Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -7 articles for you...
172
security advisorydenial of serviceapplication crashUbuntu 15.10 and 14.04 LTS USN-2895-1 Moderate: Oxide Issues
Several security issues were fixed in Oxide.. =========================================================================Ubuntu Security Notice USN-2895-1 February 18, 2016 oxide-qt vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 15.10 - Ubuntu 14.04 LTS Summary: Several security issues were fixed in Oxide. Software Description: - oxide-qt: Web browser engine library for Qt (QML plugin) Details: The DOM implementation in Chromium did not properly restrict frame-attach operations from occurring during or after frame-detach operations. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin restrictions. (CVE-2016-1623) An integer underflow was discovered in Brotli. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking the program. (CVE-2016-1624) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 15.10: liboxideqtcore0 1.12.6-0ubuntu0.15.10.1 Ubuntu 14.04 LTS: liboxideqtcore0 1.12.6-0ubuntu0.14.04.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-2895-1 CVE-2016-1623, CVE-2016-1624 Package Information: https://launchpad.net/ubuntu/+source/oxide-qt/1.12.6-0ubuntu0.15.10.1 https://launchpad.net/ubuntu/+source/oxide-qt/1.12.6-0ubuntu0.14.04.1 . Ubuntu 2895-2 addresses significant Metal flaws, encompassing essential safety issues and upgrade recommendations for users. Oxide Issues, Ubuntu Patch, Security Notice, Application Breach, Update Guidance. . LinuxSecurity.com Team
Feb 18, 2016
Ubuntu
172
security advisorydenial of servicesecurity issueUbuntu 15.04 USN-2610-1 Critical: Oxide Security Issues Overview
Several security issues were fixed in Oxide.. =========================================================================Ubuntu Security Notice USN-2610-1 May 21, 2015 oxide-qt vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 15.04 - Ubuntu 14.10 - Ubuntu 14.04 LTS Summary: Several security issues were fixed in Oxide. Software Description: - oxide-qt: Web browser engine library for Qt (QML plugin) Details: Several security issues were discovered in the DOM implementation in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to bypass Same Origin Policy restrictions. (CVE-2015-1253, CVE-2015-1254) A use-after-free was discovered in the WebAudio implementation in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash, or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2015-1255) A use-after-free was discovered in the SVG implementation in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash, or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2015-1256) A security issue was discovered in the SVG implementation in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash. (CVE-2015-1257) An issue was discovered with the build of libvpx. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash, or execute arbitrary code with the privileges of the sandboxed renderprocess. (CVE-2015-1258) Multiple use-after-free issues were discovered in the WebRTC implementation in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via renderer crash, or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2015-1260) An uninitialized value bug was discovered in the font shaping code in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash. (CVE-2015-1262) Multiple security issues were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking the program. (CVE-2015-1265) Multiple security issues were discovered in V8. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2015-3910) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 15.04: liboxideqtcore0 1.7.8-0ubuntu0.15.04.1 oxideqt-codecs 1.7.8-0ubuntu0.15.04.1 oxideqt-codecs-extra 1.7.8-0ubuntu0.15.04.1 Ubuntu 14.10: liboxideqtcore0 1.7.8-0ubuntu0.14.10.1 oxideqt-codecs 1.7.8-0ubuntu0.14.10.1 oxideqt-codecs-extra 1.7.8-0ubuntu0.14.10.1 Ubuntu 14.04 LTS: liboxideqtcore0 1.7.8-0ubuntu0.14.04.1 oxideqt-codecs 1.7.8-0ubuntu0.14.04.1 oxideqt-codecs-extra 1.7.8-0ubuntu0.14.04.1 In general, a standard system updatewill make all the necessary changes. References: https://ubuntu.com/security/notices/USN-2610-1 CVE-2015-1253, CVE-2015-1254, CVE-2015-1255, CVE-2015-1256, CVE-2015-1257, CVE-2015-1258, CVE-2015-1260, CVE-2015-1262, CVE-2015-1265, CVE-2015-3910 Package Information: https://launchpad.net/ubuntu/+source/oxide-qt/1.7.8-0ubuntu0.15.04.1 https://launchpad.net/ubuntu/+source/oxide-qt/1.7.8-0ubuntu0.14.10.1 https://launchpad.net/ubuntu/+source/oxide-qt/1.7.8-0ubuntu0.14.04.1 . Several security flaws in Oxide have been reported and resolved in this Ubuntu security update, impacting various iterations of the operating system.. Oxide Issues, Ubuntu Fixes, Security Threats, Web Engine Updates. . Severity: Critical. LinuxSecurity.com Team
May 21, 2015
•Critical
Ubuntu
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!