 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.841913 |
| Category: | Ubuntu Local Security Checks |
| Title: | Ubuntu: Security Advisory (USN-2298-1) |
| Summary: | The remote host is missing an update for the 'oxide-qt' package(s) announced via the USN-2298-1 advisory. |
| Description: | Summary: The remote host is missing an update for the 'oxide-qt' package(s) announced via the USN-2298-1 advisory. Vulnerability Insight: A type confusion bug was discovered in V8. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash, or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2014-1730) A type confusion bug was discovered in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash, or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2014-1731) Multiple security issues including memory safety bugs were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking the program. (CVE-2014-1735, CVE-2014-3162) Multiple use-after-free issues were discovered in the WebSockets implementation. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking the program. (CVE-2014-1740) Multiple integer overflows were discovered in CharacterData implementation. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2014-1741) Multiple use-after-free issues were discovered in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2014-1742, CVE-2014-1743) An integer overflow bug was discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking the program. (CVE-2014-1744) An out-of-bounds read was discovered in Chromium. If a user were tricked in to opening a specially crafter website, an attacker could potentially exploit this to cause a denial of service via application crash. (CVE-2014-1746) It was discovered that Blink allowed scrollbar painting to extend in to the parent frame in some circumstances. An attacker could potentially exploit this to conduct clickjacking attacks via UI redress. (CVE-2014-1748) An integer underflow was discovered in Blink. If a user were tricked in to opening a specially crafter website, an attacker could potentially exploit this to cause a denial of service via renderer crash or execute ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'oxide-qt' package(s) on Ubuntu 14.04. Solution: Please install the updated package(s). CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:N/A:N |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2014-1730 Debian Security Information: DSA-2920 (Google Search) http://www.debian.org/security/2014/dsa-2920 http://security.gentoo.org/glsa/glsa-201408-16.xml http://secunia.com/advisories/58301 http://secunia.com/advisories/60372 SuSE Security Announcement: openSUSE-SU-2014:0668 (Google Search) http://lists.opensuse.org/opensuse-updates/2014-05/msg00049.html SuSE Security Announcement: openSUSE-SU-2014:0669 (Google Search) http://lists.opensuse.org/opensuse-updates/2014-05/msg00050.html Common Vulnerability Exposure (CVE) ID: CVE-2014-1731 http://archives.neohapsis.com/archives/bugtraq/2014-05/0128.html http://archives.neohapsis.com/archives/bugtraq/2014-06/0174.html http://archives.neohapsis.com/archives/bugtraq/2014-06/0175.html BugTraq ID: 67572 http://www.securityfocus.com/bid/67572 Common Vulnerability Exposure (CVE) ID: CVE-2014-1735 Common Vulnerability Exposure (CVE) ID: CVE-2014-1740 BugTraq ID: 67374 http://www.securityfocus.com/bid/67374 Debian Security Information: DSA-2930 (Google Search) http://www.debian.org/security/2014/dsa-2930 http://www.securitytracker.com/id/1030240 http://secunia.com/advisories/59155 SuSE Security Announcement: openSUSE-SU-2014:0783 (Google Search) http://lists.opensuse.org/opensuse-updates/2014-06/msg00023.html Common Vulnerability Exposure (CVE) ID: CVE-2014-1741 BugTraq ID: 67376 http://www.securityfocus.com/bid/67376 Common Vulnerability Exposure (CVE) ID: CVE-2014-1742 BugTraq ID: 67375 http://www.securityfocus.com/bid/67375 Common Vulnerability Exposure (CVE) ID: CVE-2014-1743 Debian Security Information: DSA-2939 (Google Search) http://www.debian.org/security/2014/dsa-2939 http://www.securitytracker.com/id/1030270 http://secunia.com/advisories/58920 Common Vulnerability Exposure (CVE) ID: CVE-2014-1744 Common Vulnerability Exposure (CVE) ID: CVE-2014-1746 Common Vulnerability Exposure (CVE) ID: CVE-2014-1748 http://lists.apple.com/archives/security-announce/2014/Dec/msg00000.html SuSE Security Announcement: openSUSE-SU-2016:0915 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-03/msg00132.html http://www.ubuntu.com/usn/USN-2937-1 Common Vulnerability Exposure (CVE) ID: CVE-2014-3152 http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157363.html http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157338.html http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157357.html Common Vulnerability Exposure (CVE) ID: CVE-2014-3154 BugTraq ID: 67977 http://www.securityfocus.com/bid/67977 Debian Security Information: DSA-2959 (Google Search) http://www.debian.org/security/2014/dsa-2959 http://secunia.com/advisories/58585 http://secunia.com/advisories/59090 http://secunia.com/advisories/60061 Common Vulnerability Exposure (CVE) ID: CVE-2014-3155 BugTraq ID: 67980 http://www.securityfocus.com/bid/67980 Common Vulnerability Exposure (CVE) ID: CVE-2014-3157 BugTraq ID: 67972 http://www.securityfocus.com/bid/67972 Common Vulnerability Exposure (CVE) ID: CVE-2014-3160 BugTraq ID: 68677 http://www.securityfocus.com/bid/68677 Debian Security Information: DSA-3039 (Google Search) http://www.debian.org/security/2014/dsa-3039 Common Vulnerability Exposure (CVE) ID: CVE-2014-3162 Common Vulnerability Exposure (CVE) ID: CVE-2014-3803 BugTraq ID: 67582 http://www.securityfocus.com/bid/67582 http://blog.guya.net/2014/04/07/to-listen-without-consent-abusing-the-html5-speech/ |
| Copyright | Copyright (C) 2014 Greenbone AG |
| This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |