Test ID:	1.3.6.1.4.1.25623.1.0.842037
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-2410-1)
Summary:	The remote host is missing an update for the 'oxide-qt' package(s) announced via the USN-2410-1 advisory.
Description:	Summary: The remote host is missing an update for the 'oxide-qt' package(s) announced via the USN-2410-1 advisory. Vulnerability Insight: A buffer overflow was discovered in Skia. If a user were tricked in to opening a specially crafted website, an attacked could potentially exploit this to cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2014-7904) Multiple use-after-frees were discovered in Blink. If a user were tricked in to opening a specially crafted website, an attacked could potentially exploit these to cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2014-7907) An integer overflow was discovered in media. If a user were tricked in to opening a specially crafted website, an attacked could potentially exploit this to cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2014-7908) An uninitialized memory read was discovered in Skia. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash. (CVE-2014-7909) Multiple security issues were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking the program. (CVE-2014-7910) Affected Software/OS: 'oxide-qt' package(s) on Ubuntu 14.04, Ubuntu 14.10. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2014-7904 BugTraq ID: 71166 http://www.securityfocus.com/bid/71166 RedHat Security Advisories: RHSA-2014:1894 http://rhn.redhat.com/errata/RHSA-2014-1894.html http://www.securitytracker.com/id/1031241 http://secunia.com/advisories/60194 http://secunia.com/advisories/62608 XForce ISS Database: google-chrome-cve20147904-bo(98792) https://exchange.xforce.ibmcloud.com/vulnerabilities/98792 Common Vulnerability Exposure (CVE) ID: CVE-2014-7907 BugTraq ID: 71170 http://www.securityfocus.com/bid/71170 XForce ISS Database: google-chrome-cve20147907-code-exec(98795) https://exchange.xforce.ibmcloud.com/vulnerabilities/98795 Common Vulnerability Exposure (CVE) ID: CVE-2014-7908 BugTraq ID: 71168 http://www.securityfocus.com/bid/71168 XForce ISS Database: google-chrome-cve20147908-overflow(98796) https://exchange.xforce.ibmcloud.com/vulnerabilities/98796 Common Vulnerability Exposure (CVE) ID: CVE-2014-7909 BugTraq ID: 71167 http://www.securityfocus.com/bid/71167 XForce ISS Database: google-chrome-cve20147909-info-disc(98797) https://exchange.xforce.ibmcloud.com/vulnerabilities/98797 Common Vulnerability Exposure (CVE) ID: CVE-2014-7910 BugTraq ID: 71161 http://www.securityfocus.com/bid/71161 https://www.exploit-db.com/exploits/34879/ XForce ISS Database: google-chrome-cve20147910-multiple-unspec(98798) https://exchange.xforce.ibmcloud.com/vulnerabilities/98798
Copyright	Copyright (C) 2014 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.