Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 456
Alerts This Week
Warning Icon 1 456

Ubuntu 15.04 USN-2610-1 Critical: Oxide Security Issues Overview

ubuntu
Calendar Grey May 21, 2015
Dist Ubuntu Esm H88
Several security flaws in Oxide have been reported and resolved in this Ubuntu security update, impacting various iterations of the operating system.
Several security issues were fixed in Oxide.

Summary

Several security issues were fixed in Oxide.

Software Description:

- oxide-qt: Web browser engine library for Qt (QML plugin)

Details:

Several security issues were discovered in the DOM implementation in

Blink. If a user were tricked in to opening a specially crafted website,

an attacker could potentially exploit these to bypass Same Origin Policy

restrictions. (CVE-2015-1253, CVE-2015-1254)

A use-after-free was discovered in the WebAudio implementation in

Chromium. If a user were tricked in to opening a specially crafted

website, an attacker could potentially exploit this to cause a denial of

service via renderer crash, or execute arbitrary code with the privileges

of the sandboxed render process. (CVE-2015-1255)

A use-after-free was discovered in the SVG implementation in Blink. If a

user were tricked in to opening a specially crafted website, an attacker

could potentially exploit this to cause a denial of service via renderer

crash, or execute arbitrar...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 15.04:
  liboxideqtcore0                 1.7.8-0ubuntu0.15.04.1
  oxideqt-codecs                  1.7.8-0ubuntu0.15.04.1
  oxideqt-codecs-extra            1.7.8-0ubuntu0.15.04.1

Ubuntu 14.10:
  liboxideqtcore0                 1.7.8-0ubuntu0.14.10.1
  oxideqt-codecs                  1.7.8-0ubuntu0.14.10.1
  oxideqt-codecs-extra            1.7.8-0ubuntu0.14.10.1

Ubuntu 14.04 LTS:
  liboxideqtcore0                 1.7.8-0ubuntu0.14.04.1
  oxideqt-codecs                  1.7.8-0ubuntu0.14.04.1
  oxideqt-codecs-extra            1.7.8-0ubuntu0.14.04.1

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-2610-1

CVE-2015-1253, CVE-2015-1254, CVE-2015-1255, CVE-2015-1256,

CVE-2015-1257, CVE-2015-1258, CVE-2015-1260, CVE-2015-1262,

CVE-2015-1265, CVE-2015-3910

Severity
critical
Lowest
Low
Medium
High
Critical

May 21, 2015

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.