Zwei Probleme in Oxide
ID: | USN-2895-1 |
Distribution: | Ubuntu |
Plattformen: | Ubuntu 14.04 LTS, Ubuntu 15.10 |
Datum: | Do, 18. Februar 2016, 23:13 |
Referenzen: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1623
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1624 |
Applikationen: | Oxide |
Originalnachricht |
|
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============1811908679642194059== Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="lGJM242FL2E9Wh4auTNwQRWOeFI0Wj9mB" This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --lGJM242FL2E9Wh4auTNwQRWOeFI0Wj9mB Content-Type: multipart/alternative; boundary="------------CC2F0C038668F58F6EDEA0D2" This is a multi-part message in MIME format. --------------CC2F0C038668F58F6EDEA0D2 Content-Type: text/plain; charset=windows-125 Content-Transfer-Encoding: quoted-printable ========================================================================== Ubuntu Security Notice USN-2895-1 February 18, 2016 oxide-qt vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 15.10 - Ubuntu 14.04 LTS Summary: Several security issues were fixed in Oxide. Software Description: - oxide-qt: Web browser engine library for Qt (QML plugin) Details: The DOM implementation in Chromium did not properly restrict frame-attach operations from occurring during or after frame-detach operations. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin restrictions. (CVE-2016-1623) An integer underflow was discovered in Brotli. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking the program. (CVE-2016-1624) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 15.10: liboxideqtcore0 1.12.6-0ubuntu0.15.10.1 Ubuntu 14.04 LTS: liboxideqtcore0 1.12.6-0ubuntu0.14.04.1 In general, a standard system update will make all the necessary changes. References: http://www.ubuntu.com/usn/usn-2895-1 CVE-2016-1623, CVE-2016-1624 Package Information: https://launchpad.net/ubuntu/+source/oxide-qt/1.12.6-0ubuntu0.15.10.1 https://launchpad.net/ubuntu/+source/oxide-qt/1.12.6-0ubuntu0.14.04.1 --------------CC2F0C038668F58F6EDEA0D2 Content-Type: text/html; charset=windows-1252 Content-Transfer-Encoding: quoted-printable |