Ubuntu 15.10 USN-2920-1: Serious Security Issues in Oxide Detected
Mar 10, 2016
•
LinuxSecurity Advisories
2 - 4 min read
Topics Covered
Several security issues were fixed in Oxide.
=========================================================================Ubuntu Security Notice USN-2920-1 March 10, 2016 oxide-qt vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 15.10 - Ubuntu 14.04 LTS Summary: Several security issues were fixed in Oxide. Software Description: - oxide-qt: Web browser engine for Qt (QML plugin) Details: It was discovered that the ContainerNode::parserRemoveChild function in Blink mishandled widget updates in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin restrictions. (CVE-2016-1630) It was discovered that the PPB_Flash_MessageLoop_Impl::InternalRun function in Chromium mishandled nested message loops. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin restrictions. (CVE-2016-1631) Multiple use-after-frees were discovered in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2016-1633, CVE-2016-1634, CVE-2016-1644) It was discovered that the PendingScript::notifyFinished function in Blink relied on memory-cache information about integrity-check occurrences instead of integrity-check successes. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass Subresource Integrity (SRI) protections. (CVE-2016-1636) It was discovered that the SkATan2_255 function in Skia mishandled arctangent calculations. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information. (CVE-2016-1637) A use-after-free was discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking the program. (CVE-2016-1641) Multiple security issues were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking the program. (CVE-2016-1642) A type-confusion bug was discovered in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2016-1643) Multiple security issues were discovered in V8. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2016-2843) An invalid cast was discovered in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2016-2844) It was discovered that the Content Security Policy (CSP) implementation in Blink did not ignore a URL's path component in the case of a ServiceWorker fetch. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information. (CVE-2016-2845) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 15.10: liboxideqtcore0 1.13.6-0ubuntu0.15.10.1 Ubuntu 14.04 LTS: liboxideqtcore0 1.13.6-0ubuntu0.14.04.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-2920-1 CVE-2016-1630, CVE-2016-1631, CVE-2016-1633, CVE-2016-1634, CVE-2016-1636, CVE-2016-1637, CVE-2016-1641, CVE-2016-1642, CVE-2016-1643, CVE-2016-1644, CVE-2016-2843, CVE-2016-2844, CVE-2016-2845 Package Information: https://launchpad.net/ubuntu/+source/oxide-qt/1.13.6-0ubuntu0.15.10.1 https://launchpad.net/ubuntu/+source/oxide-qt/1.13.6-0ubuntu0.14.04.1
PREVIOUS
NEXT
Ubuntu 15.10 USN-2920-1: Serious Security Issues in Oxide Detected
ubuntu
March 10, 2016
Several security issues were fixed in Oxide.
Summary
Topics Covered
Update Instructions
The problem can be corrected by updating your system to the following package versions: Ubuntu 15.10: liboxideqtcore0 1.13.6-0ubuntu0.15.10.1 Ubuntu 14.04 LTS: liboxideqtcore0 1.13.6-0ubuntu0.14.04.1 In general, a standard system update will make all the necessary changes.
References
https://ubuntu.com/security/notices/USN-2920-1
CVE-2016-1630, CVE-2016-1631, CVE-2016-1633, CVE-2016-1634,
CVE-2016-1636, CVE-2016-1637, CVE-2016-1641, CVE-2016-1642,
CVE-2016-1643, CVE-2016-1644, CVE-2016-2843, CVE-2016-2844,
CVE-2016-2845
Severity
important
Lowest
Low
Medium
High
Critical
March 10, 2016
Topics Covered
Package Information
https://launchpad.net/ubuntu/+source/oxide-qt/1.13.6-0ubuntu0.15.10.1 https://launchpad.net/ubuntu/+source/oxide-qt/1.13.6-0ubuntu0.14.04.1
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!