what you don't know can hurt you

Debian Security Advisory 4562-1

Debian Security Advisory 4562-1
Posted Nov 11, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4562-1 - Several vulnerabilities have been discovered in the chromium web browser.

tags | advisory, web, vulnerability
systems | linux, debian
advisories | CVE-2019-13659, CVE-2019-13660, CVE-2019-13661, CVE-2019-13662, CVE-2019-13663, CVE-2019-13664, CVE-2019-13665, CVE-2019-13666, CVE-2019-13667, CVE-2019-13668, CVE-2019-13669, CVE-2019-13670, CVE-2019-13671, CVE-2019-13673, CVE-2019-13674, CVE-2019-13675, CVE-2019-13676, CVE-2019-13677, CVE-2019-13678, CVE-2019-13679, CVE-2019-13680, CVE-2019-13681, CVE-2019-13682, CVE-2019-13683, CVE-2019-13685, CVE-2019-13686
MD5 | 51e287808c40898ffae74b8b36159d0a

Debian Security Advisory 4562-1

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- --------------------------------------------------------------------------
Debian Security Advisory DSA-4562-1 security@debian.org
https://www.debian.org/security/ Michael Gilbert
November 10, 2019 https://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package : chromium
CVE ID : CVE-2019-5869 CVE-2019-5870 CVE-2019-5871 CVE-2019-5872
CVE-2019-5874 CVE-2019-5875 CVE-2019-5876 CVE-2019-5877
CVE-2019-5878 CVE-2019-5879 CVE-2019-5880 CVE-2019-13659
CVE-2019-13660 CVE-2019-13661 CVE-2019-13662 CVE-2019-13663
CVE-2019-13664 CVE-2019-13665 CVE-2019-13666 CVE-2019-13667
CVE-2019-13668 CVE-2019-13669 CVE-2019-13670 CVE-2019-13671
CVE-2019-13673 CVE-2019-13674 CVE-2019-13675 CVE-2019-13676
CVE-2019-13677 CVE-2019-13678 CVE-2019-13679 CVE-2019-13680
CVE-2019-13681 CVE-2019-13682 CVE-2019-13683 CVE-2019-13685
CVE-2019-13686 CVE-2019-13687 CVE-2019-13688 CVE-2019-13691
CVE-2019-13692 CVE-2019-13693 CVE-2019-13694 CVE-2019-13695
CVE-2019-13696 CVE-2019-13697 CVE-2019-13699 CVE-2019-13700
CVE-2019-13701 CVE-2019-13702 CVE-2019-13703 CVE-2019-13704
CVE-2019-13705 CVE-2019-13706 CVE-2019-13707 CVE-2019-13708
CVE-2019-13709 CVE-2019-13710 CVE-2019-13711 CVE-2019-13713
CVE-2019-13714 CVE-2019-13715 CVE-2019-13716 CVE-2019-13717
CVE-2019-13718 CVE-2019-13719 CVE-2019-13720 CVE-2019-13721

Several vulnerabilities have been discovered in the chromium web browser.

CVE-2019-5869

Zhe Jin discovered a use-after-free issue.

CVE-2019-5870

Guang Gong discovered a use-after-free issue.

CVE-2019-5871

A buffer overflow issue was discovered in the skia library.

CVE-2019-5872

Zhe Jin discovered a use-after-free issue.

CVE-2019-5874

James Lee discovered an issue with external Uniform Resource Identifiers.

CVE-2019-5875

Khalil Zhani discovered a URL spoofing issue.

CVE-2019-5876

Man Yue Mo discovered a use-after-free issue.

CVE-2019-5877

Guang Gong discovered an out-of-bounds read issue.

CVE-2019-5878

Guang Gong discovered an use-after-free issue in the v8 javascript
library.

CVE-2019-5879

Jinseo Kim discover that extensions could read files on the local
system.

CVE-2019-5880

Jun Kokatsu discovered a way to bypass the SameSite cookie feature.

CVE-2019-13659

Lnyas Zhang discovered a URL spoofing issue.

CVE-2019-13660

Wenxu Wu discovered a user interface error in full screen mode.

CVE-2019-13661

Wenxu Wu discovered a user interface spoofing issue in full screen mode.

CVE-2019-13662

David Erceg discovered a way to bypass the Content Security Policy.

CVE-2019-13663

Lnyas Zhang discovered a way to spoof Internationalized Domain Names.

CVE-2019-13664

Thomas Shadwell discovered a way to bypass the SameSite cookie feature.

CVE-2019-13665

Jun Kokatsu discovered a way to bypass the multiple file download
protection feature.

CVE-2019-13666

Tom Van Goethem discovered an information leak.

CVE-2019-13667

Khalil Zhani discovered a URL spoofing issue.

CVE-2019-13668

David Erceg discovered an information leak.

CVE-2019-13669

Khalil Zhani discovered an authentication spoofing issue.

CVE-2019-13670

Guang Gong discovered a memory corruption issue in the v8 javascript
library.

CVE-2019-13671

xisigr discovered a user interface error.

CVE-2019-13673

David Erceg discovered an information leak.

CVE-2019-13674

Khalil Zhani discovered a way to spoof Internationalized Domain Names.

CVE-2019-13675

Jun Kokatsu discovered a way to disable extensions.

CVE-2019-13676

Wenxu Wu discovered an error in a certificate warning.

CVE-2019-13677

Jun Kokatsu discovered an error in the chrome web store.

CVE-2019-13678

Ronni Skansing discovered a spoofing issue in the download dialog window.

CVE-2019-13679

Conrad Irwin discovered that user activation was not required for
printing.

CVE-2019-13680

Thijs Alkamade discovered an IP address spoofing issue.

CVE-2019-13681

David Erceg discovered a way to bypass download restrictions.

CVE-2019-13682

Jun Kokatsu discovered a way to bypass the site isolation feature.

CVE-2019-13683

David Erceg discovered an information leak.

CVE-2019-13685

Khalil Zhani discovered a use-after-free issue.

CVE-2019-13686

Brendon discovered a use-after-free issue.

CVE-2019-13687

Man Yue Mo discovered a use-after-free issue.

CVE-2019-13688

Man Yue Mo discovered a use-after-free issue.

CVE-2019-13691

David Erceg discovered a user interface spoofing issue.

CVE-2019-13692

Jun Kokatsu discovered a way to bypass the Same Origin Policy.

CVE-2019-13693

Guang Gong discovered a use-after-free issue.

CVE-2019-13694

banananapenguin discovered a use-after-free issue.

CVE-2019-13695

Man Yue Mo discovered a use-after-free issue.

CVE-2019-13696

Guang Gong discovered a use-after-free issue in the v8 javascript library.

CVE-2019-13697

Luan Herrera discovered an information leak.

CVE-2019-13699

Man Yue Mo discovered a use-after-free issue.

CVE-2019-13700

Man Yue Mo discovered a buffer overflow issue.

CVE-2019-13701

David Erceg discovered a URL spoofing issue.

CVE-2019-13702

Phillip Langlois and Edward Torkington discovered a privilege escalation
issue in the installer.

CVE-2019-13703

Khalil Zhani discovered a URL spoofing issue.

CVE-2019-13704

Jun Kokatsu discovered a way to bypass the Content Security Policy.

CVE-2019-13705

Luan Herrera discovered a way to bypass extension permissions.

CVE-2019-13706

pdknsk discovered an out-of-bounds read issue in the pdfium library.

CVE-2019-13707

Andrea Palazzo discovered an information leak.

CVE-2019-13708

Khalil Zhani discovered an authentication spoofing issue.

CVE-2019-13709

Zhong Zhaochen discovered a way to bypass download restrictions.

CVE-2019-13710

bernardo.mrod discovered a way to bypass download restrictions.

CVE-2019-13711

David Erceg discovered an information leak.

CVE-2019-13713

David Erceg discovered an information leak.

CVE-2019-13714

Jun Kokatsu discovered an issue with Cascading Style Sheets.

CVE-2019-13715

xisigr discovered a URL spoofing issue.

CVE-2019-13716

Barron Hagerman discovered an error in the service worker implementation.

CVE-2019-13717

xisigr discovered a user interface spoofing issue.

CVE-2019-13718

Khalil Zhani discovered a way to spoof Internationalized Domain Names.

CVE-2019-13719

Khalil Zhani discovered a user interface spoofing issue.

CVE-2019-13720

Anton Ivanov and Alexey Kulaev discovered a use-after-free issue.

CVE-2019-13721

banananapenguin discovered a use-after-free issue in the pdfium library.

For the oldstable distribution (stretch), support for chromium has been
discontinued. Please upgrade to the stable release (buster) to continue
receiving chromium updates or switch to firefox, which continues to be
supported in the oldstable release.

For the stable distribution (buster), these problems have been fixed in
version 78.0.3904.97-1~deb10u1.

We recommend that you upgrade your chromium packages.

For the detailed security status of chromium please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/chromium

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl3IYPMACgkQEMKTtsN8
TjarCw//cLfuU3jwfGHyW0ZY/04XHbGZqtiXyzf8+g/TYg4EYB9YDKWjMMOVU7hP
U9K99gbo7WGFWDqOx25VpGRNqMUJiNh2Ay9KdbN/55W6vhQhr4Trg4g9FLhbNybq
aqP/F2ivY48sE+p6aMCN6sCYB8IY524vKSexnh45eepA5pqrK0vaNX9rWBOe8DRV
v65zbfidkCbgl8yOP4SQAixe3NUIHzAEV8+sXnnpLQY3IcSjEPwf0igYeIJyNbF6
UV1TmgTOY0/979Aas/K/03Gu+TCNSAOZdgXohXzdToNsFJkQB3n5qfI0bewZ1Lsg
GUAxgo6+72aEzim2XDWz3Vd+y3EuxpPzRRlE+lC+7GcBpjJtEXJEA3U0bJYHxfhH
+QbXDa3yfPSds7dSKOMwAPxwB+hwSqkyIlkuhlUnKlEaND+8Ndukd36/6Yk7loqQ
yNZOaPJNw5naaLUOrTGqI1BWeH7RZPvtYQdgQmoxSw9AQuhaYNKsfHiurcSnVPPt
xu2Kem4kMDraK6xJH5T6tKGGQF7/ih/+vtX6lkh05ZWBXDCeEYLPBVxkbWmb3EZ6
2PdHlmpxTIA8RJ3Nb3jc6eNksW7HpzMuKGcE52my/tEQCgBrUAHqUAtsYJNhbrF2
svfh2Zkhi/fbVhzk62Q1H0SiuvYoB/fa7aEwTulvJkbZB7eIbX8=6vq3
-----END PGP SIGNATURE-----

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

February 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    1 Files
  • 2
    Feb 2nd
    2 Files
  • 3
    Feb 3rd
    17 Files
  • 4
    Feb 4th
    15 Files
  • 5
    Feb 5th
    24 Files
  • 6
    Feb 6th
    16 Files
  • 7
    Feb 7th
    19 Files
  • 8
    Feb 8th
    1 Files
  • 9
    Feb 9th
    2 Files
  • 10
    Feb 10th
    15 Files
  • 11
    Feb 11th
    20 Files
  • 12
    Feb 12th
    12 Files
  • 13
    Feb 13th
    18 Files
  • 14
    Feb 14th
    17 Files
  • 15
    Feb 15th
    4 Files
  • 16
    Feb 16th
    4 Files
  • 17
    Feb 17th
    34 Files
  • 18
    Feb 18th
    15 Files
  • 19
    Feb 19th
    19 Files
  • 20
    Feb 20th
    20 Files
  • 21
    Feb 21st
    15 Files
  • 22
    Feb 22nd
    2 Files
  • 23
    Feb 23rd
    2 Files
  • 24
    Feb 24th
    16 Files
  • 25
    Feb 25th
    37 Files
  • 26
    Feb 26th
    15 Files
  • 27
    Feb 27th
    15 Files
  • 28
    Feb 28th
    4 Files
  • 29
    Feb 29th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close