Lesezeichen hinzufügen
Originalnachricht
-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-4714-1 security@debian.orghttps://www.debian.org/security/ Michael GilbertJuly 01, 2020 https://www.debian.org/security/faq- -------------------------------------------------------------------------Package : chromiumCVE ID : CVE-2020-6423 CVE-2020-6430 CVE-2020-6431 CVE-2020-6432 CVE-2020-6433 CVE-2020-6434 CVE-2020-6435 CVE-2020-6436 CVE-2020-6437 CVE-2020-6438 CVE-2020-6439 CVE-2020-6440 CVE-2020-6441 CVE-2020-6442 CVE-2020-6443 CVE-2020-6444 CVE-2020-6445 CVE-2020-6446 CVE-2020-6447 CVE-2020-6448 CVE-2020-6454 CVE-2020-6455 CVE-2020-6456 CVE-2020-6457 CVE-2020-6458 CVE-2020-6459 CVE-2020-6460 CVE-2020-6461 CVE-2020-6462 CVE-2020-6463 CVE-2020-6464 CVE-2020-6465 CVE-2020-6466 CVE-2020-6467 CVE-2020-6468 CVE-2020-6469 CVE-2020-6470 CVE-2020-6471 CVE-2020-6472 CVE-2020-6473 CVE-2020-6474 CVE-2020-6475 CVE-2020-6476 CVE-2020-6478 CVE-2020-6479 CVE-2020-6480 CVE-2020-6481 CVE-2020-6482 CVE-2020-6483 CVE-2020-6484 CVE-2020-6485 CVE-2020-6486 CVE-2020-6487 CVE-2020-6488 CVE-2020-6489 CVE-2020-6490 CVE-2020-6491 CVE-2020-6493 CVE-2020-6494 CVE-2020-6495 CVE-2020-6496 CVE-2020-6497 CVE-2020-6498 CVE-2020-6505 CVE-2020-6506 CVE-2020-6507 CVE-2020-6509 CVE-2020-6831Several vulnerabilities have been discovered in the chromium web browser.CVE-2020-6423 A use-after-free issue was found in the audio implementation.CVE-2020-6430 Avihay Cohen discovered a type confusion issue in the v8 javascript library.CVE-2020-6431 Luan Herrera discovered a policy enforcement error.CVE-2020-6432 Luan Herrera discovered a policy enforcement error.CVE-2020-6433 Luan Herrera discovered a policy enforcement error in extensions.CVE-2020-6434 HyungSeok Han discovered a use-after-free issue in the developer tools.CVE-2020-6435 Sergei Glazunov discovered a policy enforcement error in extensions.CVE-2020-6436 Igor Bukanov discovered a use-after-free issue.CVE-2020-6437 Jann Horn discovered an implementation error in WebView.CVE-2020-6438 Ng Yik Phang discovered a policy enforcement error in extensions.CVE-2020-6439 remkoboonstra discovered a policy enforcement error.CVE-2020-6440 David Erceg discovered an implementation error in extensions.CVE-2020-6441 David Erceg discovered a policy enforcement error.CVE-2020-6442 B@rMey discovered an implementation error in the page cache.CVE-2020-6443 @lovasoa discovered an implementation error in the developer tools.CVE-2020-6444 mlfbrown discovered an uninitialized variable in the WebRTC implementation.CVE-2020-6445 Jun Kokatsu discovered a policy enforcement error.CVE-2020-6446 Jun Kokatsu discovered a policy enforcement error.CVE-2020-6447 David Erceg discovered an implementation error in the developer tools.CVE-2020-6448 Guang Gong discovered a use-after-free issue in the v8 javascript library.CVE-2020-6454 Leecraso and Guang Gong discovered a use-after-free issue in extensions.CVE-2020-6455 Nan Wang and Guang Gong discovered an out-of-bounds read issue in the WebSQL implementation.CVE-2020-6456 Michał Bentkowski discovered insufficient validation of untrusted input.CVE-2020-6457 Leecraso and Guang Gong discovered a use-after-free issue in the speech recognizer.CVE-2020-6458 Aleksandar Nikolic discoved an out-of-bounds read and write issue in the pdfium library.CVE-2020-6459 Zhe Jin discovered a use-after-free issue in the payments implementation.CVE-2020-6460 It was discovered that URL formatting was insufficiently validated.CVE-2020-6461 Zhe Jin discovered a use-after-free issue.CVE-2020-6462 Zhe Jin discovered a use-after-free issue in task scheduling.CVE-2020-6463 Pawel Wylecial discovered a use-after-free issue in the ANGLE library.CVE-2020-6464 Looben Yang discovered a type confusion issue in Blink/Webkit.CVE-2020-6465 Woojin Oh discovered a use-after-free issue.CVE-2020-6466 Zhe Jin discovered a use-after-free issue.CVE-2020-6467 ZhanJia Song discovered a use-after-free issue in the WebRTC implementation.CVE-2020-6468 Chris Salls and Jake Corina discovered a type confusion issue in the v8 javascript library.CVE-2020-6469 David Erceg discovered a policy enforcement error in the developer tools.CVE-2020-6470 Michał Bentkowski discovered insufficient validation of untrusted input.CVE-2020-6471 David Erceg discovered a policy enforcement error in the developer tools.CVE-2020-6472 David Erceg discovered a policy enforcement error in the developer tools.CVE-2020-6473 Soroush Karami and Panagiotis Ilia discovered a policy enforcement error in Blink/Webkit.CVE-2020-6474 Zhe Jin discovered a use-after-free issue in Blink/Webkit.CVE-2020-6475 Khalil Zhani discovered a user interface error.CVE-2020-6476 Alexandre Le Borgne discovered a policy enforcement error.CVE-2020-6478 Khalil Zhani discovered an implementation error in full screen mode.CVE-2020-6479 Zhong Zhaochen discovered an implementation error.CVE-2020-6480 Marvin Witt discovered a policy enforcement error.CVE-2020-6481 Rayyan Bijoora discovered a policy enforcement error.CVE-2020-6482 Abdulrahman Alqabandi discovered a policy enforcement error in the developer tools.CVE-2020-6483 Jun Kokatsu discovered a policy enforcement error in payments.CVE-2020-6484 Artem Zinenko discovered insufficient validation of user data in the ChromeDriver implementation.CVE-2020-6485 Sergei Glazunov discovered a policy enforcement error.CVE-2020-6486 David Erceg discovered a policy enforcement error.CVE-2020-6487 Jun Kokatsu discovered a policy enforcement error.CVE-2020-6488 David Erceg discovered a policy enforcement error.CVE-2020-6489 @lovasoa discovered an implementation error in the developer tools.CVE-2020-6490 Insufficient validation of untrusted data was discovered.CVE-2020-6491 Sultan Haikal discovered a user interface error.CVE-2020-6493 A use-after-free issue was discovered in the WebAuthentication implementation.CVE-2020-6494 Juho Nurimen discovered a user interface error.CVE-2020-6495 David Erceg discovered a policy enforcement error in the developer tools.CVE-2020-6496 Khalil Zhani discovered a use-after-free issue in payments.CVE-2020-6497 Rayyan Bijoora discovered a policy enforcement issue.CVE-2020-6498 Rayyan Bijoora discovered a user interface error.CVE-2020-6505 Khalil Zhani discovered a use-after-free issue.CVE-2020-6506 Alesandro Ortiz discovered a policy enforcement error.CVE-2020-6507 Sergei Glazunov discovered an out-of-bounds write issue in the v8 javascript library.CVE-2020-6509 A use-after-free issue was discovered in extensions.CVE-2020-6831 Natalie Silvanovich discovered a buffer overflow issue in the SCTP library.For the oldstable distribution (stretch), security support for chromiumhas been discontinued.For the stable distribution (buster), these problems have been fixed inversion 83.0.4103.116-1~deb10u1.We recommend that you upgrade your chromium packages.For the detailed security status of chromium please refer toits security tracker page at:https://security-tracker.debian.org/tracker/chromiumFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQQzBAEBCgAdFiEEIwTlZiOEpzUxIyp4mD40ZYkUaygFAl79PrwACgkQmD40ZYkUayj+4yAAlij5zApfa++eXf4kRR0DaDUSLH20zppWCPo4Qj3MPsQFJ3F7onHl/aYSQATCCzF+ZcA7c6Dw2k4fLv/+UNhI6FS1uioddeF8NWDantMu1xVxBsesGJTUiJk8OatCzBXdhSF4Zr8VCNW6YsIoj2DKEY6e1bzjMxhzEWYzRDcX9pHbUZHX92b34A2MVlnLdlPhfheiHxwlo6oaIGyDIZfjmCqTmlgv8RsxgGXn6OhfqL0MIMeirZLW6qJOPr/b2R35gN2jZkKvpJ/7m4rplwdN814Eo0dzkHXyry9VlhtRCxswYGfOkwDcZ6C4/cESMESZime1B1Vq+Y1Ip9OhPj6hFY8zdwm56WNJPIHx97SH4dMfzNWpqGv+1dKN6gQFUPeM0eTJr5wLb4lZJDx7DA3ioXbotmN/bb9PnIRI6pSVVZ2jXp6QRLpO0UmLAkc/JkyMy3woVRkdy1tRN64YnvLeJZGUpL4aPykvkS6tgv5Kh9HD04B7BOHQl0HOz3CAPdwA0rE2wXF0oHgDMgdf6GucfV5xIUHUDdpqpFmQWRHGjaKvD25CVn35FXmf/YSs8VAK+EGqvXbhWhs6rxLaZ2DxmhCMyQ6RxnQ8BtAtvdGQ/r9h+yUzUJK3+NOo8M67ADHz/bN2Iw4yQ57Bscq0bG6JlQ/2xEhu17cer2nw2X3cklckI6GaoRCIl/+M6JHsTqQ1vNKlcLB8rwpJY2APfJHWR2el07VrCsk6h/Ojn0E9aSAhQiyaEoy3Eh1EGafVuMPEgy2AzAOIhG6F1Kglt+S9SlaGFo0VDU00E4Fs0o/h1Wlu3/Goorpfz1qjZKvodZ1lDWbb2fhVMGOX3kTSHIWwnDoYv7zZXLvPSmMr7+TpVLLu4RrYPzBhaFYoS3MMtYt7ZkVUufidT7dYb+E5QMjx2h7V2lQ6AaLAbLR9sjfpjqYQ+LNbhoMYo4USMVT5c9Gw9v3jLPwD2N9K7stngpAISMyAEdXNwUMcGCaqhAiU3mo4s7/kFkKugyMANHt8oAsR6FZr9TNNrV4GX5HSsMpaYQIEMtyfi27UHlnEFEMteTjLi2aaK9Qg5LSXqSqArjx4uzPL/YQx1bbm58NkQsJ6eNSYw3U1OFnEr5xhygFeb8qZ4HYuGc/Yzq29j63tAshrWOu10I6DpZ8CjfI8VAv6xRkocW1oX9upEAP4E65iBzQiPbTQUZOexcktiXd0dR4zHwfnzYpaVO+0hqf2z8NbkHZ3J9/3xrwmFqz0fKeLvBlMCnFIJo3elayNuVnWN49zfreVQEE+NWjbEq2ScPygfYDrxc+nR6tZevlgLFvFTM3K2IwUMb8gnAS9wcrW+6H7AjxgM4bKEC0Uy/7gThkVDw===15jh-----END PGP SIGNATURE-----