Ubuntu 14.04 LTS / 16.04 LTS : Oxide vulnerabilities (USN-3041-1)

critical Nessus Plugin ID 92784

Synopsis

The remote Ubuntu host is missing one or more security updates.

Description

Multiple security issues were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, cause a denial of service (application crash) or execute arbitrary code.
(CVE-2016-1705)

It was discovered that the PPAPI implementation does not validate the origin of IPC messages to the plugin broker process. A remote attacker could potentially exploit this to bypass sandbox protection mechanisms. (CVE-2016-1706)

It was discovered that Blink does not prevent window creation by a deferred frame. A remote attacker could potentially exploit this to bypass same origin restrictions. (CVE-2016-1710)

It was discovered that Blink does not disable frame navigation during a detach operation on a DocumentLoader object. A remote attacker could potentially exploit this to bypass same origin restrictions.
(CVE-2016-1711)

A use-after-free was discovered in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer process crash, or execute arbitrary code. (CVE-2016-5127)

It was discovered that objects.cc in V8 does not prevent API interceptors from modifying a store target without setting a property.
A remote attacker could potentially exploit this to bypass same origin restrictions. (CVE-2016-5128)

A memory corruption was discovered in V8. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer process crash, or execute arbitrary code. (CVE-2016-5129)

A security issue was discovered in Chromium. A remote attacker could potentially exploit this to spoof the currently displayed URL.
(CVE-2016-5130)

A use-after-free was discovered in libxml. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer process crash, or execute arbitrary code. (CVE-2016-5131)

The Service Workers implementation in Chromium does not properly implement the Secure Contexts specification during decisions about whether to control a subframe. A remote attacker could potentially exploit this to bypass same origin restrictions. (CVE-2016-5132)

It was discovered that Chromium mishandles origin information during proxy authentication. A man-in-the-middle attacker could potentially exploit this to spoof a proxy authentication login prompt.
(CVE-2016-5133)

It was discovered that the Proxy Auto-Config (PAC) feature in Chromium does not ensure that URL information is restricted to a scheme, host and port. A remote attacker could potentially exploit this to obtain sensitive information. (CVE-2016-5134)

It was discovered that Blink does not consider referrer-policy information inside an HTML document during a preload request. A remote attacker could potentially exploit this to bypass Content Security Policy (CSP) protections. (CVE-2016-5135)

It was discovered that the Content Security Policy (CSP) implementation in Blink does not apply http :80 policies to https :443 URLs. A remote attacker could potentially exploit this to determine whether a specific HSTS website has been visited by reading a CSP report. (CVE-2016-5137).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Update the affected packages.

See Also

https://ubuntu.com/security/notices/USN-3041-1

Plugin Details

Severity: Critical

ID: 92784

File Name: ubuntu_USN-3041-1.nasl

Version: 2.14

Type: local

Agent: unix

Published: 8/8/2016

Updated: 10/20/2023

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 7.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2016-1706

CVSS v3

Risk Factor: Critical

Base Score: 9.6

Temporal Score: 8.6

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:canonical:ubuntu_linux:liboxideqtcore0, p-cpe:/a:canonical:ubuntu_linux:liboxideqtquick-dev, p-cpe:/a:canonical:ubuntu_linux:liboxideqtquick0, p-cpe:/a:canonical:ubuntu_linux:oxideqmlscene, p-cpe:/a:canonical:ubuntu_linux:oxideqt-chromedriver, p-cpe:/a:canonical:ubuntu_linux:oxideqt-codecs, p-cpe:/a:canonical:ubuntu_linux:oxideqt-codecs-extra, cpe:/o:canonical:ubuntu_linux:14.04:-:lts, cpe:/o:canonical:ubuntu_linux:16.04:-:lts, p-cpe:/a:canonical:ubuntu_linux:liboxideqt-qmlplugin, p-cpe:/a:canonical:ubuntu_linux:liboxideqtcore-dev

Required KB Items: Host/cpu, Host/Debian/dpkg-l, Host/Ubuntu, Host/Ubuntu/release

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 8/5/2016

Vulnerability Publication Date: 7/23/2016

Reference Information

CVE: CVE-2016-1705, CVE-2016-1706, CVE-2016-1710, CVE-2016-1711, CVE-2016-5127, CVE-2016-5128, CVE-2016-5129, CVE-2016-5130, CVE-2016-5131, CVE-2016-5132, CVE-2016-5133, CVE-2016-5134, CVE-2016-5135, CVE-2016-5137

USN: 3041-1