Category Archives: Ubuntu

Ubuntu Security Notices

Ubuntu

USN-2989-1: Linux kernel vulnerabilities

June 1, 2016 007admin

Ubuntu Security Notice USN-2989-1

1st June, 2016

linux vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 14.04 LTS

Summary

Several security issues were fixed in the kernel.

Software description

linux
– Linux kernel

Details

Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux
kernel incorrectly enables scatter/gather I/O. A remote attacker could use
this to obtain potentially sensitive information from kernel memory.
(CVE-2016-2117)

Jason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO USB
over wifi device drivers in the Linux kernel. A remote attacker could use
this to cause a denial of service (system crash) or obtain potentially
sensitive information from kernel memory. (CVE-2015-4004)

Andy Lutomirski discovered a race condition in the Linux kernel’s
translation lookaside buffer (TLB) handling of flush events. A local
attacker could use this to cause a denial of service or possibly leak
sensitive information. (CVE-2016-2069)

Ralf Spenneberg discovered that the Linux kernel’s GTCO digitizer USB
device driver did not properly validate endpoint descriptors. An attacker
with physical access could use this to cause a denial of service (system
crash). (CVE-2016-2187)

Hector Marco and Ismael Ripoll discovered that the Linux kernel would
improperly disable Address Space Layout Randomization (ASLR) for x86
processes running in 32 bit mode if stack-consumption resource limits were
disabled. A local attacker could use this to make it easier to exploit an
existing vulnerability in a setuid/setgid program. (CVE-2016-3672)

Andrey Konovalov discovered that the CDC Network Control Model USB driver
in the Linux kernel did not cancel work events queued if a later error
occurred, resulting in a use-after-free. An attacker with physical access
could use this to cause a denial of service (system crash). (CVE-2016-3951)

It was discovered that an out-of-bounds write could occur when handling
incoming packets in the USB/IP implementation in the Linux kernel. A remote
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2016-3955)

Kangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC type 2
Support implementations in the Linux kernel. A local attacker could use
this to obtain potentially sensitive information from kernel memory.
(CVE-2016-4485)

Kangjie Lu discovered an information leak in the routing netlink socket
interface (rtnetlink) implementation in the Linux kernel. A local attacker
could use this to obtain potentially sensitive information from kernel
memory. (CVE-2016-4486)

It was discovered that in some situations the Linux kernel did not handle
propagated mounts correctly. A local unprivileged attacker could use this
to cause a denial of service (system crash). (CVE-2016-4581)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 14.04 LTS:: linux-image-3.13.0-87-powerpc-e500

3.13.0-87.133; linux-image-3.13.0-87-generic

3.13.0-87.133; linux-image-3.13.0-87-powerpc-smp

3.13.0-87.133; linux-image-3.13.0-87-powerpc-e500mc

3.13.0-87.133; linux-image-3.13.0-87-lowlatency

3.13.0-87.133; linux-image-3.13.0-87-generic-lpae

3.13.0-87.133; linux-image-3.13.0-87-powerpc64-smp

3.13.0-87.133; linux-image-3.13.0-87-powerpc64-emb

3.13.0-87.133

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References

Ubuntu

USN-2986-1: dosfstools vulnerabilities

May 31, 2016 007admin

Ubuntu Security Notice USN-2986-1

31st May, 2016

dosfstools vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 16.04 LTS
Ubuntu 15.10
Ubuntu 14.04 LTS
Ubuntu 12.04 LTS

Summary

dosfstools could be made to crash or run programs if it processed a
specially crafted filesystem.

Software description

dosfstools
– utilities for making and checking MS-DOS FAT filesystems

Details

Hanno Böck discovered that dosfstools incorrectly handled certain malformed
filesystems. A local attacker could use this issue to cause dosfstools to
crash, resulting in a denial of service, or possibly execute arbitrary
code.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 16.04 LTS:: dosfstools

3.0.28-2ubuntu0.1
Ubuntu 15.10:: dosfstools

3.0.28-1ubuntu0.1
Ubuntu 14.04 LTS:: dosfstools

3.0.26-1ubuntu0.1
Ubuntu 12.04 LTS:: dosfstools

3.0.12-1ubuntu1.3

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2015-8872,

CVE-2016-4804

Ubuntu

USN-2987-1: GD library vulnerabilities

May 31, 2016 007admin

Ubuntu Security Notice USN-2987-1

31st May, 2016

libgd2 vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 16.04 LTS
Ubuntu 15.10
Ubuntu 14.04 LTS
Ubuntu 12.04 LTS

Summary

The GD library could be made to crash or run programs if it processed a
specially crafted image file.

Software description

libgd2
– GD Graphics Library

Details

It was discovered that the GD library incorrectly handled certain color
tables in XPM images. If a user or automated system were tricked into
processing a specially crafted XPM image, an attacker could cause a denial
of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS.
(CVE-2014-2497)

It was discovered that the GD library incorrectly handled certain malformed
GIF images. If a user or automated system were tricked into processing a
specially crafted GIF image, an attacker could cause a denial of service.
This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS.
(CVE-2014-9709)

It was discovered that the GD library incorrectly handled memory when using
gdImageFillToBorder(). A remote attacker could possibly use this issue to
cause a denial of service. (CVE-2015-8874)

It was discovered that the GD library incorrectly handled memory when using
gdImageScaleTwoPass(). A remote attacker could possibly use this issue to
cause a denial of service. This issue only applied to Ubuntu 14.04 LTS,
Ubuntu 15.10 and Ubuntu 16.04 LTS. (CVE-2015-8877)

Hans Jerry Illikainen discovered that the GD library incorrectly handled
certain malformed GD images. If a user or automated system were tricked
into processing a specially crafted GD image, an attacker could cause a
denial of service or possibly execute arbitrary code. (CVE-2016-3074)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 16.04 LTS:: libgd3

2.1.1-4ubuntu0.16.04.1
Ubuntu 15.10:: libgd3

2.1.1-4ubuntu0.15.10.1
Ubuntu 14.04 LTS:: libgd3

2.1.0-3ubuntu0.1
Ubuntu 12.04 LTS:: libgd2-xpm

2.0.36~rc1~dfsg-6ubuntu2.1; libgd2-noxpm

2.0.36~rc1~dfsg-6ubuntu2.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

Ubuntu

USN-2988-1: LXD vulnerabilities

May 31, 2016 007admin

Ubuntu Security Notice USN-2988-1

31st May, 2016

lxd vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 16.04 LTS
Ubuntu 15.10

Summary

Several security issues were fixed in LXD.

Software description

lxd
– Container hypervisor based on LXC

Details

Robie Basak discovered that LXD incorrectly set permissions when setting up
a loop based ZFS pool. A local attacker could use this issue to copy and
read the data of any LXD container. (CVE-2016-1581)

Robie Basak discovered that LXD incorrectly set permissions when switching
an unprivileged container into privileged mode. A local attacker could use
this issue to access any world readable path in the container directory,
including setuid binaries. (CVE-2016-1582)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 16.04 LTS:: lxd

2.0.2-0ubuntu1~16.04.1
Ubuntu 15.10:: lxd

0.20-0ubuntu4.2

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2016-1581,

CVE-2016-1582

Ubuntu

USN-2985-2: GNU C Library regression

May 26, 2016 007admin

Ubuntu Security Notice USN-2985-2

26th May, 2016

eglibc, glibc regression

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 15.10
Ubuntu 14.04 LTS
Ubuntu 12.04 LTS

Summary

USN-2985-1 introduced a regression in the GNU C Library.

Software description

eglibc
– GNU C Library
glibc
– GNU C Library

Details

USN-2985-1 fixed vulnerabilities in the GNU C Library. The fix for
CVE-2014-9761 introduced a regression which affected applications that
use the libm library but were not fully restarted after the upgrade.
This update removes the fix for CVE-2014-9761 and a future update
will be provided to address this issue.

We apologize for the inconvenience.

Original advisory details:

Martin Carpenter discovered that pt_chown in the GNU C Library did not
properly check permissions for tty files. A local attacker could use this
to gain administrative privileges or expose sensitive information.
(CVE-2013-2207, CVE-2016-2856)

Robin Hack discovered that the Name Service Switch (NSS) implementation in
the GNU C Library did not properly manage its file descriptors. An attacker
could use this to cause a denial of service (infinite loop).
(CVE-2014-8121)

Joseph Myers discovered that the GNU C Library did not properly handle long
arguments to functions returning a representation of Not a Number (NaN). An
attacker could use this to cause a denial of service (stack exhaustion
leading to an application crash) or possibly execute arbitrary code.
(CVE-2014-9761)

Arjun Shankar discovered that in certain situations the nss_dns code in the
GNU C Library did not properly account buffer sizes when passed an
unaligned buffer. An attacker could use this to cause a denial of service
or possibly execute arbitrary code. (CVE-2015-1781)

Sumit Bose and Lukas Slebodnik discovered that the Name Service
Switch (NSS) implementation in the GNU C Library did not handle long
lines in the files databases correctly. A local attacker could use
this to cause a denial of service (application crash) or possibly
execute arbitrary code. (CVE-2015-5277)

Adam Nielsen discovered that the strftime function in the GNU C Library did
not properly handle out-of-range argument data. An attacker could use this
to cause a denial of service (application crash) or possibly expose
sensitive information. (CVE-2015-8776)

Hector Marco and Ismael Ripoll discovered that the GNU C Library allowed
the pointer-guarding protection mechanism to be disabled by honoring the
LD_POINTER_GUARD environment variable across privilege boundaries. A local
attacker could use this to exploit an existing vulnerability more easily.
(CVE-2015-8777)

Szabolcs Nagy discovered that the hcreate functions in the GNU C Library
did not properly check its size argument, leading to an integer overflow.
An attacker could use to cause a denial of service (application crash) or
possibly execute arbitrary code. (CVE-2015-8778)

Maksymilian Arciemowicz discovered a stack-based buffer overflow in the
catopen function in the GNU C Library when handling long catalog names. An
attacker could use this to cause a denial of service (application crash) or
possibly execute arbitrary code. (CVE-2015-8779)

Florian Weimer discovered that the getnetbyname implementation in the GNU C
Library did not properly handle long names passed as arguments. An attacker
could use to cause a denial of service (stack exhaustion leading to an
application crash). (CVE-2016-3075)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 15.10:: libc-bin

2.21-0ubuntu4.3; libc6-dev

2.21-0ubuntu4.3; libc6

2.21-0ubuntu4.3
Ubuntu 14.04 LTS:: libc-bin

2.19-0ubuntu6.9; libc6-dev

2.19-0ubuntu6.9; libc6

2.19-0ubuntu6.9
Ubuntu 12.04 LTS:: libc-bin

2.15-0ubuntu10.15; libc6-dev

2.15-0ubuntu10.15; libc6

2.15-0ubuntu10.15

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to
make all the necessary changes.

References

LP: 1585614

Ubuntu

USN-2985-1: GNU C Library vulnerabilities

May 25, 2016 007admin

Ubuntu Security Notice USN-2985-1

25th May, 2016

eglibc, glibc vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 15.10
Ubuntu 14.04 LTS
Ubuntu 12.04 LTS

Summary

Several security issues were fixed in the GNU C Library.

Software description

eglibc
– GNU C Library
glibc
– GNU C Library

Details

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 15.10:: libc6-dev

2.21-0ubuntu4.2; libc6

2.21-0ubuntu4.2
Ubuntu 14.04 LTS:: libc6-dev

2.19-0ubuntu6.8; libc6

2.19-0ubuntu6.8
Ubuntu 12.04 LTS:: libc6-dev

2.15-0ubuntu10.14; libc6

2.15-0ubuntu10.14

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to
make all the necessary changes.

References

Ubuntu

USN-2950-5: Samba regression

May 25, 2016 007admin

Ubuntu Security Notice USN-2950-5

25th May, 2016

samba regression

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 16.04 LTS
Ubuntu 15.10
Ubuntu 14.04 LTS

Summary

USN-2950-1 introduced a regression in Samba.

Software description

samba
– SMB/CIFS file, print, and login server for Unix

Details

USN-2950-1 fixed vulnerabilities in Samba. USN-2950-3 updated Samba to
version 4.3.9, which introduced a regression when using the ntlm_auth tool.
This update fixes the problem.

Original advisory details:

Jouni Knuutinen discovered that Samba contained multiple flaws in the
DCE/RPC implementation. A remote attacker could use this issue to perform
a denial of service, downgrade secure connections by performing a man in
the middle attack, or possibly execute arbitrary code. (CVE-2015-5370)

Stefan Metzmacher discovered that Samba contained multiple flaws in the
NTLMSSP authentication implementation. A remote attacker could use this
issue to downgrade connections to plain text by performing a man in the
middle attack. (CVE-2016-2110)

Alberto Solino discovered that a Samba domain controller would establish a
secure connection to a server with a spoofed computer name. A remote
attacker could use this issue to obtain sensitive information.
(CVE-2016-2111)

Stefan Metzmacher discovered that the Samba LDAP implementation did not
enforce integrity protection. A remote attacker could use this issue to
hijack LDAP connections by performing a man in the middle attack.
(CVE-2016-2112)

Stefan Metzmacher discovered that Samba did not validate TLS certificates.
A remote attacker could use this issue to spoof a Samba server.
(CVE-2016-2113)

Stefan Metzmacher discovered that Samba did not enforce SMB signing even if
configured to. A remote attacker could use this issue to perform a man in
the middle attack. (CVE-2016-2114)

Stefan Metzmacher discovered that Samba did not enable integrity protection
for IPC traffic. A remote attacker could use this issue to perform a man in
the middle attack. (CVE-2016-2115)

Stefan Metzmacher discovered that Samba incorrectly handled the MS-SAMR and
MS-LSAD protocols. A remote attacker could use this flaw with a man in the
middle attack to impersonate users and obtain sensitive information from
the Security Account Manager database. This flaw is known as Badlock.
(CVE-2016-2118)

Samba has been updated to 4.3.8 in Ubuntu 14.04 LTS and Ubuntu 15.10.
Ubuntu 12.04 LTS has been updated to 3.6.25 with backported security fixes.

In addition to security fixes, the updated packages contain bug fixes,
new features, and possibly incompatible changes. Configuration changes may
be required in certain environments.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 16.04 LTS:: samba

2:4.3.9+dfsg-0ubuntu0.16.04.2
Ubuntu 15.10:: samba

2:4.3.9+dfsg-0ubuntu0.15.10.2
Ubuntu 14.04 LTS:: samba

2:4.3.9+dfsg-0ubuntu0.14.04.3

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

LP: 1578576

Ubuntu

USN-2984-1: PHP vulnerabilities

May 24, 2016 007admin

Ubuntu Security Notice USN-2984-1

24th May, 2016

php5, php7.0 vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 16.04 LTS
Ubuntu 15.10
Ubuntu 14.04 LTS
Ubuntu 12.04 LTS

Summary

Several security issues were fixed in PHP.

Software description

php5
– HTML-embedded scripting language interpreter
php7.0
– HTML-embedded scripting language interpreter

Details

It was discovered that the PHP Fileinfo component incorrectly handled
certain magic files. An attacker could use this issue to cause PHP to
crash, resulting in a denial of service, or possibly execute arbitrary
code. This issue only affected Ubuntu 16.04 LTS. (CVE-2015-8865)

Hans Jerry Illikainen discovered that the PHP Zip extension incorrectly
handled certain malformed Zip archives. A remote attacker could use this
issue to cause PHP to crash, resulting in a denial of service, or possibly
execute arbitrary code. This issue only affected Ubuntu 16.04 LTS.
(CVE-2016-3078)

It was discovered that PHP incorrectly handled invalid indexes in the
SplDoublyLinkedList class. An attacker could use this issue to cause PHP to
crash, resulting in a denial of service, or possibly execute arbitrary
code. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-3132)

It was discovered that the PHP rawurlencode() function incorrectly handled
large strings. A remote attacker could use this issue to cause PHP to
crash, resulting in a denial of service. This issue only affected Ubuntu
16.04 LTS. (CVE-2016-4070)

It was discovered that the PHP php_snmp_error() function incorrectly
handled string formatting. A remote attacker could use this issue to cause
PHP to crash, resulting in a denial of service, or possibly execute
arbitrary code. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-4071)

It was discovered that the PHP phar extension incorrectly handled certain
filenames in archives. A remote attacker could use this issue to cause PHP
to crash, resulting in a denial of service, or possibly execute arbitrary
code. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-4072)

It was discovered that the PHP mb_strcut() function incorrectly handled
string formatting. A remote attacker could use this issue to cause PHP to
crash, resulting in a denial of service, or possibly execute arbitrary
code. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-4073)

It was discovered that the PHP phar extension incorrectly handled certain
archive files. A remote attacker could use this issue to cause PHP to
crash, resulting in a denial of service, or possibly execute arbitrary
code. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and
Ubuntu 15.10. (CVE-2016-4342, CVE-2016-4343)

It was discovered that the PHP bcpowmod() function incorrectly handled
memory. A remote attacker could use this issue to cause PHP to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2016-4537, CVE-2016-4538)

It was discovered that the PHP XML parser incorrectly handled certain
malformed XML data. A remote attacker could possibly use this issue to
cause PHP to crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2016-4539)

It was discovered that certain PHP grapheme functions incorrectly handled
negative offsets. A remote attacker could possibly use this issue to cause
PHP to crash, resulting in a denial of service. (CVE-2016-4540,
CVE-2016-4541)

It was discovered that PHP incorrectly handled certain malformed EXIF tags.
A remote attacker could possibly use this issue to cause PHP to crash,
resulting in a denial of service. (CVE-2016-4542, CVE-2016-4543,
CVE-2016-4544)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 16.04 LTS:: php7.0-fpm

7.0.4-7ubuntu2.1; libapache2-mod-php7.0

7.0.4-7ubuntu2.1; php7.0-cli

7.0.4-7ubuntu2.1; php7.0-cgi

7.0.4-7ubuntu2.1
Ubuntu 15.10:: php5-cli

5.6.11+dfsg-1ubuntu3.4; php5-cgi

5.6.11+dfsg-1ubuntu3.4; libapache2-mod-php5

5.6.11+dfsg-1ubuntu3.4; php5-fpm

5.6.11+dfsg-1ubuntu3.4
Ubuntu 14.04 LTS:: php5-cli

5.5.9+dfsg-1ubuntu4.17; php5-cgi

5.5.9+dfsg-1ubuntu4.17; libapache2-mod-php5

5.5.9+dfsg-1ubuntu4.17; php5-fpm

5.5.9+dfsg-1ubuntu4.17
Ubuntu 12.04 LTS:: php5-cli

5.3.10-1ubuntu3.23; php5-cgi

5.3.10-1ubuntu3.23; libapache2-mod-php5

5.3.10-1ubuntu3.23; php5-fpm

5.3.10-1ubuntu3.23

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

Ubuntu

USN-2973-1: Thunderbird vulnerabilities

May 19, 2016 007admin

Ubuntu Security Notice USN-2973-1

18th May, 2016

thunderbird vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 16.04 LTS
Ubuntu 15.10
Ubuntu 14.04 LTS
Ubuntu 12.04 LTS

Summary

Several security issues were fixed in Thunderbird.

Software description

thunderbird
– Mozilla Open Source mail and newsgroup client

Details

Christian Holler, Tyson Smith, and Phil Ringalda discovered multiple
memory safety issues in Thunderbird. If a user were tricked in to opening
a specially crafted message, an attacker could potentially exploit these
to cause a denial of service via application crash, or execute arbitrary
code. (CVE-2016-2805, CVE-2016-2807)

Hanno Böck discovered that calculations with mp_div and mp_exptmod in NSS
produce incorrect results in some circumstances, resulting in
cryptographic weaknesses. (CVE-2016-1938)

A use-after-free was discovered in ssl3_HandleECDHServerKeyExchange in
NSS. A remote attacker could potentially exploit this to cause a denial of
service via application crash, or execute arbitrary code. (CVE-2016-1978)

A use-after-free was discovered in PK11_ImportDERPrivateKeyInfoAndReturnKey
in NSS. A remote attacker could potentially exploit this to cause a denial
of service via application crash, or execute arbitrary code.
(CVE-2016-1979)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 16.04 LTS:: thunderbird

1:38.8.0+build1-0ubuntu0.16.04.1
Ubuntu 15.10:: thunderbird

1:38.8.0+build1-0ubuntu0.15.10.1
Ubuntu 14.04 LTS:: thunderbird

1:38.8.0+build1-0ubuntu0.14.04.1
Ubuntu 12.04 LTS:: thunderbird

1:38.8.0+build1-0ubuntu0.12.04.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart Thunderbird to make
all the necessary changes.

References

Ubuntu

USN-2960-1: Oxide vulnerabilities

May 19, 2016 007admin

Ubuntu Security Notice USN-2960-1

18th May, 2016

oxide-qt vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 16.04 LTS
Ubuntu 15.10
Ubuntu 14.04 LTS

Summary

Several security issues were fixed in Oxide.

Software description

oxide-qt
– Web browser engine for Qt (QML plugin)

Details

An out of bounds write was discovered in Blink. If a user were tricked in
to opening a specially crafted website, an attacker could potentially
exploit this to cause a denial of service via renderer crash, or execute
arbitrary code. (CVE-2016-1660)

It was discovered that Blink assumes that a frame which passes same-origin
checks is local in some cases. If a user were tricked in to opening a
specially crafted website, an attacker could potentially exploit this to
cause a denial of service via renderer crash, or execute arbitrary code.
(CVE-2016-1661)

A use-after-free was discovered in the V8 bindings in Blink. If a user
were tricked in to opening a specially crafted website, an attacker could
potentially exploit this to cause a denial of service via renderer crash,
or execute arbitrary code. (CVE-2016-1663)

It was discovered that the JSGenericLowering class in V8 mishandles
comparison operators. If a user were tricked in to opening a specially
crafted website, an attacker could potentially exploit this to obtain
sensitive information. (CVE-2016-1665)

Multiple security issues were discovered in Chromium. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to read uninitialized memory, cause a denial
of service via application crash or execute arbitrary code.
(CVE-2016-1666)

It was discovered that the TreeScope::adoptIfNeeded function in Blink
does not prevent script execution during node-adoption operations. If a
user were tricked in to opening a specially crafted website, an attacker
could potentially exploit this to bypass same origin restrictions.
(CVE-2016-1667)

It was discovered that the forEachForBinding in the V8 bindings in Blink
uses an improper creation context. If a user were tricked in to opening a
specially crafted website, an attacker could potentially exploit this to
bypass same origin restrictions. (CVE-2016-1668)

A buffer overflow was discovered in V8. If a user were tricked in to
opening a specially crafted website, an attacker could potentially exploit
this to cause a denial of service via renderer crash, or execute arbitrary
code. (CVE-2016-1669)

A race condition was discovered in ResourceDispatcherHostImpl in Chromium.
An attacker could potentially exploit this to make arbitrary HTTP
requests. (CVE-2016-1670)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 16.04 LTS:: liboxideqtcore0

1.14.9-0ubuntu0.16.04.1
Ubuntu 15.10:: liboxideqtcore0

1.14.9-0ubuntu0.15.10.1
Ubuntu 14.04 LTS:: liboxideqtcore0

1.14.9-0ubuntu0.14.04.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

Ubuntu Security Notice USN-2989-1

linux vulnerabilities

Summary

Software description

Details

Update instructions

References

Ubuntu Security Notice USN-2986-1

dosfstools vulnerabilities

Summary

Software description

Details

Update instructions

References

Ubuntu Security Notice USN-2987-1

libgd2 vulnerabilities

Summary

Software description

Details

Update instructions

References

Ubuntu Security Notice USN-2988-1

lxd vulnerabilities

Summary

Software description

Details

Update instructions

References

Ubuntu Security Notice USN-2985-2

eglibc, glibc regression

Summary

Software description

Details

Update instructions

References

Ubuntu Security Notice USN-2985-1

eglibc, glibc vulnerabilities

Summary

Software description

Details

Update instructions

References

Ubuntu Security Notice USN-2950-5

samba regression

Summary

Software description

Details

Update instructions

References

Ubuntu Security Notice USN-2984-1

php5, php7.0 vulnerabilities

Summary

Software description

Details

Update instructions

References

Ubuntu Security Notice USN-2973-1

thunderbird vulnerabilities

Summary

Software description

Details

Update instructions

References

Ubuntu Security Notice USN-2960-1

oxide-qt vulnerabilities

Summary

Software description

Details

Update instructions

References

Software and Security Information