Executive Summary
Summary | |
---|---|
Title | Oxide vulnerabilities |
Informations | |||
---|---|---|---|
Name | USN-2320-1 | First vendor Publication | 2014-08-20 |
Vendor | Ubuntu | Last vendor Modification | 2014-08-20 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 LTS Summary: Several security issues were fixed in Oxide. Software Description: - oxide-qt: Web browser engine library for Qt (QML plugin) Details: A use-after-free was discovered in the websockets implementation in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash. (CVE-2014-3165) An issue was discovered in the Public Key Pinning implementation in Chromium. An attacker could potentially exploit this to obtain sensitive information. (CVE-2014-3166) Multiple security issues were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking the program. (CVE-2014-3167) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 LTS: In general, a standard system update will make all the necessary changes. References: Package Information: |
Original Source
Url : http://www.ubuntu.com/usn/USN-2320-1 |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:25510 | |||
Oval ID: | oval:org.mitre.oval:def:25510 | ||
Title: | Use-after-free vulnerability in modules/websockets/WorkerThreadableWebSocketChannel.cpp in the Web Sockets implementation in Blink, as used in Google Chrome before 36.0.1985.143 | ||
Description: | Use-after-free vulnerability in modules/websockets/WorkerThreadableWebSocketChannel.cpp in the Web Sockets implementation in Blink, as used in Google Chrome before 36.0.1985.143, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an unexpectedly long lifetime of a temporary object during method completion. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-3165 | Version: | 3 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | Google Chrome |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:25970 | |||
Oval ID: | oval:org.mitre.oval:def:25970 | ||
Title: | Multiple unspecified vulnerabilities in Google Chrome before 36.0.1985.143 allow attackers to cause a denial of service or possibly have other impact via unknown vectors | ||
Description: | Multiple unspecified vulnerabilities in Google Chrome before 36.0.1985.143 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-3167 | Version: | 3 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | Google Chrome |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:26311 | |||
Oval ID: | oval:org.mitre.oval:def:26311 | ||
Title: | The Public Key Pinning (PKP) implementation in Google Chrome before 36.0.1985.143 on Windows does not correctly consider the properties of SPDY connections | ||
Description: | The Public Key Pinning (PKP) implementation in Google Chrome before 36.0.1985.143 on Windows, OS X, and Linux, and before 36.0.1985.135 on Android, does not correctly consider the properties of SPDY connections, which allows remote attackers to obtain sensitive information by leveraging the use of multiple domain names. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-3166 | Version: | 4 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | Google Chrome |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:26624 | |||
Oval ID: | oval:org.mitre.oval:def:26624 | ||
Title: | USN-2320-1 -- oxide-qt vulnerabilities | ||
Description: | Several security issues were fixed in Oxide. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-2320-1 CVE-2014-3165 CVE-2014-3166 CVE-2014-3167 | Version: | 3 |
Platform(s): | Ubuntu 14.04 | Product(s): | oxide-qt |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-09-30 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-3039.nasl - Type : ACT_GATHER_INFO |
2014-08-30 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201408-16.nasl - Type : ACT_GATHER_INFO |
2014-08-21 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2320-1.nasl - Type : ACT_GATHER_INFO |
2014-08-14 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_df7754c0229411e4b505000c6e25e3e9.nasl - Type : ACT_GATHER_INFO |
2014-08-13 | Name : The remote host contains a web browser that is affected by multiple vulnerabi... File : google_chrome_36_0_1985_143.nasl - Type : ACT_GATHER_INFO |
2014-08-13 | Name : The remote Mac OS X host contains a web browser that is affected by multiple ... File : macosx_google_chrome_36_0_1985_143.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-08-22 13:26:52 |
|
2014-08-21 00:27:00 |
|