Ubuntu Local Security Checks : Ubuntu Update for oxide-qt USN-2735-1

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.842433

Categoría: Ubuntu Local Security Checks

Título: Ubuntu Update for oxide-qt USN-2735-1

Resumen: The remote host is missing an update for the 'oxide-qt'; package(s) announced via the referenced advisory.

Descripción: Summary:
The remote host is missing an update for the 'oxide-qt'
package(s) announced via the referenced advisory.

Vulnerability Insight:
It was discovered that the DOM tree could be
corrupted during parsing in some circumstances. If a user were tricked in to
opening a specially crafted website, an attacker could potentially exploit this to
bypass same-origin restrictions or cause a denial of service. (CVE-2015-1291)

An issue was discovered in NavigatorServiceWorker::serviceWorker in Blink.
If a user were tricked in to opening a specially crafted website, an
attacker could potentially exploit this to bypass same-origin
restrictions. (CVE-2015-1292)

An issue was discovered in the DOM implementation in Blink. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit this to bypass same-origin restrictions.
(CVE-2015-1293)

A use-after-free was discovered in Skia. If a user were tricked in to
opening a specially crafted website, an attacker could potentially exploit
this to cause a denial of service via renderer crash, or execute arbitrary
code with the privileges of the sandboxed render process. (CVE-2015-1294)

A use-after-free was discovered in the shared-timer implementation in
Blink. If a user were tricked in to opening a specially crafted website,
an attacker could potentially exploit this to cause a denial of service
via renderer crash, or execute arbitrary code with the privileges of the
sandboxed render process. (CVE-2015-1299)

It was discovered that the availability of iframe Resource Timing API
times was not properly restricted in some circumstances. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit this to obtain sensitive information. (CVE-2015-1300)

Multiple security issues were discovered in Chromium. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to read uninitialized memory, cause a denial
of service via application crash or execute arbitrary code with the
privileges of the user invoking the program. (CVE-2015-1301)

A heap corruption issue was discovered in oxide::JavaScriptDialogManager.
If a user were tricked in to opening a specially crafted website, an
attacker could potentially exploit this to cause a denial of service via
application crash, or execute arbitrary code with the privileges of the
user invoking the program. (CVE-2015-1332)

Affected Software/OS:
oxide-qt on Ubuntu 14.04 LTS

Solution:
Please Install the Updated Packages.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2015-1291
Debian Security Information: DSA-3351 (Google Search)
http://www.debian.org/security/2015/dsa-3351
https://security.gentoo.org/glsa/201603-09
RedHat Security Advisories: RHSA-2015:1712
http://rhn.redhat.com/errata/RHSA-2015-1712.html
http://www.securitytracker.com/id/1033472
SuSE Security Announcement: openSUSE-SU-2015:1586 (Google Search)
http://lists.opensuse.org/opensuse-updates/2015-09/msg00029.html
SuSE Security Announcement: openSUSE-SU-2015:1873 (Google Search)
http://lists.opensuse.org/opensuse-updates/2015-11/msg00013.html
Common Vulnerability Exposure (CVE) ID: CVE-2015-1292
Common Vulnerability Exposure (CVE) ID: CVE-2015-1293
Common Vulnerability Exposure (CVE) ID: CVE-2015-1294
Common Vulnerability Exposure (CVE) ID: CVE-2015-1299
Common Vulnerability Exposure (CVE) ID: CVE-2015-1300
https://github.com/w3c/resource-timing/issues/29
Common Vulnerability Exposure (CVE) ID: CVE-2015-1301
Common Vulnerability Exposure (CVE) ID: CVE-2015-1332
BugTraq ID: 76710
http://www.securityfocus.com/bid/76710
http://www.ubuntu.com/usn/USN-2735-1

Copyright Copyright (C) 2015 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.842433
Categoría:	Ubuntu Local Security Checks
Título:	Ubuntu Update for oxide-qt USN-2735-1
Resumen:	The remote host is missing an update for the 'oxide-qt'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'oxide-qt' package(s) announced via the referenced advisory. Vulnerability Insight: It was discovered that the DOM tree could be corrupted during parsing in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin restrictions or cause a denial of service. (CVE-2015-1291) An issue was discovered in NavigatorServiceWorker::serviceWorker in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin restrictions. (CVE-2015-1292) An issue was discovered in the DOM implementation in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin restrictions. (CVE-2015-1293) A use-after-free was discovered in Skia. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash, or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2015-1294) A use-after-free was discovered in the shared-timer implementation in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash, or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2015-1299) It was discovered that the availability of iframe Resource Timing API times was not properly restricted in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information. (CVE-2015-1300) Multiple security issues were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking the program. (CVE-2015-1301) A heap corruption issue was discovered in oxide::JavaScriptDialogManager. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking the program. (CVE-2015-1332) Affected Software/OS: oxide-qt on Ubuntu 14.04 LTS Solution: Please Install the Updated Packages. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2015-1291 Debian Security Information: DSA-3351 (Google Search) http://www.debian.org/security/2015/dsa-3351 https://security.gentoo.org/glsa/201603-09 RedHat Security Advisories: RHSA-2015:1712 http://rhn.redhat.com/errata/RHSA-2015-1712.html http://www.securitytracker.com/id/1033472 SuSE Security Announcement: openSUSE-SU-2015:1586 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-09/msg00029.html SuSE Security Announcement: openSUSE-SU-2015:1873 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-11/msg00013.html Common Vulnerability Exposure (CVE) ID: CVE-2015-1292 Common Vulnerability Exposure (CVE) ID: CVE-2015-1293 Common Vulnerability Exposure (CVE) ID: CVE-2015-1294 Common Vulnerability Exposure (CVE) ID: CVE-2015-1299 Common Vulnerability Exposure (CVE) ID: CVE-2015-1300 https://github.com/w3c/resource-timing/issues/29 Common Vulnerability Exposure (CVE) ID: CVE-2015-1301 Common Vulnerability Exposure (CVE) ID: CVE-2015-1332 BugTraq ID: 76710 http://www.securityfocus.com/bid/76710 http://www.ubuntu.com/usn/USN-2735-1
Copyright	Copyright (C) 2015 Greenbone Networks GmbH