Executive Summary
| Summary | |
|---|---|
| Title | Oxide vulnerabilities |
| Informations | |||
|---|---|---|---|
| Name | USN-2326-1 | First vendor Publication | 2014-09-02 |
| Vendor | Ubuntu | Last vendor Modification | 2014-09-02 |
| Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 10 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 LTS Summary: Several security issues were fixed in Oxide. Software Description: - oxide-qt: Web browser engine library for Qt (QML plugin) Details: A use-after-free was discovered in the SVG implementation in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash, or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2014-3168) A use-after-free was discovered in the DOM implementation in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash, or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2014-3169) A use-after-free was discovered in V8. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash, or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2014-3171) It was discovered that WebGL clear calls did not interact properly with the state of a draw buffer. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service. (CVE-2014-3173) A threading issue was discovered in the Web Audio API during attempts to update biquad filter coefficients. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service. (CVE-2014-3174) Multiple security issues were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking the program. (CVE-2014-3175) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 LTS: In general, a standard system update will make all the necessary changes. References: Package Information: |
Original Source
| Url : http://www.ubuntu.com/usn/USN-2326-1 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:26033 | |||
| Oval ID: | oval:org.mitre.oval:def:26033 | ||
| Title: | The WebGL implementation in Google Chrome before 37.0.2062.94 does not ensure that clear calls interact properly with the state of a draw buffer | ||
| Description: | The WebGL implementation in Google Chrome before 37.0.2062.94 does not ensure that clear calls interact properly with the state of a draw buffer, which allows remote attackers to cause a denial of service (read of uninitialized memory) via a crafted CANVAS element, related to gpu/command_buffer/service/framebuffer_manager.cc and gpu/command_buffer/service/gles2_cmd_decoder.cc. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2014-3173 | Version: | 3 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:26543 | |||
| Oval ID: | oval:org.mitre.oval:def:26543 | ||
| Title: | Use-after-free vulnerability in core/dom/ContainerNode.cpp in the DOM implementation in Blink, as used in Google Chrome before 37.0.2062.94 | ||
| Description: | Use-after-free vulnerability in core/dom/ContainerNode.cpp in the DOM implementation in Blink, as used in Google Chrome before 37.0.2062.94, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging script execution that occurs before notification of node removal. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2014-3169 | Version: | 3 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:26585 | |||
| Oval ID: | oval:org.mitre.oval:def:26585 | ||
| Title: | modules/webaudio/BiquadDSPKernel.cpp in the Web Audio API implementation in Blink, as used in Google Chrome before 37.0.2062.94, does not properly consider concurrent threads during attempts to update biquad filter coefficients | ||
| Description: | modules/webaudio/BiquadDSPKernel.cpp in the Web Audio API implementation in Blink, as used in Google Chrome before 37.0.2062.94, does not properly consider concurrent threads during attempts to update biquad filter coefficients, which allows remote attackers to cause a denial of service (read of uninitialized memory) via crafted API calls. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2014-3174 | Version: | 3 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:26639 | |||
| Oval ID: | oval:org.mitre.oval:def:26639 | ||
| Title: | Multiple unspecified vulnerabilities in Google Chrome before 37.0.2062.94 allow attackers to cause a denial of service or possibly have other impact via unknown vectors | ||
| Description: | Multiple unspecified vulnerabilities in Google Chrome before 37.0.2062.94 allow attackers to cause a denial of service or possibly have other impact via unknown vectors, related to the load_truetype_glyph function in truetype/ttgload.c in FreeType and other functions in other components. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2014-3175 | Version: | 3 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:26672 | |||
| Oval ID: | oval:org.mitre.oval:def:26672 | ||
| Title: | Use-after-free vulnerability in the SVG implementation in Blink, as used in Google Chrome before 37.0.2062.94 | ||
| Description: | Use-after-free vulnerability in the SVG implementation in Blink, as used in Google Chrome before 37.0.2062.94, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper caching associated with animation. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2014-3168 | Version: | 3 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:26678 | |||
| Oval ID: | oval:org.mitre.oval:def:26678 | ||
| Title: | USN-2326-1 -- oxide-qt vulnerabilities | ||
| Description: | Several security issues were fixed in Oxide. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-2326-1 CVE-2014-3168 CVE-2014-3169 CVE-2014-3171 CVE-2014-3173 CVE-2014-3174 CVE-2014-3175 | Version: | 3 |
| Platform(s): | Ubuntu 14.04 | Product(s): | oxide-qt |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:26727 | |||
| Oval ID: | oval:org.mitre.oval:def:26727 | ||
| Title: | Use-after-free vulnerability in the V8 bindings in Blink, as used in Google Chrome before 37.0.2062.94 | ||
| Description: | Use-after-free vulnerability in the V8 bindings in Blink, as used in Google Chrome before 37.0.2062.94, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper use of HashMap add operations instead of HashMap set operations, related to bindings/core/v8/DOMWrapperMap.h and bindings/core/v8/SerializedScriptValue.cpp. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2014-3171 | Version: | 3 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
CPE : Common Platform Enumeration
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2014-09-30 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-3039.nasl - Type : ACT_GATHER_INFO |
| 2014-09-23 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-550.nasl - Type : ACT_GATHER_INFO |
| 2014-09-03 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2326-1.nasl - Type : ACT_GATHER_INFO |
| 2014-08-30 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201408-16.nasl - Type : ACT_GATHER_INFO |
| 2014-08-27 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_fd5f305d2d3d11e4aa3d00262d5ed8ee.nasl - Type : ACT_GATHER_INFO |
| 2014-08-27 | Name : The remote host contains a web browser that is affected by multiple vulnerabi... File : google_chrome_37_0_2062_94.nasl - Type : ACT_GATHER_INFO |
| 2014-08-27 | Name : The remote Mac OS X host contains a web browser that is affected by multiple ... File : macosx_google_chrome_37_0_2062_94.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-09-04 13:24:43 |
|
| 2014-09-03 00:21:35 |
|
