UBUNTU-CVE-2016-1617

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2016-1617

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2016/UBUNTU-CVE-2016-1617.json

JSON Data

https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2016-1617

Upstream

CVE-2016-1617

Downstream

USN-2877-1

Related

USN-2877-1

Published

2016-01-22T00:00:00Z

Modified

2026-01-30T02:19:28.679104Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N CVSS Calculator
Ubuntu - medium

Summary

[none]

Details

The CSPSource::schemeMatches function in WebKit/Source/core/frame/csp/CSPSource.cpp in the Content Security Policy (CSP) implementation in Blink, as used in Google Chrome before 48.0.2564.82, does not apply http policies to https URLs and does not apply ws policies to wss URLs, which makes it easier for remote attackers to determine whether a specific HSTS web site has been visited by reading a CSP report.

References

Affected packages

Ubuntu:14.04:LTS / chromium-browser

Package

Name: chromium-browser
Purl: pkg:deb/ubuntu/chromium-browser@48.0.2564.82-0ubuntu0.14.04.1.1108?arch=source&distro=trusty

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

48.0.2564.82-0ubuntu0.14.04.1.1108

Affected versions

29.*

29.0.1547.65-0ubuntu2

31.*

31.0.1650.63-0ubuntu1~20131204.1

32.*

32.0.1700.107-0ubuntu1~20140204.977.1

33.*

33.0.1750.152-0ubuntu1~pkg995.1

34.*

34.0.1847.116-0ubuntu2

36.*

36.0.1985.125-0ubuntu1.14.04.0~pkg1029

37.*

37.0.2062.94-0ubuntu0.14.04.1~pkg1042

37.0.2062.120-0ubuntu0.14.04.1~pkg1049

38.*

38.0.2125.111-0ubuntu0.14.04.1.1061

39.*

39.0.2171.65-0ubuntu0.14.04.1.1064

40.*

40.0.2214.94-0ubuntu0.14.04.1.1068

40.0.2214.111-0ubuntu0.14.04.1.1069

41.*

41.0.2272.76-0ubuntu0.14.04.1.1076

43.*

43.0.2357.81-0ubuntu0.14.04.1.1089

43.0.2357.130-0ubuntu0.14.04.1.1092

44.*

44.0.2403.89-0ubuntu0.14.04.1.1095

45.*

45.0.2454.85-0ubuntu0.14.04.1.1097

45.0.2454.101-0ubuntu0.14.04.1.1099

47.*

47.0.2526.73-0ubuntu0.14.04.1.1106

47.0.2526.106-0ubuntu0.14.04.1.1107

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "48.0.2564.82-0ubuntu0.14.04.1.1108",
            "binary_name": "chromium-browser"
        },
        {
            "binary_version": "48.0.2564.82-0ubuntu0.14.04.1.1108",
            "binary_name": "chromium-browser-l10n"
        },
        {
            "binary_version": "48.0.2564.82-0ubuntu0.14.04.1.1108",
            "binary_name": "chromium-chromedriver"
        },
        {
            "binary_version": "48.0.2564.82-0ubuntu0.14.04.1.1108",
            "binary_name": "chromium-codecs-ffmpeg"
        },
        {
            "binary_version": "48.0.2564.82-0ubuntu0.14.04.1.1108",
            "binary_name": "chromium-codecs-ffmpeg-extra"
        }
    ],
    "availability": "No subscription required"
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2016/UBUNTU-CVE-2016-1617.json"

Ubuntu:14.04:LTS / oxide-qt

Package

Name: oxide-qt
Purl: pkg:deb/ubuntu/oxide-qt@1.12.5-0ubuntu0.14.04.1?arch=source&distro=trusty

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.12.5-0ubuntu0.14.04.1

Affected versions

1.*

1.0.0~bzr437-0ubuntu1

1.0.0~bzr452-0ubuntu1

1.0.0~bzr475-0ubuntu1

1.0.0~bzr490-0ubuntu1

1.0.0~bzr501-0ubuntu1

1.0.0~bzr501-0ubuntu2

1.0.4-0ubuntu0.14.04.1

1.0.5-0ubuntu0.14.04.1

1.1.2-0ubuntu0.14.04.1

1.2.5-0ubuntu0.14.04.1

1.3.4-0ubuntu0.14.04.1

1.4.2-0ubuntu0.14.04.1

1.4.3-0ubuntu0.14.04.1

1.5.5-0ubuntu0.14.04.3

1.5.6-0ubuntu0.14.04.2

1.6.5-0ubuntu0.14.04.1

1.6.6-0ubuntu0.14.04.1

1.7.8-0ubuntu0.14.04.1

1.7.9-0ubuntu0.14.04.1

1.8.4-0ubuntu0.14.04.2

1.9.1-0ubuntu0.14.04.2

1.9.5-0ubuntu0.14.04.1

1.10.3-0ubuntu0.14.04.1

1.11.3-0ubuntu0.14.04.1

1.11.4-0ubuntu0.14.04.1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "1.12.5-0ubuntu0.14.04.1",
            "binary_name": "liboxideqt-qmlplugin"
        },
        {
            "binary_version": "1.12.5-0ubuntu0.14.04.1",
            "binary_name": "liboxideqtcore0"
        },
        {
            "binary_version": "1.12.5-0ubuntu0.14.04.1",
            "binary_name": "liboxideqtquick0"
        },
        {
            "binary_version": "1.12.5-0ubuntu0.14.04.1",
            "binary_name": "oxideqmlscene"
        },
        {
            "binary_version": "1.12.5-0ubuntu0.14.04.1",
            "binary_name": "oxideqt-chromedriver"
        },
        {
            "binary_version": "1.12.5-0ubuntu0.14.04.1",
            "binary_name": "oxideqt-codecs"
        },
        {
            "binary_version": "1.12.5-0ubuntu0.14.04.1",
            "binary_name": "oxideqt-codecs-extra"
        }
    ],
    "availability": "No subscription required"
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2016/UBUNTU-CVE-2016-1617.json"