Ubuntu Security Notice 2495-1 - A use-after-free bug was discovered in the DOM implementation in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process. It was discovered that V8 did not properly consider frame access restrictions when throwing exceptions in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same origin restrictions. Various other issues were also addressed.
e0b1487700d0dabdd5eeb8ab7cacd350cd215e91082623ced271fd42b42859c5
============================================================================
Ubuntu Security Notice USN-2495-1
February 10, 2015
oxide-qt vulnerabilities
============================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.10
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in Oxide.
Software Description:
- oxide-qt: Web browser engine library for Qt (QML plugin)
Details:
A use-after-free bug was discovered in the DOM implementation in Blink. If
a user were tricked in to opening a specially crafted website, an attacker
could potentially exploit this to cause a denial of service via renderer
crash or execute arbitrary code with the privileges of the sandboxed
render process. (CVE-2015-1209)
It was discovered that V8 did not properly consider frame access
restrictions when throwing exceptions in some circumstances. If a user
were tricked in to opening a specially crafted website, an attacker could
potentially exploit this to bypass same origin restrictions.
(CVE-2015-1210)
It was discovered that Chromium did not properly restrict the URI scheme
during ServiceWorker registration. If a user were tricked in to
downloading and opening a specially crafted HTML file, an attacker could
potentially exploit this to bypass security restrictions. (CVE-2015-1211)
Multiple security issues were discovered in Chromium. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to read uninitialized memory, cause a denial
of service via application crash or execute arbitrary code with the
privileges of the user invoking the program. (CVE-2015-1212)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.10:
liboxideqtcore0 1.4.3-0ubuntu0.14.10.1
oxideqt-codecs 1.4.3-0ubuntu0.14.10.1
oxideqt-codecs-extra 1.4.3-0ubuntu0.14.10.1
Ubuntu 14.04 LTS:
liboxideqtcore0 1.4.3-0ubuntu0.14.04.1
oxideqt-codecs 1.4.3-0ubuntu0.14.04.1
oxideqt-codecs-extra 1.4.3-0ubuntu0.14.04.1
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-2495-1
CVE-2015-1209, CVE-2015-1210, CVE-2015-1211, CVE-2015-1212
Package Information:
https://launchpad.net/ubuntu/+source/oxide-qt/1.4.3-0ubuntu0.14.10.1
https://launchpad.net/ubuntu/+source/oxide-qt/1.4.3-0ubuntu0.14.04.1