Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 454
Alerts This Week
Warning Icon 1 454

Ubuntu 15.04 USN-2582-1 Critical Oxide Denial of Service

ubuntu
Calendar Grey May 6, 2015
Dist Ubuntu Esm H88
Remedies for Oxide security flaws in Ubuntu versions 14.04, 14.10, and 15.04 are outlined along with steps for applying updates.
Several security issues were fixed in Oxide.

Summary

Several security issues were fixed in Oxide.

Software Description:

- oxide-qt: Web browser engine library for Qt (QML plugin)

Details:

A use-after-free was discovered in the DOM implementation in Blink. If a

user were tricked in to opening a specially crafted website, an attacker

could potentially exploit this to cause a denial of service via renderer

crash, or execute arbitrary code with the privileges of the sandboxed

render process. (CVE-2015-1243)

Multiple security issues were discovered in Chromium. If a user were

tricked in to opening a specially crafted website, an attacker could

potentially exploit these to read uninitialized memory, cause a denial

of service via application crash or execute arbitrary code with the

privileges of the user invoking the program. (CVE-2015-1250)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 15.04:
  liboxideqtcore0                 1.6.6-0ubuntu0.15.04.1

Ubuntu 14.10:
  liboxideqtcore0                 1.6.6-0ubuntu0.14.10.1

Ubuntu 14.04 LTS:
  liboxideqtcore0                 1.6.6-0ubuntu0.14.04.1

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-2582-1

CVE-2015-1243, CVE-2015-1250

Severity
critical
Lowest
Low
Medium
High
Critical

May 06, 2015

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.