ID CVE-2015-1332 Type cve Reporter cve@mitre.org Modified 2017-08-10T13:52:00
Description
The oxide::JavaScriptDialogManager function in oxide-qt before 1.9.1 as packaged in Ubuntu 15.04 and Ubuntu 14.04 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted website.
{"ubuntu": [{"lastseen": "2020-07-02T11:37:41", "bulletinFamily": "unix", "cvelist": ["CVE-2015-1301", "CVE-2015-1291", "CVE-2015-1332", "CVE-2015-1300", "CVE-2015-1293", "CVE-2015-1294", "CVE-2015-1292", "CVE-2015-1299"], "description": "It was discovered that the DOM tree could be corrupted during parsing in \nsome circumstances. If a user were tricked in to opening a specially \ncrafted website, an attacker could potentially exploit this to bypass \nsame-origin restrictions or cause a denial of service. (CVE-2015-1291)\n\nAn issue was discovered in NavigatorServiceWorker::serviceWorker in Blink. \nIf a user were tricked in to opening a specially crafted website, an \nattacker could potentially exploit this to bypass same-origin \nrestrictions. (CVE-2015-1292)\n\nAn issue was discovered in the DOM implementation in Blink. If a user were \ntricked in to opening a specially crafted website, an attacker could \npotentially exploit this to bypass same-origin restrictions. \n(CVE-2015-1293)\n\nA use-after-free was discovered in Skia. If a user were tricked in to \nopening a specially crafted website, an attacker could potentially exploit \nthis to cause a denial of service via renderer crash, or execute arbitrary \ncode with the privileges of the sandboxed render process. (CVE-2015-1294)\n\nA use-after-free was discovered in the shared-timer implementation in \nBlink. If a user were tricked in to opening a specially crafted website, \nan attacker could potentially exploit this to cause a denial of service \nvia renderer crash, or execute arbitrary code with the privileges of the \nsandboxed render process. (CVE-2015-1299)\n\nIt was discovered that the availability of iframe Resource Timing API \ntimes was not properly restricted in some circumstances. If a user were \ntricked in to opening a specially crafted website, an attacker could \npotentially exploit this to obtain sensitive information. (CVE-2015-1300)\n\nMultiple security issues were discovered in Chromium. If a user were \ntricked in to opening a specially crafted website, an attacker could \npotentially exploit these to read uninitialized memory, cause a denial \nof service via application crash or execute arbitrary code with the \nprivileges of the user invoking the program. (CVE-2015-1301)\n\nA heap corruption issue was discovered in oxide::JavaScriptDialogManager. \nIf a user were tricked in to opening a specially crafted website, an \nattacker could potentially exploit this to cause a denial of service via \napplication crash, or execute arbitrary code with the privileges of the \nuser invoking the program. (CVE-2015-1332)", "edition": 5, "modified": "2015-09-08T00:00:00", "published": "2015-09-08T00:00:00", "id": "USN-2735-1", "href": "https://ubuntu.com/security/notices/USN-2735-1", "title": "Oxide vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2019-05-29T18:36:30", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-1301", "CVE-2015-1291", "CVE-2015-1332", "CVE-2015-1300", "CVE-2015-1293", "CVE-2015-1294", "CVE-2015-1292", "CVE-2015-1299"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2015-09-09T00:00:00", "id": "OPENVAS:1361412562310842433", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842433", "type": "openvas", "title": "Ubuntu Update for oxide-qt USN-2735-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for oxide-qt USN-2735-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842433\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-09-09 06:28:07 +0200 (Wed, 09 Sep 2015)\");\n script_cve_id(\"CVE-2015-1291\", \"CVE-2015-1292\", \"CVE-2015-1293\", \"CVE-2015-1294\",\n \"CVE-2015-1299\", \"CVE-2015-1300\", \"CVE-2015-1301\", \"CVE-2015-1332\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for oxide-qt USN-2735-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'oxide-qt'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that the DOM tree could be\ncorrupted during parsing in some circumstances. If a user were tricked in to\nopening a specially crafted website, an attacker could potentially exploit this to\nbypass same-origin restrictions or cause a denial of service. (CVE-2015-1291)\n\nAn issue was discovered in NavigatorServiceWorker::serviceWorker in Blink.\nIf a user were tricked in to opening a specially crafted website, an\nattacker could potentially exploit this to bypass same-origin\nrestrictions. (CVE-2015-1292)\n\nAn issue was discovered in the DOM implementation in Blink. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit this to bypass same-origin restrictions.\n(CVE-2015-1293)\n\nA use-after-free was discovered in Skia. If a user were tricked in to\nopening a specially crafted website, an attacker could potentially exploit\nthis to cause a denial of service via renderer crash, or execute arbitrary\ncode with the privileges of the sandboxed render process. (CVE-2015-1294)\n\nA use-after-free was discovered in the shared-timer implementation in\nBlink. If a user were tricked in to opening a specially crafted website,\nan attacker could potentially exploit this to cause a denial of service\nvia renderer crash, or execute arbitrary code with the privileges of the\nsandboxed render process. (CVE-2015-1299)\n\nIt was discovered that the availability of iframe Resource Timing API\ntimes was not properly restricted in some circumstances. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit this to obtain sensitive information. (CVE-2015-1300)\n\nMultiple security issues were discovered in Chromium. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit these to read uninitialized memory, cause a denial\nof service via application crash or execute arbitrary code with the\nprivileges of the user invoking the program. (CVE-2015-1301)\n\nA heap corruption issue was discovered in oxide::JavaScriptDialogManager.\nIf a user were tricked in to opening a specially crafted website, an\nattacker could potentially exploit this to cause a denial of service via\napplication crash, or execute arbitrary code with the privileges of the\nuser invoking the program. (CVE-2015-1332)\");\n script_tag(name:\"affected\", value:\"oxide-qt on Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"USN\", value:\"2735-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2735-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU14\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"liboxideqtcore0:amd64\", ver:\"1.9.1-0ubuntu0.14.04.2\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"liboxideqtcore0:i386\", ver:\"1.9.1-0ubuntu0.14.04.2\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-01-20T15:29:03", "description": "It was discovered that the DOM tree could be corrupted during parsing\nin some circumstances. If a user were tricked in to opening a\nspecially crafted website, an attacker could potentially exploit this\nto bypass same-origin restrictions or cause a denial of service.\n(CVE-2015-1291)\n\nAn issue was discovered in NavigatorServiceWorker::serviceWorker in\nBlink. If a user were tricked in to opening a specially crafted\nwebsite, an attacker could potentially exploit this to bypass\nsame-origin restrictions. (CVE-2015-1292)\n\nAn issue was discovered in the DOM implementation in Blink. If a user\nwere tricked in to opening a specially crafted website, an attacker\ncould potentially exploit this to bypass same-origin restrictions.\n(CVE-2015-1293)\n\nA use-after-free was discovered in Skia. If a user were tricked in to\nopening a specially crafted website, an attacker could potentially\nexploit this to cause a denial of service via renderer crash, or\nexecute arbitrary code with the privileges of the sandboxed render\nprocess. (CVE-2015-1294)\n\nA use-after-free was discovered in the shared-timer implementation in\nBlink. If a user were tricked in to opening a specially crafted\nwebsite, an attacker could potentially exploit this to cause a denial\nof service via renderer crash, or execute arbitrary code with the\nprivileges of the sandboxed render process. (CVE-2015-1299)\n\nIt was discovered that the availability of iframe Resource Timing API\ntimes was not properly restricted in some circumstances. If a user\nwere tricked in to opening a specially crafted website, an attacker\ncould potentially exploit this to obtain sensitive information.\n(CVE-2015-1300)\n\nMultiple security issues were discovered in Chromium. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit these to read uninitialized memory, cause a denial\nof service via application crash or execute arbitrary code with the\nprivileges of the user invoking the program. (CVE-2015-1301)\n\nA heap corruption issue was discovered in\noxide::JavaScriptDialogManager. If a user were tricked in to opening a\nspecially crafted website, an attacker could potentially exploit this\nto cause a denial of service via application crash, or execute\narbitrary code with the privileges of the user invoking the program.\n(CVE-2015-1332).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 23, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2015-09-09T00:00:00", "title": "Ubuntu 14.04 LTS / 15.04 : oxide-qt vulnerabilities (USN-2735-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-1301", "CVE-2015-1291", "CVE-2015-1332", "CVE-2015-1300", "CVE-2015-1293", "CVE-2015-1294", "CVE-2015-1292", "CVE-2015-1299"], "modified": "2015-09-09T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:15.04", "p-cpe:/a:canonical:ubuntu_linux:liboxideqtcore0", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-2735-1.NASL", "href": "https://www.tenable.com/plugins/nessus/85872", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2735-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85872);\n script_version(\"2.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-1291\", \"CVE-2015-1292\", \"CVE-2015-1293\", \"CVE-2015-1294\", \"CVE-2015-1299\", \"CVE-2015-1300\", \"CVE-2015-1301\", \"CVE-2015-1332\");\n script_xref(name:\"USN\", value:\"2735-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS / 15.04 : oxide-qt vulnerabilities (USN-2735-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that the DOM tree could be corrupted during parsing\nin some circumstances. If a user were tricked in to opening a\nspecially crafted website, an attacker could potentially exploit this\nto bypass same-origin restrictions or cause a denial of service.\n(CVE-2015-1291)\n\nAn issue was discovered in NavigatorServiceWorker::serviceWorker in\nBlink. If a user were tricked in to opening a specially crafted\nwebsite, an attacker could potentially exploit this to bypass\nsame-origin restrictions. (CVE-2015-1292)\n\nAn issue was discovered in the DOM implementation in Blink. If a user\nwere tricked in to opening a specially crafted website, an attacker\ncould potentially exploit this to bypass same-origin restrictions.\n(CVE-2015-1293)\n\nA use-after-free was discovered in Skia. If a user were tricked in to\nopening a specially crafted website, an attacker could potentially\nexploit this to cause a denial of service via renderer crash, or\nexecute arbitrary code with the privileges of the sandboxed render\nprocess. (CVE-2015-1294)\n\nA use-after-free was discovered in the shared-timer implementation in\nBlink. If a user were tricked in to opening a specially crafted\nwebsite, an attacker could potentially exploit this to cause a denial\nof service via renderer crash, or execute arbitrary code with the\nprivileges of the sandboxed render process. (CVE-2015-1299)\n\nIt was discovered that the availability of iframe Resource Timing API\ntimes was not properly restricted in some circumstances. If a user\nwere tricked in to opening a specially crafted website, an attacker\ncould potentially exploit this to obtain sensitive information.\n(CVE-2015-1300)\n\nMultiple security issues were discovered in Chromium. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit these to read uninitialized memory, cause a denial\nof service via application crash or execute arbitrary code with the\nprivileges of the user invoking the program. (CVE-2015-1301)\n\nA heap corruption issue was discovered in\noxide::JavaScriptDialogManager. If a user were tricked in to opening a\nspecially crafted website, an attacker could potentially exploit this\nto cause a denial of service via application crash, or execute\narbitrary code with the privileges of the user invoking the program.\n(CVE-2015-1332).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2735-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected liboxideqtcore0 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:liboxideqtcore0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:15.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/09/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/09/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/09/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2020 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04|15\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04 / 15.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"liboxideqtcore0\", pkgver:\"1.9.1-0ubuntu0.14.04.2\")) flag++;\nif (ubuntu_check(osver:\"15.04\", pkgname:\"liboxideqtcore0\", pkgver:\"1.9.1-0ubuntu0.15.04.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"liboxideqtcore0\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:11:01", "bulletinFamily": "software", "cvelist": ["CVE-2015-1301", "CVE-2015-1291", "CVE-2015-1332", "CVE-2015-1300", "CVE-2015-1293", "CVE-2015-1294", "CVE-2015-1292", "CVE-2015-1299"], "description": "\r\n\r\n==========================================================================\r\nUbuntu Security Notice USN-2735-1\r\nSeptember 08, 2015\r\n\r\noxide-qt vulnerabilities\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 15.04\r\n- Ubuntu 14.04 LTS\r\n\r\nSummary:\r\n\r\nSeveral security issues were fixed in Oxide.\r\n\r\nSoftware Description:\r\n- oxide-qt: Web browser engine library for Qt (QML plugin)\r\n\r\nDetails:\r\n\r\nIt was discovered that the DOM tree could be corrupted during parsing in\r\nsome circumstances. If a user were tricked in to opening a specially\r\ncrafted website, an attacker could potentially exploit this to bypass\r\nsame-origin restrictions or cause a denial of service. (CVE-2015-1291)\r\n\r\nAn issue was discovered in NavigatorServiceWorker::serviceWorker in Blink.\r\nIf a user were tricked in to opening a specially crafted website, an\r\nattacker could potentially exploit this to bypass same-origin\r\nrestrictions. (CVE-2015-1292)\r\n\r\nAn issue was discovered in the DOM implementation in Blink. If a user were\r\ntricked in to opening a specially crafted website, an attacker could\r\npotentially exploit this to bypass same-origin restrictions.\r\n(CVE-2015-1293)\r\n\r\nA use-after-free was discovered in Skia. If a user were tricked in to\r\nopening a specially crafted website, an attacker could potentially exploit\r\nthis to cause a denial of service via renderer crash, or execute arbitrary\r\ncode with the privileges of the sandboxed render process. (CVE-2015-1294)\r\n\r\nA use-after-free was discovered in the shared-timer implementation in\r\nBlink. If a user were tricked in to opening a specially crafted website,\r\nan attacker could potentially exploit this to cause a denial of service\r\nvia renderer crash, or execute arbitrary code with the privileges of the\r\nsandboxed render process. (CVE-2015-1299)\r\n\r\nIt was discovered that the availability of iframe Resource Timing API\r\ntimes was not properly restricted in some circumstances. If a user were\r\ntricked in to opening a specially crafted website, an attacker could\r\npotentially exploit this to obtain sensitive information. (CVE-2015-1300)\r\n\r\nMultiple security issues were discovered in Chromium. If a user were\r\ntricked in to opening a specially crafted website, an attacker could\r\npotentially exploit these to read uninitialized memory, cause a denial\r\nof service via application crash or execute arbitrary code with the\r\nprivileges of the user invoking the program. (CVE-2015-1301)\r\n\r\nA heap corruption issue was discovered in oxide::JavaScriptDialogManager.\r\nIf a user were tricked in to opening a specially crafted website, an\r\nattacker could potentially exploit this to cause a denial of service via\r\napplication crash, or execute arbitrary code with the privileges of the\r\nuser invoking the program. (CVE-2015-1332)\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 15.04:\r\n liboxideqtcore0 1.9.1-0ubuntu0.15.04.1\r\n\r\nUbuntu 14.04 LTS:\r\n liboxideqtcore0 1.9.1-0ubuntu0.14.04.2\r\n\r\nIn general, a standard system update will make all the necessary changes.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-2735-1\r\n CVE-2015-1291, CVE-2015-1292, CVE-2015-1293, CVE-2015-1294,\r\n CVE-2015-1299, CVE-2015-1300, CVE-2015-1301, CVE-2015-1332,\r\n https://launchpad.net/bugs/1470905\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/oxide-qt/1.9.1-0ubuntu0.15.04.1\r\n https://launchpad.net/ubuntu/+source/oxide-qt/1.9.1-0ubuntu0.14.04.2\r\n\r\n\r\n\r\n\r\n-- \r\nubuntu-security-announce mailing list\r\nubuntu-security-announce@lists.ubuntu.com\r\nModify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\r\n\r\n", "edition": 1, "modified": "2015-09-14T00:00:00", "published": "2015-09-14T00:00:00", "id": "SECURITYVULNS:DOC:32500", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32500", "title": "[USN-2735-1] Oxide vulnerabilities", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}
