Alerts This Week
Warning Icon 1 664
Alerts This Week
Warning Icon 1 664

Ubuntu 16.10, 16.04, 14.04: USN-3153-1 Critical Oxide Issues

Calendar Dec 09, 2016 User Avatar LinuxSecurity Advisories
2 - 3 min read
Ubuntu Large Esm H500
Topics%20covered

Topics Covered

security advisory security update XSS DoS Ubuntu system patch Oxide
Several security issues were fixed in Oxide. 
=========================================================================Ubuntu Security Notice USN-3153-1
December 09, 2016

oxide-qt vulnerabilities
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.10
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in Oxide.

Software Description:
- oxide-qt: Web browser engine for Qt (QML plugin)

Details:

Multiple vulnerabilities were discovered in Chromium. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to conduct cross-site scripting (XSS) attacks,
read uninitialized memory, obtain sensitive information, spoof the
webview URL, bypass same origin restrictions, cause a denial of service
via application crash, or execute arbitrary code. (CVE-2016-5204,
CVE-2016-5205, CVE-2016-5207, CVE-2016-5208, CVE-2016-5209, CVE-2016-5212,
CVE-2016-5215, CVE-2016-5222, CVE-2016-5224, CVE-2016-5225, CVE-2016-5226,
CVE-2016-9650, CVE-2016-9652)

Multiple vulnerabilities were discovered in V8. If a user were tricked in
to opening a specially crafted website, an attacker could potentially
exploit these to obtain sensitive information, cause a denial of service
via application crash, or execute arbitrary code. (CVE-2016-5213,
CVE-2016-5219, CVE-2016-9651)

An integer overflow was discovered in ANGLE. If a user were tricked in to
opening a specially crafted website, an attacker could potentially exploit
this to cause a denial of service via application crash, or execute
arbitrary code. (CVE-2016-5221)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.10:
  liboxideqtcore0                 1.19.4-0ubuntu0.16.10.1

Ubuntu 16.04 LTS:
  liboxideqtcore0                 1.19.4-0ubuntu0.16.04.1

Ubuntu 14.04 LTS:
  liboxideqtcore0                 1.19.4-0ubuntu0.14.04.1

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-3153-1
  CVE-2016-5204, CVE-2016-5205, CVE-2016-5207, CVE-2016-5208,
  CVE-2016-5209, CVE-2016-5212, CVE-2016-5213, CVE-2016-5215,
  CVE-2016-5219, CVE-2016-5221, CVE-2016-5222, CVE-2016-5224,
  CVE-2016-5225, CVE-2016-5226, CVE-2016-9650, CVE-2016-9651,
  CVE-2016-9652

Package Information:
  https://launchpad.net/ubuntu/+source/oxide-qt/1.19.4-0ubuntu0.16.10.1
  https://launchpad.net/ubuntu/+source/oxide-qt/1.19.4-0ubuntu0.16.04.1
  https://launchpad.net/ubuntu/+source/oxide-qt/1.19.4-0ubuntu0.14.04.1

Ubuntu 16.10, 16.04, 14.04: USN-3153-1 Critical Oxide Issues

ubuntu
Calendar Grey December 9, 2016
Dist Ubuntu Esm H88
Important security flaws in Critical Oxide have been resolved for Ubuntu versions 16.10, 16.04, and 14.04. It's essential to update your systems without delay to maintain security.
Several security issues were fixed in Oxide.

Summary

Topics%20covered

Topics Covered

security advisory security update XSS DoS Ubuntu system patch Oxide

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 16.10: liboxideqtcore0 1.19.4-0ubuntu0.16.10.1 Ubuntu 16.04 LTS: liboxideqtcore0 1.19.4-0ubuntu0.16.04.1 Ubuntu 14.04 LTS: liboxideqtcore0 1.19.4-0ubuntu0.14.04.1 In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-3153-1

CVE-2016-5204, CVE-2016-5205, CVE-2016-5207, CVE-2016-5208,

CVE-2016-5209, CVE-2016-5212, CVE-2016-5213, CVE-2016-5215,

CVE-2016-5219, CVE-2016-5221, CVE-2016-5222, CVE-2016-5224,

CVE-2016-5225, CVE-2016-5226, CVE-2016-9650, CVE-2016-9651,

CVE-2016-9652

Severity
critical
Lowest
Low
Medium
High
Critical

December 09, 2016

Topics%20covered

Topics Covered

security advisory security update XSS DoS Ubuntu system patch Oxide

Package Information

https://launchpad.net/ubuntu/+source/oxide-qt/1.19.4-0ubuntu0.16.10.1 https://launchpad.net/ubuntu/+source/oxide-qt/1.19.4-0ubuntu0.16.04.1 https://launchpad.net/ubuntu/+source/oxide-qt/1.19.4-0ubuntu0.14.04.1

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here