SECURITY

USN-2895-1: Oxide vulnerabilities Ubuntu Security Notice USN-2895-1 18th February, 2016 oxide-qt vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 14.04 LTS Summary Several security issues were fixed in Oxide. Software description oxide-qt – Web browser engine library for Qt (QML plugin) Details The DOM implementation in Chromium did not properly restrict frame-attachoperations from occurring during or after frame-detach operations. If auser were tricked in to opening a specially crafted website, an attackercould potentially exploit this to bypass same-origin restrictions.(CVE-2016-1623) An integer underflow was discovered in Brotli. If a user were tricked into opening a specially crafted website, an attacker could potentiallyexploit this to cause a denial of service via application crash, orexecute arbitrary code with the privileges of the user invoking theprogram. (CVE-2016-1624) Update instructions The problem can be corrected by updating your [ more… ]