데비안 보안 권고

DSA-4395-1 chromium -- 보안 업데이트

보고일:
2019년 02월 18일
영향 받는 패키지:
chromium
위험성:
보안 데이터베이스 참조:
Mitre의 CVE 사전: CVE-2018-17481, CVE-2019-5754, CVE-2019-5755, CVE-2019-5756, CVE-2019-5757, CVE-2019-5758, CVE-2019-5759, CVE-2019-5760, CVE-2019-5762, CVE-2019-5763, CVE-2019-5764, CVE-2019-5765, CVE-2019-5766, CVE-2019-5767, CVE-2019-5768, CVE-2019-5769, CVE-2019-5770, CVE-2019-5772, CVE-2019-5773, CVE-2019-5774, CVE-2019-5775, CVE-2019-5776, CVE-2019-5777, CVE-2019-5778, CVE-2019-5779, CVE-2019-5780, CVE-2019-5781, CVE-2019-5782, CVE-2019-5783, CVE-2019-5784.
추가 정보:

여러 취약점을 chromium 웹 브라우저에서 발견했습니다.

  • CVE-2018-17481

    A use-after-free issue was discovered in the pdfium library.

  • CVE-2019-5754

    Klzgrad discovered an error in the QUIC networking implementation.

  • CVE-2019-5755

    Jay Bosamiya discovered an implementation error in the v8 javascript library.

  • CVE-2019-5756

    A use-after-free issue was discovered in the pdfium library.

  • CVE-2019-5757

    Alexandru Pitis discovered a type confusion error in the SVG image format implementation.

  • CVE-2019-5758

    Zhe Jin discovered a use-after-free issue in blink/webkit.

  • CVE-2019-5759

    Almog Benin discovered a use-after-free issue when handling HTML pages containing select elements.

  • CVE-2019-5760

    Zhe Jin discovered a use-after-free issue in the WebRTC implementation.

  • CVE-2019-5762

    A use-after-free issue was discovered in the pdfium library.

  • CVE-2019-5763

    Guang Gon discovered an input validation error in the v8 javascript library.

  • CVE-2019-5764

    Eyal Itkin discovered a use-after-free issue in the WebRTC implementation.

  • CVE-2019-5765

    Sergey Toshin discovered a policy enforcement error.

  • CVE-2019-5766

    David Erceg discovered a policy enforcement error.

  • CVE-2019-5767

    Haoran Lu, Yifan Zhang, Luyi Xing, and Xiaojing Liao reported an error in the WebAPKs user interface.

  • CVE-2019-5768

    Rob Wu discovered a policy enforcement error in the developer tools.

  • CVE-2019-5769

    Guy Eshel discovered an input validation error in blink/webkit.

  • CVE-2019-5770

    hemidallt discovered a buffer overflow issue in the WebGL implementation.

  • CVE-2019-5772

    Zhen Zhou discovered a use-after-free issue in the pdfium library.

  • CVE-2019-5773

    Yongke Wong discovered an input validation error in the IndexDB implementation.

  • CVE-2019-5774

    Junghwan Kang and Juno Im discovered an input validation error in the SafeBrowsing implementation.

  • CVE-2019-5775

    evil1m0 discovered a policy enforcement error.

  • CVE-2019-5776

    Lnyas Zhang discovered a policy enforcement error.

  • CVE-2019-5777

    Khalil Zhani discovered a policy enforcement error.

  • CVE-2019-5778

    David Erceg discovered a policy enforcement error in the Extensions implementation.

  • CVE-2019-5779

    David Erceg discovered a policy enforcement error in the ServiceWorker implementation.

  • CVE-2019-5780

    Andreas Hegenberg discovered a policy enforcement error.

  • CVE-2019-5781

    evil1m0 discovered a policy enforcement error.

  • CVE-2019-5782

    Qixun Zhao discovered an implementation error in the v8 javascript library.

  • CVE-2019-5783

    Shintaro Kobori discovered an input validation error in the developer tools.

  • CVE-2019-5784

    Lucas Pinheiro discovered an implementation error in the v8 javascript library.

안정 배포(stretch)에서, 이 문제를 버전 72.0.3626.96-1~deb9u1에서 고쳤습니다.

chromium 패키지를 업그레이드 하는 게 좋습니다.

chromium의 자세한 보안 상태는 보안 추적 페이지 참조:: https://security-tracker.debian.org/tracker/chromium