From: Chris Coulson Reply-To: Ubuntu Security To: ubuntu-security-announce@lists.ubuntu.com Message-ID: <88bdec53-aae0-f38c-c17b-ea4c803e2220@canonical.com> Subject: [USN-2955-1] Oxide vulnerabilities ============================================================================ Ubuntu Security Notice USN-2955-1 April 27, 2016 oxide-qt vulnerabilities ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS - Ubuntu 15.10 - Ubuntu 14.04 LTS Summary: Several security issues were fixed in Oxide. Software Description: - oxide-qt: Web browser engine for Qt (QML plugin) Details: A use-after-free was discovered when responding synchronously to permission requests. An attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking the program. (CVE-2016-1578) An out-of-bounds read was discovered in V8. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash. (CVE-2016-1646) A use-after-free was discovered in the navigation implementation in Chromium in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking the program. (CVE-2016-1647) A buffer overflow was discovered in ANGLE. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking the program. (CVE-2016-1649) An out-of-bounds write was discovered in V8. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash, or execute arbitrary code with the privileges of the sandboxed renderer process. (CVE-2016-1653) An invalid read was discovered in the media subsystem in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash. (CVE-2016-1654) It was discovered that frame removal during callback execution could trigger a use-after-free in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash, or execute arbitrary code with the privileges of the sandboxed renderer process. (CVE-2016-1655) Multiple security issues were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking the program. (CVE-2016-1659) Multiple security issues were discovered in V8. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2016-3679) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS: liboxideqtcore0 1.14.7-0ubuntu1 Ubuntu 15.10: liboxideqtcore0 1.14.7-0ubuntu0.15.10.1 Ubuntu 14.04 LTS: liboxideqtcore0 1.14.7-0ubuntu0.14.04.1 In general, a standard system update will make all the necessary changes. References: http://www.ubuntu.com/usn/usn-2955-1 CVE-2016-1578, CVE-2016-1646, CVE-2016-1647, CVE-2016-1649, CVE-2016-1653, CVE-2016-1654, CVE-2016-1655, CVE-2016-1659, CVE-2016-3679, https://launchpad.net/bugs/1561450 Package Information: https://launchpad.net/ubuntu/+source/oxide-qt/1.14.7-0ubuntu1 https://launchpad.net/ubuntu/+source/oxide-qt/1.14.7-0ubuntu0.15.10.1 https://launchpad.net/ubuntu/+source/oxide-qt/1.14.7-0ubuntu0.14.04.1 --MEnmljMcC6igExtqVlh1T4D3d1kE9jLro