Home Unlabelled USN-2495-1: Oxide vulnerabilities

USN-2495-1: Oxide vulnerabilities

By
Tuesday, February 10, 2015
Read
Add Comment

Ubuntu Security Notice USN-2495-1


10th February, 2015


oxide-qt vulnerabilities


A security issue affects these releases of Ubuntu and its derivatives:



  • Ubuntu 14.10

  • Ubuntu 14.04 LTS


Summary


Several security issues were fixed in Oxide.


Software description



  • oxide-qt - Web browser engine library for Qt (QML plugin)


Details


A use-after-free bug was discovered in the DOM implementation in Blink. If

a user were tricked in to opening a specially crafted website, an attacker

could potentially exploit this to cause a denial of service via renderer

crash or execute arbitrary code with the privileges of the sandboxed

render process. (CVE-2015-1209)


It was discovered that V8 did not properly consider frame access

restrictions when throwing exceptions in some circumstances. If a user

were tricked in to opening a specially crafted website, an attacker could

potentially exploit this to bypass same origin restrictions.

(CVE-2015-1210)


It was discovered that Chromium did not properly restrict the URI scheme

during ServiceWorker registration. If a user were tricked in to

downloading and opening a specially crafted HTML file, an attacker could

potentially exploit this to bypass security restrictions. (CVE-2015-1211)


Multiple security issues were discovered in Chromium. If a user were

tricked in to opening a specially crafted website, an attacker could

potentially exploit these to read uninitialized memory, cause a denial

of service via application crash or execute arbitrary code with the

privileges of the user invoking the program. (CVE-2015-1212)


Update instructions


The problem can be corrected by updating your system to the following package version:



Ubuntu 14.10:

liboxideqtcore0 1.4.3-0ubuntu0.14.10.1

oxideqt-codecs 1.4.3-0ubuntu0.14.10.1

oxideqt-codecs-extra 1.4.3-0ubuntu0.14.10.1

Ubuntu 14.04 LTS:

liboxideqtcore0 1.4.3-0ubuntu0.14.04.1

oxideqt-codecs 1.4.3-0ubuntu0.14.04.1

oxideqt-codecs-extra 1.4.3-0ubuntu0.14.04.1


To update your system, please follow these instructions: http://bit.ly/1aJDvTw.


In general, a standard system update will make all the necessary changes.


References


CVE-2015-1209, CVE-2015-1210, CVE-2015-1211, CVE-2015-1212






from Ubuntu Security Notices http://bit.ly/1EW2YLV
Tags :

Created By Nexus · Powered by Blogger
© All Rights Reserved

Terms Of Service · Privacy Policy · Disclaimer · Contact Us · About Us