Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 521
Alerts This Week
Warning Icon 1 521

Ubuntu 16.10: USN-3180-1 Moderate Oxide XSS and Memory Issues

ubuntu
Calendar Grey February 8, 2017
Dist Ubuntu Esm H88
Ubuntu's USN-3180-1 pertains to security enhancements within Oxide's web engine, aiming to mitigate risks of vulnerabilities and system failures.
Several security issues were fixed in Oxide.

Summary

Several security issues were fixed in Oxide.

Software Description:

- oxide-qt: Web browser engine for Qt (QML plugin)

Details:

Multiple vulnerabilities were discovered in Chromium. If a user were

tricked in to opening a specially crafted website, an attacker could

potentially exploit these to conduct cross-site scripting (XSS) attacks,

read uninitialized memory, obtain sensitive information, spoof the

webview URL or other UI components, bypass same origin restrictions or

other security restrictions, cause a denial of service via application

crash, or execute arbitrary code. (CVE-2017-5006, CVE-2017-5007,

CVE-2017-5008, CVE-2017-5009, CVE-2017-5010, CVE-2017-5011, CVE-2017-5012,

CVE-2017-5014, CVE-2017-5017, CVE-2017-5019, CVE-2017-5022, CVE-2017-5023,

CVE-2017-5024, CVE-2017-5025, CVE-2017-5026)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.10:
  liboxideqtcore0                 1.20.4-0ubuntu0.16.10.1

Ubuntu 16.04 LTS:
  liboxideqtcore0                 1.20.4-0ubuntu0.16.04.1

Ubuntu 14.04 LTS:
  liboxideqtcore0                 1.20.4-0ubuntu0.14.04.1

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-3180-1

CVE-2017-5006, CVE-2017-5007, CVE-2017-5008, CVE-2017-5009,

CVE-2017-5010, CVE-2017-5011, CVE-2017-5012, CVE-2017-5014,

CVE-2017-5017, CVE-2017-5019, CVE-2017-5022, CVE-2017-5023,

CVE-2017-5024, CVE-2017-5025, CVE-2017-5026

February 08, 2017

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.