 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.842213 |
| Category: | Ubuntu Local Security Checks |
| Title: | Ubuntu: Security Advisory (USN-2610-1) |
| Summary: | The remote host is missing an update for the 'oxide-qt' package(s) announced via the USN-2610-1 advisory. |
| Description: | Summary: The remote host is missing an update for the 'oxide-qt' package(s) announced via the USN-2610-1 advisory. Vulnerability Insight: Several security issues were discovered in the DOM implementation in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to bypass Same Origin Policy restrictions. (CVE-2015-1253, CVE-2015-1254) A use-after-free was discovered in the WebAudio implementation in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash, or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2015-1255) A use-after-free was discovered in the SVG implementation in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash, or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2015-1256) A security issue was discovered in the SVG implementation in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash. (CVE-2015-1257) An issue was discovered with the build of libvpx. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash, or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2015-1258) Multiple use-after-free issues were discovered in the WebRTC implementation in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via renderer crash, or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2015-1260) An uninitialized value bug was discovered in the font shaping code in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash. (CVE-2015-1262) Multiple security issues were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking the program. (CVE-2015-1265) Multiple security issues were discovered in V8. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2015-3910) Affected Software/OS: 'oxide-qt' package(s) on Ubuntu 14.04, Ubuntu 14.10, Ubuntu 15.04. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2015-1253 BugTraq ID: 74723 http://www.securityfocus.com/bid/74723 Debian Security Information: DSA-3267 (Google Search) http://www.debian.org/security/2015/dsa-3267 https://security.gentoo.org/glsa/201506-04 http://www.securitytracker.com/id/1032375 SuSE Security Announcement: openSUSE-SU-2015:0969 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-05/msg00091.html SuSE Security Announcement: openSUSE-SU-2015:1877 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-11/msg00015.html Common Vulnerability Exposure (CVE) ID: CVE-2015-1254 Common Vulnerability Exposure (CVE) ID: CVE-2015-1255 Common Vulnerability Exposure (CVE) ID: CVE-2015-1256 Common Vulnerability Exposure (CVE) ID: CVE-2015-1257 Common Vulnerability Exposure (CVE) ID: CVE-2015-1258 http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166975.html http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168803.html http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167428.html Common Vulnerability Exposure (CVE) ID: CVE-2015-1260 Common Vulnerability Exposure (CVE) ID: CVE-2015-1262 Common Vulnerability Exposure (CVE) ID: CVE-2015-1265 BugTraq ID: 74727 http://www.securityfocus.com/bid/74727 https://www.exploit-db.com/exploits/37766/ Common Vulnerability Exposure (CVE) ID: CVE-2015-3910 BugTraq ID: 74730 http://www.securityfocus.com/bid/74730 |
| Copyright | Copyright (C) 2015 Greenbone AG |
| This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |