Ubuntu 14.04 LTS / 14.10 : oxide-qt vulnerabilities (USN-2476-1)

Ubuntu Security Notice (C) 2015-2016 Canonical, Inc. / NASL script (C) 2015-2016 Tenable Network Security, Inc.


Synopsis :

The remote Ubuntu host is missing one or more security-related
patches.

Description :

Several memory corruption bugs were discovered in ICU. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service via renderer
crash or execute arbitrary code with the privileges of the sandboxed
render process. (CVE-2014-7923, CVE-2014-7926)

A use-after-free was discovered in the IndexedDB implementation. If a
user were tricked in to opening a specially crafted website, an
attacker could potentially exploit this to cause a denial of service
via application crash or execute arbitrary code with the privileges of
the user invoking the program. (CVE-2014-7924)

A use-after free was discovered in the WebAudio implementation in
Blink. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to cause a denial
of service via renderer crash or execute arbitrary code with the
privileges of the sandboxed render process. (CVE-2014-7925)

Several memory corruption bugs were discovered in V8. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service via renderer
crash or execute arbitrary code with the privileges of the sandboxed
render process. (CVE-2014-7927, CVE-2014-7928, CVE-2014-7931)

Several use-after free bugs were discovered in the DOM implementation
in Blink. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit these to cause a denial
of service via renderer crash or execute arbitrary code with the
privileges of the sandboxed render process. (CVE-2014-7929,
CVE-2014-7930, CVE-2014-7932, CVE-2014-7934)

A use-after free was discovered in FFmpeg. If a user were tricked in
to opening a specially crafted website, an attacker could potentially
exploit this to cause a denial of service via renderer crash or
execute arbitrary code with the privileges of the sandboxed render
process. (CVE-2014-7933)

Multiple off-by-one errors were discovered in FFmpeg. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit this to cause a denial of service via renderer
crash or execute arbitrary code with the privileges of the sandboxed
render process. (CVE-2014-7937)

A memory corruption bug was discovered in the fonts implementation. If
a user were tricked in to opening a specially crafted website, an
attacker could potentially exploit this to cause a denial of service
via renderer crash or execute arbitrary code with the privileges of
the sandboxed render process. (CVE-2014-7938)

It was discovered that ICU did not initialize memory for a data
structure correctly. If a user were tricked in to opening a specially
crafted website, an attacker could potentially exploit this to cause a
denial of service via renderer crash or execute arbitrary code with
the privileges of the sandboxed render process. (CVE-2014-7940)

It was discovered that the fonts implementation did not initialize
memory for a data structure correctly. If a user were tricked in to
opening a specially crafted website, an attacker could potentially
exploit this to cause a denial of service via renderer crash or
execute arbitrary code with the privileges of the sandboxed render
process. (CVE-2014-7942)

An out-of-bounds read was discovered in Skia. If a user were tricked
in to opening a specially crafted website, an attacker could
potentially exploit this to cause a denial of service via renderer
crash. (CVE-2014-7943)

An out-of-bounds read was discovered in Blink. If a user were tricked
in to opening a specially crafted website, an attacker could
potentially exploit this to cause a denial of service via renderer
crash. (CVE-2014-7946)

It was discovered that the AppCache proceeded with caching for SSL
sessions even if there is a certificate error. A remote attacker could
potentially exploit this by conducting a MITM attack to modify HTML
application content. (CVE-2014-7948)

Multiple security issues were discovered in Chromium. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to read uninitialized memory, cause a denial
of service via application crash or execute arbitrary code with the
privileges of the user invoking the program. (CVE-2015-1205)

Multiple security issues were discovered in V8. If a user were tricked
in to opening a specially crafted website, an attacker could
potentially exploit these to read uninitialized memory, cause a denial
of service via renderer crash or execute arbitrary code with the
privileges of the sandboxed render process. (CVE-2015-1346).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

Solution :

Update the affected liboxideqtcore0, oxideqt-codecs and / or
oxideqt-codecs-extra packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.2
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now