Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
<opt><USN-2677-1 description="Several security issues were fixed in Oxide.
Software Description:
- oxide-qt: Web browser engine library for Qt (QML plugin)
Details:
An uninitialized value issue was discovered in ICU. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit this to cause a denial of service. (CVE-2015-1270)
A use-after-free was discovered in the GPU process implementation in
Chromium. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to cause a denial of
service via application crash, or execute arbitrary code with the
privileges of the user invoking the program. (CVE-2015-1272)
A use-after-free was discovered in the IndexedDB implementation in
Chromium. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to cause a denial of
service via application crash, or execute arbitrary code with the
privileges of the user invoking the program. (CVE-2015-1276)
A use-after-free was discovered in the accessibility implemetation in
Chromium. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to cause a denial of
service via application crash, or execute arbitrary code with the
privileges of the user invoking the program. (CVE-2015-1277)
A memory corruption issue was discovered in Skia. If a user were tricked
in to opening a specially crafted website, an attacker could potentially
exploit this to cause a denial of service via renderer crash, or execute
arbitrary code with the privileges of the sandboxed render process.
(CVE-2015-1280)
It was discovered that Blink did not properly determine the V8 context of
a microtask in some circumstances. If a user were tricked in to opening a
specially crafted website, an attacker could potentially exploit this to
bypass Content Security Policy (CSP) restrictions. (CVE-2015-1281)
Multiple integer overflows were discovered in Expat. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit this to cause a denial of service via application
crash, or execute arbitrary code with the privileges of the user invoking
the program. (CVE-2015-1283)
It was discovered that Blink did not enforce a page&apos;s maximum number of
frames in some circumstances, resulting in a use-after-free. If a user
were tricked in to opening a specially crafted website, an attacker could
potentially exploit this to cause a denial of service via renderer crash,
or execute arbitrary code with the privileges of the sandboxed render
process. (CVE-2015-1284)
It was discovered that the XSS auditor in Blink did not properly choose a
truncation point. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to obtain sensitive
information. (CVE-2015-1285)
An issue was discovered in the CSS implementation in Blink. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit this to bypass same-origin restrictions.
(CVE-2015-1287)
Multiple security issues were discovered in Chromium. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to read uninitialized memory, cause a denial
of service via application crash or execute arbitrary code with the
privileges of the user invoking the program. (CVE-2015-1289)
A use-after-free was discovered in oxide::qt::URLRequestDelegatedJob in
some circumstances. If a user were tricked in to opening a specially
crafted website, an attacker could potentially exploit this to cause a
denial of service via application crash, or execute arbitrary code with
the privileges of the user invoking the program. (CVE-2015-1329)
A crash was discovered in the regular expression implementation in V8 in
some circumstances. If a user were tricked in to opening a specially
crafted website, an attacker could potentially exploit this to cause a
denial of service. (CVE-2015-5605)" errataFrom="chris.coulson at canonical.com (Chris Coulson)" issue_date="Tue, 4 Aug 2015 17:55:55 +0100" notes="N/A" product="Ubuntu Linux" references="http://www.ubuntu.com/usn/usn-2677-1
CVE-2015-1270, CVE-2015-1272, CVE-2015-1276, CVE-2015-1277,
CVE-2015-1280, CVE-2015-1281, CVE-2015-1283, CVE-2015-1284,
CVE-2015-1285, CVE-2015-1287, CVE-2015-1289, CVE-2015-1329,
CVE-2015-5605, https://launchpad.net/bugs/1466208" release="1" solution="N/A" synopsis="Oxide vulnerabilities" topic="N/A" type="Security Advisory"><packages>liboxideqtcore0-1.8.4-0ubuntu0.14.04.2.amd64-deb.deb</packages><cves>CVE-2015-1270</cves><cves>CVE-2015-1272</cves><cves>CVE-2015-1276</cves><cves>CVE-2015-1277</cves><cves>CVE-2015-1280</cves><cves>CVE-2015-1281</cves><cves>CVE-2015-1283</cves><cves>CVE-2015-1284</cves><cves>CVE-2015-1285</cves><cves>CVE-2015-1287</cves><cves>CVE-2015-1289</cves><cves>CVE-2015-1329</cves><cves>CVE-2015-5605</cves></USN-2677-1><USN-2703-1 description="Cinder could be made to access unintended files over the network by an
authenticated user.
Software Description:
- cinder: OpenStack storage service
Details:
Bastian Blank discovered that Cinder guessed image formats based on
untrusted data. An attacker could use this to read arbitrary files from
the Cinder host." errataFrom="seth.arnold at canonical.com (Seth Arnold)" issue_date="Wed, 5 Aug 2015 19:50:42 -0700" notes="N/A" product="Ubuntu Linux" references="http://www.ubuntu.com/usn/usn-2703-1
CVE-2015-1851" release="1" solution="N/A" synopsis="Cinder vulnerability" topic="N/A" type="Security Advisory"><cves>CVE-2015-1851</cves></USN-2703-1><USN-2705-1 description="Keystone could be made to expose sensitive information over the
network.
Software Description:
- python-keystoneclient: Client library for OpenStack Identity API
- python-keystonemiddleware: Client library for OpenStack Identity API
Details:
Qin Zhao discovered Keystone disabled certification verification when
the &quot;insecure&quot; option is set in a paste configuration (paste.ini)
file regardless of the value, which allows remote attackers to conduct
man-in-the-middle attacks via a crafted certificate. (CVE-2014-7144)
Brant Knudson discovered Keystone disabled certification verification when
the &quot;insecure&quot; option is set in a paste configuration (paste.ini)
file regardless of the value, which allows remote attackers to conduct
man-in-the-middle attacks via a crafted certificate. (CVE-2015-1852)" errataFrom="seth.arnold at canonical.com (Seth Arnold)" issue_date="Wed, 5 Aug 2015 21:11:30 -0700" notes="N/A" product="Ubuntu Linux" references="http://www.ubuntu.com/usn/usn-2705-1
CVE-2014-7144, CVE-2015-1852" release="1" solution="N/A" synopsis="Keystone vulnerabilities" topic="N/A" type="Security Advisory"><packages>python-keystoneclient-1:0.7.1-ubuntu1.2.amd64-deb.deb</packages><cves>CVE-2014-7144</cves><cves>CVE-2015-1852</cves></USN-2705-1><USN-2704-1 description="Several security issues were fixed in Swift.
Software Description:
- swift: OpenStack distributed virtual object store
Details:
Rajaneesh Singh discovered Swift does not properly enforce metadata
limits. An attacker could abuse this issue to store more metadata than
allowed by policy. (CVE-2014-7960)
Clay Gerrard discovered Swift allowed users to delete the latest version
of object regardless of object permissions when allow_version is
configured. An attacker could use this issue to delete objects.
(CVE-2015-1856)" errataFrom="seth.arnold at canonical.com (Seth Arnold)" issue_date="Wed, 5 Aug 2015 20:24:32 -0700" notes="N/A" product="Ubuntu Linux" references="http://www.ubuntu.com/usn/usn-2704-1
CVE-2014-7960, CVE-2015-1856" release="1" solution="N/A" synopsis="Swift vulnerabilities" topic="N/A" type="Security Advisory"><packages>swift-1.13.1-0ubuntu1.2.amd64-deb.deb</packages><packages>swift-1.4.8-0ubuntu2.5.amd64-deb.deb</packages><cves>CVE-2014-7960</cves><cves>CVE-2015-1856</cves></USN-2704-1><USN-2706-1 description="Several security issues were fixed in OpenJDK 6.
Software Description:
- openjdk-6: Open Source Java implementation
Details:
Several vulnerabilities were discovered in the OpenJDK JRE related to
information disclosure, data integrity, and availability. An attacker
could exploit these to cause a denial of service or expose sensitive
data over the network. (CVE-2015-2590, CVE-2015-2628, CVE-2015-4731,
CVE-2015-4732, CVE-2015-4733, CVE-2015-4760, CVE-2015-4748)
Several vulnerabilities were discovered in the cryptographic components
of the OpenJDK JRE. An attacker could exploit these to expose sensitive
data over the network. (CVE-2015-2601, CVE-2015-2808, CVE-2015-4000,
CVE-2015-2625, CVE-2015-2613)
As a security improvement, this update modifies OpenJDK behavior to
disable RC4 TLS/SSL cipher suites by default.
As a security improvement, this update modifies OpenJDK behavior to
reject DH key sizes below 768 bits by default, preventing a possible
downgrade attack.
Several vulnerabilities were discovered in the OpenJDK JRE related
to information disclosure. An attacker could exploit these to expose
sensitive data over the network. (CVE-2015-2621, CVE-2015-2632)
A vulnerability was discovered with how the JNDI component of the
OpenJDK JRE handles DNS resolutions. A remote attacker could exploit
this to cause a denial of service. (CVE-2015-4749)" errataFrom="steve.beattie at canonical.com (Steve Beattie)" issue_date="Thu, 6 Aug 2015 12:45:10 -0700" notes="N/A" product="Ubuntu Linux" references="http://www.ubuntu.com/usn/usn-2706-1
CVE-2015-2590, CVE-2015-2601, CVE-2015-2621, CVE-2015-2625,
CVE-2015-2628, CVE-2015-2632, CVE-2015-2808, CVE-2015-4000,
CVE-2015-4731, CVE-2015-4732, CVE-2015-4733, CVE-2015-4748,
CVE-2015-4749, CVE-2015-4760" release="1" solution="N/A" synopsis="OpenJDK 6 vulnerabilities" topic="N/A" type="Security Advisory"><packages>icedtea-6-jre-cacao-6b36-1.13.8-0ubuntu1~12.04.amd64-deb.deb</packages><packages>icedtea-6-jre-jamvm-6b36-1.13.8-0ubuntu1~12.04.amd64-deb.deb</packages><packages>openjdk-6-jdk-6b36-1.13.8-0ubuntu1~12.04.amd64-deb.deb</packages><packages>openjdk-6-jre-6b36-1.13.8-0ubuntu1~12.04.amd64-deb.deb</packages><packages>openjdk-6-jre-headless-6b36-1.13.8-0ubuntu1~12.04.amd64-deb.deb</packages><packages>openjdk-6-jre-lib-6b36-1.13.8-0ubuntu1~12.04.amd64-deb.deb</packages><packages>openjdk-6-jre-zero-6b36-1.13.8-0ubuntu1~12.04.amd64-deb.deb</packages><packages>openjdk-6-source-6b36-1.13.8-0ubuntu1~12.04.amd64-deb.deb</packages><cves>CVE-2015-2590</cves><cves>CVE-2015-2601</cves><cves>CVE-2015-2621</cves><cves>CVE-2015-2625</cves><cves>CVE-2015-2628</cves><cves>CVE-2015-2632</cves><cves>CVE-2015-2808</cves><cves>CVE-2015-4000</cves><cves>CVE-2015-4731</cves><cves>CVE-2015-4732</cves><cves>CVE-2015-4733</cves><cves>CVE-2015-4748</cves><cves>CVE-2015-4749</cves><cves>CVE-2015-4760</cves></USN-2706-1><USN-2707-1 description="Firefox could be made to expose sensitive information from local files.
Software Description:
- firefox: Mozilla Open Source web browser
Details:
Cody Crews discovered a way to violate the same-origin policy to inject
script in to a non-privileged part of the PDF viewer. If a user were
tricked in to opening a specially crafted website, an attacker could
exploit this to read sensitive information from local files.
(CVE-2015-4495)" errataFrom="chris.coulson at canonical.com (Chris Coulson)" issue_date="Fri, 7 Aug 2015 09:55:15 +0100" notes="N/A" product="Ubuntu Linux" references="http://www.ubuntu.com/usn/usn-2707-1
CVE-2015-4495" release="1" solution="N/A" synopsis="Firefox vulnerability" topic="N/A" type="Security Advisory"><packages>firefox-39.0.3+build2-0ubuntu0.14.04.1.amd64-deb.deb</packages><packages>firefox-39.0.3+build2-0ubuntu0.12.04.1.amd64-deb.deb</packages><cves>CVE-2015-4495</cves></USN-2707-1><USN-2702-1 description="Firefox could be made to crash or run programs as your login if it
opened a malicious website.
Software Description:
- firefox: Mozilla Open Source web browser
Details:
Gary Kwong, Christian Holler, Byron Campen, Tyson Smith, Bobby Holley,
Chris Coulson, and Eric Rahm discovered multiple memory safety issues in
Firefox. If a user were tricked in to opening a specially crafted website,
an attacker could potentially exploit these to cause a denial of service
via application crash, or execute arbitrary code with the privileges of
the user invoking Firefox. (CVE-2015-4473, CVE-2015-4474)
Aki Helin discovered an out-of-bounds read when playing malformed MP3
content in some circumstances. If a user were tricked in to opening a
specially crafted website, an attacker could potentially exploit this to
obtain sensitive information, cause a denial of service via application
crash, or execute arbitrary code with the privileges of the user invoking
Firefox. (CVE-2015-4475)
A use-after-free was discovered during MediaStream playback in some
circumstances. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to cause a denial of
service via application crash or execute arbitrary code with the
priviliges of the user invoking Firefox. (CVE-2015-4477)
Andr? Bargull discovered that non-configurable properties on javascript
objects could be redefined when parsing JSON. If a user were tricked in to
opening a specially crafted website, an attacker could potentially exploit
this to bypass same-origin restrictions. (CVE-2015-4478)
Multiple integer overflows were discovered in libstagefright. If a user
were tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service via application
crash, or execute arbitrary code with the privileges of the user invoking
Firefox. (CVE-2015-4479, CVE-2015-4480, CVE-2015-4493)
Jukka Jyl?nki discovered a crash that occurs because javascript does not
properly gate access to Atomics or SharedArrayBuffers in some
circumstances. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to cause a denial of
service. (CVE-2015-4484)
Abhishek Arya discovered 2 buffer overflows in libvpx when decoding
malformed WebM content in some circumstances. If a user were tricked in
to opening a specially crafted website, an attacker could potentially
exploit these to cause a denial of service via application crash, or
execute arbitrary code with the privileges of the user invoking Firefox.
(CVE-2015-4485, CVE-2015-4486)
Ronald Crane reported 3 security issues. If a user were tricked in to
opening a specially crafted website, an attacker could potentially
exploit these, in combination with another security vulnerability, to
cause a denial of service via application crash, or execute arbitrary
code with the privileges of the user invoking Firefox. (CVE-2015-4487,
CVE-2015-4488, CVE-2015-4489)
Christoph Kerschbaumer discovered an issue with Mozilla&apos;s implementation
of Content Security Policy (CSP), which could allow for a more permissive
usage in some cirucumstances. An attacker could potentially exploit this
to conduct cross-site scripting (XSS) attacks. (CVE-2015-4490)
Gustavo Grieco discovered a heap overflow in gdk-pixbuf. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit this to cause a denial of service via application
crash or execute arbitrary code with the priviliges of the user invoking
Firefox. (CVE-2015-4491)
Looben Yang discovered a use-after-free when using XMLHttpRequest with
shared workers in some circumstances. If a user were tricked in to opening
a specially crafted website, an attacker could potentially exploit this to
cause a denial of service via application crash or execute arbitrary code
with the priviliges of the user invoking Firefox. (CVE-2015-4492)" errataFrom="chris.coulson at canonical.com (Chris Coulson)" issue_date="Tue, 11 Aug 2015 19:37:59 +0100" notes="N/A" product="Ubuntu Linux" references="http://www.ubuntu.com/usn/usn-2702-1
CVE-2015-4473, CVE-2015-4474, CVE-2015-4475, CVE-2015-4477,
CVE-2015-4478, CVE-2015-4479, CVE-2015-4480, CVE-2015-4484,
CVE-2015-4485, CVE-2015-4486, CVE-2015-4487, CVE-2015-4488,
CVE-2015-4489, CVE-2015-4490, CVE-2015-4491, CVE-2015-4492,
CVE-2015-4493" release="1" solution="N/A" synopsis="Firefox vulnerabilities" topic="N/A" type="Security Advisory"><packages>firefox-40.0+build4-0ubuntu0.14.04.1.amd64-deb.deb</packages><packages>firefox-40.0+build4-0ubuntu0.12.04.1.amd64-deb.deb</packages><cves>CVE-2015-4473</cves><cves>CVE-2015-4474</cves><cves>CVE-2015-4475</cves><cves>CVE-2015-4477</cves><cves>CVE-2015-4478</cves><cves>CVE-2015-4479</cves><cves>CVE-2015-4480</cves><cves>CVE-2015-4484</cves><cves>CVE-2015-4485</cves><cves>CVE-2015-4486</cves><cves>CVE-2015-4487</cves><cves>CVE-2015-4488</cves><cves>CVE-2015-4489</cves><cves>CVE-2015-4490</cves><cves>CVE-2015-4491</cves><cves>CVE-2015-4492</cves><cves>CVE-2015-4493</cves></USN-2702-1><USN-2702-2 description="This update provides compatible packages for Firefox 40.
Software Description:
- ubufox: Ubuntu modifications for Firefox
Details:
USN-2702-1 fixed vulnerabilities in Firefox. This update provides the
corresponding updates for Ubufox.
Original advisory details:
Gary Kwong, Christian Holler, Byron Campen, Tyson Smith, Bobby Holley,
Chris Coulson, and Eric Rahm discovered multiple memory safety issues in
Firefox. If a user were tricked in to opening a specially crafted website,
an attacker could potentially exploit these to cause a denial of service
via application crash, or execute arbitrary code with the privileges of
the user invoking Firefox. (CVE-2015-4473, CVE-2015-4474)
Aki Helin discovered an out-of-bounds read when playing malformed MP3
content in some circumstances. If a user were tricked in to opening a
specially crafted website, an attacker could potentially exploit this to
obtain sensitive information, cause a denial of service via application
crash, or execute arbitrary code with the privileges of the user invoking
Firefox. (CVE-2015-4475)
A use-after-free was discovered during MediaStream playback in some
circumstances. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to cause a denial of
service via application crash or execute arbitrary code with the
priviliges of the user invoking Firefox. (CVE-2015-4477)
Andr? Bargull discovered that non-configurable properties on javascript
objects could be redefined when parsing JSON. If a user were tricked in to
opening a specially crafted website, an attacker could potentially exploit
this to bypass same-origin restrictions. (CVE-2015-4478)
Multiple integer overflows were discovered in libstagefright. If a user
were tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service via application
crash, or execute arbitrary code with the privileges of the user invoking
Firefox. (CVE-2015-4479, CVE-2015-4480, CVE-2015-4493)
Jukka Jyl?nki discovered a crash that occurs because javascript does not
properly gate access to Atomics or SharedArrayBuffers in some
circumstances. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to cause a denial of
service. (CVE-2015-4484)
Abhishek Arya discovered 2 buffer overflows in libvpx when decoding
malformed WebM content in some circumstances. If a user were tricked in
to opening a specially crafted website, an attacker could potentially
exploit these to cause a denial of service via application crash, or
execute arbitrary code with the privileges of the user invoking Firefox.
(CVE-2015-4485, CVE-2015-4486)
Ronald Crane reported 3 security issues. If a user were tricked in to
opening a specially crafted website, an attacker could potentially
exploit these, in combination with another security vulnerability, to
cause a denial of service via application crash, or execute arbitrary
code with the privileges of the user invoking Firefox. (CVE-2015-4487,
CVE-2015-4488, CVE-2015-4489)
Christoph Kerschbaumer discovered an issue with Mozilla&apos;s implementation
of Content Security Policy (CSP), which could allow for a more permissive
usage in some cirucumstances. An attacker could potentially exploit this
to conduct cross-site scripting (XSS) attacks. (CVE-2015-4490)
Gustavo Grieco discovered a heap overflow in gdk-pixbuf. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit this to cause a denial of service via application
crash or execute arbitrary code with the priviliges of the user invoking
Firefox. (CVE-2015-4491)
Looben Yang discovered a use-after-free when using XMLHttpRequest with
shared workers in some circumstances. If a user were tricked in to opening
a specially crafted website, an attacker could potentially exploit this to
cause a denial of service via application crash or execute arbitrary code
with the priviliges of the user invoking Firefox. (CVE-2015-4492)" errataFrom="chris.coulson at canonical.com (Chris Coulson)" issue_date="Tue, 11 Aug 2015 19:50:09 +0100" notes="N/A" product="Ubuntu Linux" references="http://www.ubuntu.com/usn/usn-2702-2
http://www.ubuntu.com/usn/usn-2702-1
https://launchpad.net/bugs/1483858" release="1" solution="N/A" synopsis="Ubufox update" topic="N/A" type="Security Advisory"><packages>xul-ext-ubufox-3.1-0ubuntu0.14.04.1.amd64-deb.deb</packages><packages>xul-ext-ubufox-3.1-0ubuntu0.12.04.1.amd64-deb.deb</packages></USN-2702-2></opt>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.