[월:] 2016년 08월

USN-3041-1: Oxide vulnerabilities Ubuntu Security Notice USN-3041-1 5th August, 2016 oxide-qt vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in Oxide. Software description oxide-qt – Web browser engine for Qt (QML plugin) Details Multiple security issues were discovered in Chromium. If a user weretricked in to opening a specially crafted website, an attacker couldpotentially exploit these to read uninitialized memory, cause a denialof service (application crash) or execute arbitrary code. (CVE-2016-1705) It was discovered that the PPAPI implementation does not validate theorigin of IPC messages to the plugin broker process. A remote attackercould potentially exploit this to bypass sandbox protection mechanisms.(CVE-2016-1706) It was discovered that Blink does not prevent window creation by adeferred frame. A remote attacker could potentially exploit this to bypasssame origin [ more… ]

USN-3044-1: Firefox vulnerabilities Ubuntu Security Notice USN-3044-1 5th August, 2016 firefox vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Firefox could be made to crash or run programs as your login if it opened a malicious website. Software description firefox – Mozilla Open Source web browser Details Gustavo Grieco discovered an out-of-bounds read during XML parsing insome circumstances. If a user were tricked in to opening a speciallycrafted website, an attacker could potentially exploit this to cause adenial of service via application crash, or obtain sensitive information.(CVE-2016-0718) Toni Huttunen discovered that once a favicon is requested from a site,the remote server can keep the network connection open even after the pageis closed. A remote attacked could potentially exploit this to trackusers, resulting in information disclosure. (CVE-2016-2830) [ more… ]