CVE-2014-7904)Multiple use-after-frees were discovered in Blink. If a user were trickedin to opening a specially crafted website, an attacked could potentiallyexploit these to cause a denial of service via renderer crash or executearbitrary code with the privileges of the sandboxed render process.(CVE-2014-7907)An integer overflow was discovered in media. If a user were tricked in toopening a specially crafted website, an attacked could potentially exploitthis to cause a denial of service via renderer crash or execute arbitrarycode with the privileges of the sandboxed render process. (CVE-2014-7908)An uninitialized memory read was discovered in Skia. If a user weretricked in to opening a specially crafted website, an attacker couldpotentially exploit this to cause a denial of service via renderer crash.(CVE-2014-7909)Multiple security issues were discovered in Chromium. If a user weretricked in to opening a specially crafted website, an attacker couldpotentially exploit these to read uninitialized memory, cause a denial ofservice via application crash or execute arbitrary code with theprivileges of the user invoking the program. (CVE-2014-7910)"> OVAL Reference oval:org.mitre.oval:def:27637 - CERT Civis.Net
Oval Definition:oval:org.mitre.oval:def:27637
Revision Date:2015-03-09Version:5
Title:USN-2410-1 -- Oxide vulnerabilities
Description:A buffer overflow was discovered in Skia. If a user were tricked in toopening a specially crafted website, an attacked could potentially exploitthis to cause a denial of service via renderer crash or execute arbitrarycode with the privileges of the sandboxed render process. (CVE-2014-7904)Multiple use-after-frees were discovered in Blink. If a user were trickedin to opening a specially crafted website, an attacked could potentiallyexploit these to cause a denial of service via renderer crash or executearbitrary code with the privileges of the sandboxed render process.(CVE-2014-7907)An integer overflow was discovered in media. If a user were tricked in toopening a specially crafted website, an attacked could potentially exploitthis to cause a denial of service via renderer crash or execute arbitrarycode with the privileges of the sandboxed render process. (CVE-2014-7908)An uninitialized memory read was discovered in Skia. If a user weretricked in to opening a specially crafted website, an attacker couldpotentially exploit this to cause a denial of service via renderer crash.(CVE-2014-7909)Multiple security issues were discovered in Chromium. If a user weretricked in to opening a specially crafted website, an attacker couldpotentially exploit these to read uninitialized memory, cause a denial ofservice via application crash or execute arbitrary code with theprivileges of the user invoking the program. (CVE-2014-7910)
Family:unixClass:patch
Status:ACCEPTEDReference(s):CVE-2014-7904
CVE-2014-7907
CVE-2014-7908
CVE-2014-7909
CVE-2014-7910
USN-2410-1
Platform(s):Ubuntu 14.04
Ubuntu 14.10
Product(s):oxide-qt
Definition Synopsis
  • Ubuntu 14.10 release section
  • Ubuntu 14.10 is installed
  • AND Packages match section
  • liboxideqtcore0 is earlier than 0:1.3.4-0ubuntu0.14.10.1
  • OR oxideqt-codecs is earlier than 0:1.3.4-0ubuntu0.14.10.1
  • OR oxideqt-codecs-extra is earlier than 0:1.3.4-0ubuntu0.14.10.1
  • Ubuntu 14.04 release section
  • Ubuntu 14.04 is installed
  • AND Packages match section
  • liboxideqtcore0 is earlier than 0:1.3.4-0ubuntu0.14.04.1
  • OR oxideqt-codecs is earlier than 0:1.3.4-0ubuntu0.14.04.1
  • OR oxideqt-codecs-extra is earlier than 0:1.3.4-0ubuntu0.14.04.1
    • BACK