Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 531
Alerts This Week
Warning Icon 1 531

Ubuntu 14.10 & 14.04 LTS USN-2410-1 Moderate: Oxide Buffer Overflow

ubuntu
Calendar Grey November 19, 2014
Scroller Ubuntu Esm H88
=========================================================================Ubuntu Security Notice USN-
Several security issues were fixed in Oxide.

Summary

Several security issues were fixed in Oxide.

Software Description:

- oxide-qt: Web browser engine library for Qt (QML plugin)

Details:

A buffer overflow was discovered in Skia. If a user were tricked in to

opening a specially crafted website, an attacked could potentially exploit

this to cause a denial of service via renderer crash or execute arbitrary

code with the privileges of the sandboxed render process. (CVE-2014-7904)

Multiple use-after-frees were discovered in Blink. If a user were tricked

in to opening a specially crafted website, an attacked could potentially

exploit these to cause a denial of service via renderer crash or execute

arbitrary code with the privileges of the sandboxed render process.

(CVE-2014-7907)

An integer overflow was discovered in media. If a user were tricked in to

opening a specially crafted website, an attacked could potentially exploit

this to cause a denial of service via renderer crash or execute arbitrary

code with the...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.10:
  liboxideqtcore0                 1.3.4-0ubuntu0.14.10.1
  oxideqt-codecs                  1.3.4-0ubuntu0.14.10.1
  oxideqt-codecs-extra            1.3.4-0ubuntu0.14.10.1

Ubuntu 14.04 LTS:
  liboxideqtcore0                 1.3.4-0ubuntu0.14.04.1
  oxideqt-codecs                  1.3.4-0ubuntu0.14.04.1
  oxideqt-codecs-extra            1.3.4-0ubuntu0.14.04.1

In general, a standard system update will make all the necessary changes.

References

CVE-2014-7904, CVE-2014-7907, CVE-2014-7908, CVE-2014-7909,

CVE-2014-7910

November 19, 2014

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.