주의: 이 번역은 원문보다 오래되었습니다.

데비안 보안 권고

DSA-4638-1 chromium -- 보안 업데이트

보고일:
2020년 03월 10일
영향 받는 패키지:
chromium
위험성:
보안 데이터베이스 참조:
Mitre의 CVE 사전: CVE-2019-19880, CVE-2019-19923, CVE-2019-19925, CVE-2019-19926, CVE-2020-6381, CVE-2020-6382, CVE-2020-6383, CVE-2020-6384, CVE-2020-6385, CVE-2020-6386, CVE-2020-6387, CVE-2020-6388, CVE-2020-6389, CVE-2020-6390, CVE-2020-6391, CVE-2020-6392, CVE-2020-6393, CVE-2020-6394, CVE-2020-6395, CVE-2020-6396, CVE-2020-6397, CVE-2020-6398, CVE-2020-6399, CVE-2020-6400, CVE-2020-6401, CVE-2020-6402, CVE-2020-6403, CVE-2020-6404, CVE-2020-6405, CVE-2020-6406, CVE-2020-6407, CVE-2020-6408, CVE-2020-6409, CVE-2020-6410, CVE-2020-6411, CVE-2020-6412, CVE-2020-6413, CVE-2020-6414, CVE-2020-6415, CVE-2020-6416, CVE-2020-6418, CVE-2020-6420.
추가 정보:

여러 취약점을 chromium 웹 브라우저에서 발견.

  • CVE-2019-19880

    Richard Lorenz discovered an issue in the sqlite library.

  • CVE-2019-19923

    Richard Lorenz discovered an out-of-bounds read issue in the sqlite library.

  • CVE-2019-19925

    Richard Lorenz discovered an issue in the sqlite library.

  • CVE-2019-19926

    Richard Lorenz discovered an implementation error in the sqlite library.

  • CVE-2020-6381

    UK's National Cyber Security Centre discovered an integer overflow issue in the v8 javascript library.

  • CVE-2020-6382

    Soyeon Park and Wen Xu discovered a type error in the v8 javascript library.

  • CVE-2020-6383

    Sergei Glazunov discovered a type error in the v8 javascript library.

  • CVE-2020-6384

    David Manoucheri discovered a use-after-free issue in WebAudio.

  • CVE-2020-6385

    Sergei Glazunov discovered a policy enforcement error.

  • CVE-2020-6386

    Zhe Jin discovered a use-after-free issue in speech processing.

  • CVE-2020-6387

    Natalie Silvanovich discovered an out-of-bounds write error in the WebRTC implementation.

  • CVE-2020-6388

    Sergei Glazunov discovered an out-of-bounds read error in the WebRTC implementation.

  • CVE-2020-6389

    Natalie Silvanovich discovered an out-of-bounds write error in the WebRTC implementation.

  • CVE-2020-6390

    Sergei Glazunov discovered an out-of-bounds read error.

  • CVE-2020-6391

    Michał Bentkowski discoverd that untrusted input was insufficiently validated.

  • CVE-2020-6392

    The Microsoft Edge Team discovered a policy enforcement error.

  • CVE-2020-6393

    Mark Amery discovered a policy enforcement error.

  • CVE-2020-6394

    Phil Freo discovered a policy enforcement error.

  • CVE-2020-6395

    Pierre Langlois discovered an out-of-bounds read error in the v8 javascript library.

  • CVE-2020-6396

    William Luc Ritchie discovered an error in the skia library.

  • CVE-2020-6397

    Khalil Zhani discovered a user interface error.

  • CVE-2020-6398

    pdknsk discovered an uninitialized variable in the pdfium library.

  • CVE-2020-6399

    Luan Herrera discovered a policy enforcement error.

  • CVE-2020-6400

    Takashi Yoneuchi discovered an error in Cross-Origin Resource Sharing.

  • CVE-2020-6401

    Tzachy Horesh discovered that user input was insufficiently validated.

  • CVE-2020-6402

    Vladimir Metnew discovered a policy enforcement error.

  • CVE-2020-6403

    Khalil Zhani discovered a user interface error.

  • CVE-2020-6404

    kanchi discovered an error in Blink/Webkit.

  • CVE-2020-6405

    Yongheng Chen and Rui Zhong discovered an out-of-bounds read issue in the sqlite library.

  • CVE-2020-6406

    Sergei Glazunov discovered a use-after-free issue.

  • CVE-2020-6407

    Sergei Glazunov discovered an out-of-bounds read error.

  • CVE-2020-6408

    Zhong Zhaochen discovered a policy enforcement error in Cross-Origin Resource Sharing.

  • CVE-2020-6409

    Divagar S and Bharathi V discovered an error in the omnibox implementation.

  • CVE-2020-6410

    evil1m0 discovered a policy enforcement error.

  • CVE-2020-6411

    Khalil Zhani discovered that user input was insufficiently validated.

  • CVE-2020-6412

    Zihan Zheng discovered that user input was insufficiently validated.

  • CVE-2020-6413

    Michał Bentkowski discovered an error in Blink/Webkit.

  • CVE-2020-6414

    Lijo A.T discovered a policy safe browsing policy enforcement error.

  • CVE-2020-6415

    Avihay Cohen discovered an implementation error in the v8 javascript library.

  • CVE-2020-6416

    Woojin Oh discovered that untrusted input was insufficiently validated.

  • CVE-2020-6418

    Clement Lecigne discovered a type error in the v8 javascript library.

  • CVE-2020-6420

    Taras Uzdenov discovered a policy enforcement error.

For the oldstable distribution (stretch), security support for chromium has been discontinued.

안정(buster)배포에서, 이 문제를 버전 80.0.3987.132-1~deb10u1에서 고침.

chromium 패키지를 업그레이드 하는 게 좋음.

chromium의 자세한 보안 상태는 보안 추적 페이지 참조: https://security-tracker.debian.org/tracker/chromium