Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 543
Alerts This Week
Warning Icon 1 543

Ubuntu 14.04 LTS & 14.10 USN-2521-1 Moderate: Oxide Out-Of-Bounds Issues

ubuntu
Calendar Grey March 10, 2015
Dist Ubuntu Esm H88
Various vulnerabilities addressed in Oxide for Ubuntu, including risks for Denial of Service and unexpected application terminations.
Several security issues were fixed in Oxide.

Summary

Several security issues were fixed in Oxide.

Software Description:

- oxide-qt: Web browser engine library for Qt (QML plugin)

Details:

Several out-of-bounds write bugs were discovered in Skia. If a user were

tricked in to opening a specially crafted website, an attacker could

potentially exploit these to cause a denial of service via application

crash or execute arbitrary code with the privileges of the user invoking

the program. (CVE-2015-1213, CVE-2015-1214, CVE-2015-1215)

A use-after-free was discovered in the V8 bindings in Blink. If a user

were tricked in to opening a specially crafted website, an attacker could

potentially exploit this to cause a denial of service via renderer crash,

or execute arbitrary code with the privileges of the sandboxed render

process. (CVE-2015-1216)

Multiple type confusion bugs were discovered in the V8 bindings in Blink.

If a user were tricked in to opening a specially crafted website, an

attacker could potentially explo...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.10:
  liboxideqtcore0                 1.5.5-0ubuntu0.14.10.2
  oxideqt-chromedriver            1.5.5-0ubuntu0.14.10.2
  oxideqt-codecs                  1.5.5-0ubuntu0.14.10.2
  oxideqt-codecs-extra            1.5.5-0ubuntu0.14.10.2

Ubuntu 14.04 LTS:
  liboxideqtcore0                 1.5.5-0ubuntu0.14.04.3
  oxideqt-chromedriver            1.5.5-0ubuntu0.14.04.3
  oxideqt-codecs                  1.5.5-0ubuntu0.14.04.3
  oxideqt-codecs-extra            1.5.5-0ubuntu0.14.04.3

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-2521-1

CVE-2015-1213, CVE-2015-1214, CVE-2015-1215, CVE-2015-1216,

CVE-2015-1217, CVE-2015-1218, CVE-2015-1219, CVE-2015-1220,

CVE-2015-1221, CVE-2015-1222, CVE-2015-1223, CVE-2015-1224,

CVE-2015-1227, CVE-2015-1228, CVE-2015-1229, CVE-2015-1230,

CVE-2015-1231, CVE-2015-2238

Severity
important
Lowest
Low
Medium
High
Critical

March 10, 2015

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.