Test ID:	1.3.6.1.4.1.25623.1.0.842848
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-3041-1)
Summary:	The remote host is missing an update for the 'oxide-qt' package(s) announced via the USN-3041-1 advisory.
Description:	Summary: The remote host is missing an update for the 'oxide-qt' package(s) announced via the USN-3041-1 advisory. Vulnerability Insight: Multiple security issues were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, cause a denial of service (application crash) or execute arbitrary code. (CVE-2016-1705) It was discovered that the PPAPI implementation does not validate the origin of IPC messages to the plugin broker process. A remote attacker could potentially exploit this to bypass sandbox protection mechanisms. (CVE-2016-1706) It was discovered that Blink does not prevent window creation by a deferred frame. A remote attacker could potentially exploit this to bypass same origin restrictions. (CVE-2016-1710) It was discovered that Blink does not disable frame navigation during a detach operation on a DocumentLoader object. A remote attacker could potentially exploit this to bypass same origin restrictions. (CVE-2016-1711) A use-after-free was discovered in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer process crash, or execute arbitrary code. (CVE-2016-5127) It was discovered that objects.cc in V8 does not prevent API interceptors from modifying a store target without setting a property. A remote attacker could potentially exploit this to bypass same origin restrictions. (CVE-2016-5128) A memory corruption was discovered in V8. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer process crash, or execute arbitrary code. (CVE-2016-5129) A security issue was discovered in Chromium. A remote attacker could potentially exploit this to spoof the currently displayed URL. (CVE-2016-5130) A use-after-free was discovered in libxml. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer process crash, or execute arbitrary code. (CVE-2016-5131) The Service Workers implementation in Chromium does not properly implement the Secure Contexts specification during decisions about whether to control a subframe. A remote attacker could potentially exploit this to bypass same origin restrictions. (CVE-2016-5132) It was discovered that Chromium mishandles origin information during proxy authentication. A machine-in-the-middle attacker could potentially exploit this to spoof a proxy authentication login prompt. (CVE-2016-5133) It was discovered that the Proxy Auto-Config (PAC) feature in Chromium does not ensure that URL information is restricted to a scheme, host and port. A remote attacker could potentially exploit this to obtain sensitive information. (CVE-2016-5134) It was discovered that Blink does not consider referrer-policy information inside an HTML document during a preload request. A remote ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'oxide-qt' package(s) on Ubuntu 14.04, Ubuntu 16.04. Solution: Please install the updated package(s). CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2016-1705 BugTraq ID: 92053 http://www.securityfocus.com/bid/92053 Debian Security Information: DSA-3637 (Google Search) http://www.debian.org/security/2016/dsa-3637 RedHat Security Advisories: RHSA-2016:1485 http://rhn.redhat.com/errata/RHSA-2016-1485.html http://www.securitytracker.com/id/1036428 SuSE Security Announcement: openSUSE-SU-2016:1865 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00020.html SuSE Security Announcement: openSUSE-SU-2016:1868 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00021.html SuSE Security Announcement: openSUSE-SU-2016:1869 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00022.html SuSE Security Announcement: openSUSE-SU-2016:1918 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00028.html http://www.ubuntu.com/usn/USN-3041-1 Common Vulnerability Exposure (CVE) ID: CVE-2016-1706 Common Vulnerability Exposure (CVE) ID: CVE-2016-1710 Common Vulnerability Exposure (CVE) ID: CVE-2016-1711 Common Vulnerability Exposure (CVE) ID: CVE-2016-5127 https://security.gentoo.org/glsa/201610-09 Common Vulnerability Exposure (CVE) ID: CVE-2016-5128 Common Vulnerability Exposure (CVE) ID: CVE-2016-5129 http://www.securitytracker.com/id/1038201 Common Vulnerability Exposure (CVE) ID: CVE-2016-5130 Common Vulnerability Exposure (CVE) ID: CVE-2016-5131 http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html http://lists.apple.com/archives/security-announce/2016/Sep/msg00010.html http://lists.apple.com/archives/security-announce/2016/Sep/msg00011.html https://security.gentoo.org/glsa/201701-37 http://www.securitytracker.com/id/1038623 Common Vulnerability Exposure (CVE) ID: CVE-2016-5132 Common Vulnerability Exposure (CVE) ID: CVE-2016-5133 Common Vulnerability Exposure (CVE) ID: CVE-2016-5134 CERT/CC vulnerability note: VU#877625 https://www.kb.cert.org/vuls/id/877625 Common Vulnerability Exposure (CVE) ID: CVE-2016-5135 Common Vulnerability Exposure (CVE) ID: CVE-2016-5137
Copyright	Copyright (C) 2016 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.