Please enable Javascript in your browser to view this page properly!

    Es sind keine aktuell gesichteten CVEs verfügbar
    Sie können hier für Sie wichtige CVEs anheften, um sie später schneller wiederfinden zu können.

Wednesday, 11.02.2015

Ubuntu Security Notice USN-2495-1

 
Ubuntu Linux Logo

Fixed vulnerabilities:


  • CVE-2015-1209 (VulnLIB link)
A use-after-free bug was discovered in the DOM implementation in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process.
    • 

  • CVE-2015-1210 (VulnLIB link)
It was discovered that V8 did not properly consider frame access restrictions when throwing exceptions in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same origin restrictions.
    • 

  • CVE-2015-1211 (VulnLIB link)
It was discovered that Chromium did not properly restrict the URI scheme during ServiceWorker registration. If a user were tricked in to downloading and opening a specially crafted HTML file, an attacker could potentially exploit this to bypass security restrictions.
    • 

  • CVE-2015-1212 (VulnLIB link)
Multiple security issues were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking the program.
    • 



Affected releases:


  • Ubuntu 14.10
  • Ubuntu 14.04 LTS


Software description:


  • oxide-qt - Web browser engine library for Qt (QML plugin) 


Solution:


  • Check VulnLIB for fixes for CVEs listed above and the source.


Source:
Geposted von Ali Elci


Ali Elci is an IT security specialist with more than 16 years of experience consulting for government and industry, an advocate for transparency and standardization in security reporting, and the founder of Ciproc GmbH.

VulnLIB Enterprise Auditor ist ein leistungsfähiges, innovatives Tool, welches eine umfassende, tagesaktuelle Kontrolle über fehlende Sicherheitsupdates einer kompletten IT-Infrastruktur bereitstellen kann; gleichzeitig liefert es spezifische Empfehlungen für Patches und Upgrades der Softwarehersteller.

mehr

© 2014 Ciproc GmbH

Danke sehr!