[월:] 2016년 03월

USN-2920-1: Oxide vulnerabilities Ubuntu Security Notice USN-2920-1 10th March, 2016 oxide-qt vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 14.04 LTS Summary Several security issues were fixed in Oxide. Software description oxide-qt – Web browser engine for Qt (QML plugin) Details It was discovered that the ContainerNode::parserRemoveChild function inBlink mishandled widget updates in some circumstances. If a user weretricked in to opening a specially crafted website, an attacker couldpotentially exploit this to bypass same-origin restrictions.(CVE-2016-1630) It was discovered that the PPB_Flash_MessageLoop_Impl::InternalRun function in Chromium mishandled nested message loops. If a user weretricked in to opening a specially crafted website, an attacker couldpotentially exploit this to bypass same-origin restrictions.(CVE-2016-1631) Multiple use-after-frees were discovered in Blink. If a user were trickedin to opening a specially crafted website, an attacker could potentiallyexploit these to cause a [ more… ]