USN-2825-1: Oxide vulnerabilities

10 December 2015

Several security issues were fixed in Oxide.

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Learn more about Ubuntu Pro

Releases

Packages

  • oxide-qt - Web browser engine library for Qt (QML plugin)

Details

Multiple use-after-free bugs were discovered in the application cache
implementation in Chromium. If a user were tricked in to opening a
specially crafted website, an attacker could potentially exploit these to
cause a denial of service via application crash, or execute arbitrary code
with the privileges of the user invoking the program. (CVE-2015-6765,
CVE-2015-6766, CVE-2015-6767)

Several security issues were discovered in the DOM implementation in
Chromium. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit these to bypass same
origin restrictions. (CVE-2015-6768, CVE-2015-6770)

A security issue was discovered in the provisional-load commit
implementation in Chromium. If a user were tricked in to opening a
specially crafted website, an attacker could potentially exploit this to
bypass same origin restrictions. (CVE-2015-6769)

An out-of-bounds read was discovered in the array map and filter
operations in V8 in some circumstances. If a user were tricked in to
opening a specially crafted website, an attacker could potentially
exploit this to cause a denial of service via renderer crash.
(CVE-2015-6771)

It was discovered that the DOM implementation in Chromium does not prevent
javascript: URL navigation while a document is being detached. If a user
were tricked in to opening a specially crafted website, an attacker could
potentially exploit this to bypass same origin restrictions.
(CVE-2015-6772)

An out-of bounds read was discovered in Skia in some cirumstances. If a
user were tricked in to opening a specially crafted website, an attacker
could potentially exploit this to cause a denial of service via renderer
crash. (CVE-2015-6773)

A use-after-free was discovered in the DOM implementation in Chromium. If
a user were tricked in to opening a specially crafted website, an attacker
could potentially exploit this to cause a denial of service via renderer
crash or execute arbitrary code with the privileges of the sandboxed
render process. (CVE-2015-6777)

It was discovered that the Document::open function in Chromium did not
ensure that page-dismissal event handling is compatible with modal dialog
blocking. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to spoof application
UI content. (CVE-2015-6782)

It was discovered that the page serializer in Chromium mishandled MOTW
comments for URLs in some circumstances. An attacker could potentially
exploit this to inject HTML content. (CVE-2015-6784)

It was discovered that the Content Security Policy (CSP) implementation
in Chromium accepted an x.y hostname as a match for a *.x.y pattern. An
attacker could potentially exploit this to bypass intended access
restrictions. (CVE-2015-6785)

It was discovered that the Content Security Policy (CSP) implementation
in Chromium accepted blob:, data: and filesystem: URLs as a match for a

  • pattern. An attacker could potentially exploit this to bypass intended
    access restrictions. (CVE-2015-6786)

Multiple security issues were discovered in Chromium. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to read uninitialized memory, cause a denial
of service via application crash or execute arbitrary code with the
privileges of the user invoking the program. (CVE-2015-6787)

Multiple security issues were discovered in V8. If a user were tricked
in to opening a specially crafted website, an attacker could potentially
exploit these to read uninitialized memory, cause a denial of service via
renderer crash or execute arbitrary code with the privileges of the
sandboxed render process. (CVE-2015-8478)

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Learn more about Ubuntu Pro

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 15.10
Ubuntu 15.04
Ubuntu 14.04

In general, a standard system update will make all the necessary changes.