in the v8 javascript library. CVE-2019-13729 Zhe Jin discovered a use-after-free issue. CVE-2019-13730 Soyeon Park and Wen Xu discovered the use of a wrong type in the v8 javascript library. CVE-2019-13732 Sergei Glazunov discovered a use-after-free issue in the WebAudio implementation. CVE-2019-13734 Wenxiang Qian discovered an out-of-bounds write issue in the sqlite library. CVE-2019-13735 Gengming Liu and Zhen Feng discovered an out-of-bounds write issue in the v8 javascript library. CVE-2019-13736 An integer overflow issue was discovered in the pdfium library. CVE-2019-13737 Mark Amery discovered a policy enforcement error. CVE-2019-13738 Johnathan Norman and Daniel Clark discovered a policy enforcement error= . CVE-2019-13739 xisigr discovered a user interface error. CVE-2019-13740 Khalil Zhani discovered a user interface error. CVE-2019-13741 Micha=C5=82 Bentkowski discovered that user input could be incompletely validated. CVE-2019-13742 Khalil Zhani discovered a user interface error. CVE-2019-13743 Zhiyang Zeng discovered a user interface error. CVE-2019-13744 Prakash discovered a policy enforcement error. CVE-2019-13745 Luan Herrera discovered a policy enforcement error. CVE-2019-13746 David Erceg discovered a policy enforcement error. CVE-2019-13747 Ivan Popelyshev and Andrea Bonatti discovered an uninitialized value. CVE-2019-13748 David Erceg discovered a policy enforcement error. CVE-2019-13749 Khalil Zhani discovered a user interface error. CVE-2019-13750 Wenxiang Qian discovered insufficient validation of data in the sqlite library. CVE-2019-13751 Wenxiang Qian discovered an uninitialized value in the sqlite library. CVE-2019-13752 Wenxiang Qian discovered an out-of-bounds read issue in the sqlite library. CVE-2019-13753 Wenxiang Qian discovered an out-of-bounds read issue in the sqlite library. CVE-2019-13754 Cody Crews discovered a policy enforcement error. CVE-2019-13755 Masato Kinugawa discovered a policy enforcement error. CVE-2019-13756 Khalil Zhani discovered a user interface error. CVE-2019-13757 Khalil Zhani discovered a user interface error. CVE-2019-13758 Khalil Zhani discovered a policy enforecement error. CVE-2019-13759 Wenxu Wu discovered a user interface error. CVE-2019-13761 Khalil Zhani discovered a user interface error. CVE-2019-13762 csanuragjain discovered a policy enforecement error. CVE-2019-13763 weiwangpp93 discovered a policy enforecement error. CVE-2019-13764 Soyeon Park and Wen Xu discovered the use of a wrong type in the v8 javascript library. CVE-2019-13767 Sergei Glazunov discovered a use-after-free issue. CVE-2020-6377 Zhe Jin discovered a use-after-free issue. CVE-2020-6378 Antti Levomki and Christian Jalio discovered a use-after-free issue. CVE-2020-6379 Guang Gong discovered a use-after-free issue. CVE-2020-6380 Sergei Glazunov discovered an error verifying extension messages. For the oldstable distribution (stretch), security support for chromium has been discontinued. For the stable distribution (buster), these problems have been fixed in version 79.0.3945.130-1~deb10u1. We recommend that you upgrade your chromium packages. For the detailed security status of chromium please refer to its security tracker page at: https://security-tracker.debian.org/tracker/chromium Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXiaKtmaOgq3Tt24GAQhYjhAAqwrR9kv+dz81+I2r/HIXM7EO2pqz3EAm bdZ5xEKTHEwUz7AjqxpvKesHO1HjT67zYeNkT4+lgs8cjzKq0wIzViuGa7d4MeXX vgj6thS8l05SKjr6MSZJBABy9wOjA5EtD2UfsvEddOkzPzelXqlsObvL0Jej/dxH 6tEU+O2hI+v3GP9mNvEB7EoWzNQCKJa6TOWWRgqgsvmjfZpht8DPcozfij/06A5M P7nB/k6v9fLzCrF1z0ZqeWPjrHtVUx2Lll5l3vc6mixSnWqrWmCHaCbr1WVDrM2y P6MwS37Qkh3XkuMnjL4D9ZL1sCyki4eKLxe/A20lGWN5ZBGHX5A+LYnxCKF0BUJB A0McF6Vpsy88WjFK/hbDhOU/LpiZTzNHWt4GBOxMpkf/1vCWtDkwqsP9OJHO0wQG 0LbDZF/b1DkUcZqjGxr5UMApsyP42nbT3FlFtzUbnOpV4mFuQ0sf4RQ/scD+jtWT CeVgOt4M8Lvy6EOln+IKkdsfG4FMxpE5v3hIG+uuSBD0XpBtjtn3C51twbcTK137 xOra26Za2UwbnIeDidsk5z6TOo22r2pwbn+O3awE4kVwfjRkwFXrQ/1bSg9gi9/X ExjIWoIiFp061ECbxvhTEZpYiIIldYnCD8/ZDL1MjKHk3FVEV0Em7fDdWsCR3xT0 Kg/AHmBZcEc= =Mu+C -----END PGP SIGNATURE-----