 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.842556 |
| Category: | Ubuntu Local Security Checks |
| Title: | Ubuntu: Security Advisory (USN-2825-1) |
| Summary: | The remote host is missing an update for the 'oxide-qt' package(s) announced via the USN-2825-1 advisory. |
| Description: | Summary: The remote host is missing an update for the 'oxide-qt' package(s) announced via the USN-2825-1 advisory. Vulnerability Insight: Multiple use-after-free bugs were discovered in the application cache implementation in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking the program. (CVE-2015-6765, CVE-2015-6766, CVE-2015-6767) Several security issues were discovered in the DOM implementation in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to bypass same origin restrictions. (CVE-2015-6768, CVE-2015-6770) A security issue was discovered in the provisional-load commit implementation in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same origin restrictions. (CVE-2015-6769) An out-of-bounds read was discovered in the array map and filter operations in V8 in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash. (CVE-2015-6771) It was discovered that the DOM implementation in Chromium does not prevent javascript: URL navigation while a document is being detached. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same origin restrictions. (CVE-2015-6772) An out-of bounds read was discovered in Skia in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash. (CVE-2015-6773) A use-after-free was discovered in the DOM implementation in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2015-6777) It was discovered that the Document::open function in Chromium did not ensure that page-dismissal event handling is compatible with modal dialog blocking. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to spoof application UI content. (CVE-2015-6782) It was discovered that the page serializer in Chromium mishandled MOTW comments for URLs in some circumstances. An attacker could potentially exploit this to inject HTML content. (CVE-2015-6784) It was discovered that the Content Security Policy (CSP) implementation in Chromium accepted an x.y hostname as a match for a *.x.y pattern. An attacker could potentially exploit this to bypass intended access restrictions. (CVE-2015-6785) It was discovered that the Content Security Policy (CSP) implementation in Chromium accepted blob:, data: and filesystem: URLs as ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'oxide-qt' package(s) on Ubuntu 14.04, Ubuntu 15.04, Ubuntu 15.10. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2015-6765 BugTraq ID: 78416 http://www.securityfocus.com/bid/78416 Debian Security Information: DSA-3415 (Google Search) http://www.debian.org/security/2015/dsa-3415 https://security.gentoo.org/glsa/201603-09 http://www.securitytracker.com/id/1034298 SuSE Security Announcement: openSUSE-SU-2015:2290 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00016.html SuSE Security Announcement: openSUSE-SU-2015:2291 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00017.html http://www.ubuntu.com/usn/USN-2825-1 Common Vulnerability Exposure (CVE) ID: CVE-2015-6766 Common Vulnerability Exposure (CVE) ID: CVE-2015-6767 Common Vulnerability Exposure (CVE) ID: CVE-2015-6768 Common Vulnerability Exposure (CVE) ID: CVE-2015-6769 Common Vulnerability Exposure (CVE) ID: CVE-2015-6770 Common Vulnerability Exposure (CVE) ID: CVE-2015-6771 Common Vulnerability Exposure (CVE) ID: CVE-2015-6772 Common Vulnerability Exposure (CVE) ID: CVE-2015-6773 Common Vulnerability Exposure (CVE) ID: CVE-2015-6777 Common Vulnerability Exposure (CVE) ID: CVE-2015-6782 Common Vulnerability Exposure (CVE) ID: CVE-2015-6784 Common Vulnerability Exposure (CVE) ID: CVE-2015-6785 Common Vulnerability Exposure (CVE) ID: CVE-2015-6786 Common Vulnerability Exposure (CVE) ID: CVE-2015-6787 https://www.exploit-db.com/exploits/39162/ https://www.exploit-db.com/exploits/39163/ https://www.exploit-db.com/exploits/39165/ Common Vulnerability Exposure (CVE) ID: CVE-2015-8478 |
| Copyright | Copyright (C) 2015 Greenbone AG |
| This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |