Test ID:	1.3.6.1.4.1.25623.1.0.842906
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-3091-1)
Summary:	The remote host is missing an update for the 'oxide-qt' package(s) announced via the USN-3091-1 advisory.
Description:	Summary: The remote host is missing an update for the 'oxide-qt' package(s) announced via the USN-3091-1 advisory. Vulnerability Insight: A use-after-free was discovered in the V8 bindings in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5170) A use-after-free was discovered in the V8 bindings in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5171) An issue was discovered in V8. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to contain sensitive information from arbitrary memory locations. (CVE-2016-5172) Multiple security issues were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5175, CVE-2016-5178) A use-after-free was discovered in V8. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5177) It was discovered that Chromium does not ensure the recipient of a certain IPC message is a valid RenderFrame or RenderWidget. An attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-7549) Affected Software/OS: 'oxide-qt' package(s) on Ubuntu 14.04, Ubuntu 16.04. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2016-5170 BugTraq ID: 92942 http://www.securityfocus.com/bid/92942 Debian Security Information: DSA-3667 (Google Search) http://www.debian.org/security/2016/dsa-3667 https://security.gentoo.org/glsa/201610-09 RedHat Security Advisories: RHSA-2016:1905 http://rhn.redhat.com/errata/RHSA-2016-1905.html http://www.securitytracker.com/id/1036826 Common Vulnerability Exposure (CVE) ID: CVE-2016-5171 Common Vulnerability Exposure (CVE) ID: CVE-2016-5172 Common Vulnerability Exposure (CVE) ID: CVE-2016-5175 Common Vulnerability Exposure (CVE) ID: CVE-2016-5177 BugTraq ID: 93238 http://www.securityfocus.com/bid/93238 Debian Security Information: DSA-3683 (Google Search) http://www.debian.org/security/2016/dsa-3683 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UNUTOWCXLWVXOTGQUS53DSRVTO3J226Z/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6FWZVE5PX27FWPLGOPDA7ZC5MILOWN6K/ RedHat Security Advisories: RHSA-2016:2007 http://rhn.redhat.com/errata/RHSA-2016-2007.html http://www.securitytracker.com/id/1036970 SuSE Security Announcement: openSUSE-SU-2016:2429 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-10/msg00000.html SuSE Security Announcement: openSUSE-SU-2016:2432 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-10/msg00001.html Common Vulnerability Exposure (CVE) ID: CVE-2016-5178 Common Vulnerability Exposure (CVE) ID: CVE-2016-7549 BugTraq ID: 93160 http://www.securityfocus.com/bid/93160
Copyright	Copyright (C) 2016 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.