Unix News Tutorials Events and Stuff: [USN-2895-1] Oxide vulnerabilities

Thursday, February 18, 2016

[USN-2895-1] Oxide vulnerabilities

==========================================================================  Ubuntu Security Notice USN-2895-1  February 18, 2016    oxide-qt vulnerabilities  ==========================================================================    A security issue affects these releases of Ubuntu and its derivatives:    - Ubuntu 15.10  - Ubuntu 14.04 LTS    Summary:    Several security issues were fixed in Oxide.    Software Description:  - oxide-qt: Web browser engine library for Qt (QML plugin)    Details:    The DOM implementation in Chromium did not properly restrict frame-attach  operations from occurring during or after frame-detach operations. If a  user were tricked in to opening a specially crafted website, an attacker  could potentially exploit this to bypass same-origin restrictions.  (CVE-2016-1623)    An integer underflow was discovered in Brotli. If a user were tricked in  to opening a specially crafted website, an attacker could potentially  exploit this to cause a denial of service via application crash, or  execute arbitrary code with the privileges of the user invoking the  program. (CVE-2016-1624)    Update instructions:    The problem can be corrected by updating your system to the following  package versions:    Ubuntu 15.10:    liboxideqtcore0                 1.12.6-0ubuntu0.15.10.1    Ubuntu 14.04 LTS:    liboxideqtcore0                 1.12.6-0ubuntu0.14.04.1    In general, a standard system update will make all the necessary changes.    References:    http://www.ubuntu.com/usn/usn-2895-1    CVE-2016-1623, CVE-2016-1624    Package Information:    https://launchpad.net/ubuntu/+source/oxide-qt/1.12.6-0ubuntu0.15.10.1    https://launchpad.net/ubuntu/+source/oxide-qt/1.12.6-0ubuntu0.14.04.1

Thursday, February 18, 2016

[USN-2895-1] Oxide vulnerabilities

No comments:

Post a Comment