From: Chris Coulson Reply-To: Ubuntu Security To: ubuntu-security-announce@lists.ubuntu.com Message-ID: <1fdaf575-db94-d56c-ac48-a752008003b6@canonical.com> Subject: [USN-2960-1] Oxide vulnerabilities ============================================================================ Ubuntu Security Notice USN-2960-1 May 18, 2016 oxide-qt vulnerabilities ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS - Ubuntu 15.10 - Ubuntu 14.04 LTS Summary: Several security issues were fixed in Oxide. Software Description: - oxide-qt: Web browser engine for Qt (QML plugin) Details: An out of bounds write was discovered in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash, or execute arbitrary code. (CVE-2016-1660) It was discovered that Blink assumes that a frame which passes same-origin checks is local in some cases. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash, or execute arbitrary code. (CVE-2016-1661) A use-after-free was discovered in the V8 bindings in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash, or execute arbitrary code. (CVE-2016-1663) It was discovered that the JSGenericLowering class in V8 mishandles comparison operators. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information. (CVE-2016-1665) Multiple security issues were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, cause a denial of service via application crash or execute arbitrary code. (CVE-2016-1666) It was discovered that the TreeScope::adoptIfNeeded function in Blink does not prevent script execution during node-adoption operations. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same origin restrictions. (CVE-2016-1667) It was discovered that the forEachForBinding in the V8 bindings in Blink uses an improper creation context. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same origin restrictions. (CVE-2016-1668) A buffer overflow was discovered in V8. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash, or execute arbitrary code. (CVE-2016-1669) A race condition was discovered in ResourceDispatcherHostImpl in Chromium. An attacker could potentially exploit this to make arbitrary HTTP requests. (CVE-2016-1670) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS: liboxideqtcore0 1.14.9-0ubuntu0.16.04.1 Ubuntu 15.10: liboxideqtcore0 1.14.9-0ubuntu0.15.10.1 Ubuntu 14.04 LTS: liboxideqtcore0 1.14.9-0ubuntu0.14.04.1 In general, a standard system update will make all the necessary changes. References: http://www.ubuntu.com/usn/usn-2960-1 CVE-2016-1660, CVE-2016-1661, CVE-2016-1663, CVE-2016-1665, CVE-2016-1666, CVE-2016-1667, CVE-2016-1668, CVE-2016-1669, CVE-2016-1670 Package Information: https://launchpad.net/ubuntu/+source/oxide-qt/1.14.9-0ubuntu0.16.04.1 https://launchpad.net/ubuntu/+source/oxide-qt/1.14.9-0ubuntu0.15.10.1 https://launchpad.net/ubuntu/+source/oxide-qt/1.14.9-0ubuntu0.14.04.1 --re4xqBLabRR0kvvCFqDkfHXKCbPkoa4LN