Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 569
Alerts This Week
Warning Icon 1 569

Ubuntu 14.04 & 15.04 LTS Oxide Advisory: Multiple Threats Detected

ubuntu
Calendar Grey August 4, 2015
Scroller Ubuntu
Several vulnerabilities addressed in Oxide impacting Ubuntu 15.04 and 14.04 LTS. Keep informed for improved protection.
Several security issues were fixed in Oxide.

Summary

Several security issues were fixed in Oxide.

Software Description:

- oxide-qt: Web browser engine library for Qt (QML plugin)

Details:

An uninitialized value issue was discovered in ICU. If a user were

tricked in to opening a specially crafted website, an attacker could

potentially exploit this to cause a denial of service. (CVE-2015-1270)

A use-after-free was discovered in the GPU process implementation in

Chromium. If a user were tricked in to opening a specially crafted

website, an attacker could potentially exploit this to cause a denial of

service via application crash, or execute arbitrary code with the

privileges of the user invoking the program. (CVE-2015-1272)

A use-after-free was discovered in the IndexedDB implementation in

Chromium. If a user were tricked in to opening a specially crafted

website, an attacker could potentially exploit this to cause a denial of

service via application crash, or execute arbitrary code with the

privileges of the ...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 15.04:
  liboxideqtcore0                 1.8.4-0ubuntu0.15.04.1

Ubuntu 14.04 LTS:
  liboxideqtcore0                 1.8.4-0ubuntu0.14.04.2

In general, a standard system update will make all the necessary changes.

References

CVE-2015-1270, CVE-2015-1272, CVE-2015-1276, CVE-2015-1277,

CVE-2015-1280, CVE-2015-1281, CVE-2015-1283, CVE-2015-1284,

CVE-2015-1285, CVE-2015-1287, CVE-2015-1289, CVE-2015-1329,

CVE-2015-5605,

Severity
critical
Lowest
Low
Medium
High
Critical

August 04, 2015

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.