Bug 1527759 (CVE-2017-7156)

Summary: CVE-2017-7156 webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution
Product: [Other] Security Response Reporter: Sam Fowler <sfowler>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NOTABUG QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: erik-fedora, extras-orphan, gnome-sig, kevin, klember, mcatanzaro+wrong-account-do-not-cc, peter, tpopela, tuxator, walter.pete
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: webkitgtk 2.18.4 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-02-16 05:02:44 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1527748, 1527749, 1527750, 1527751, 1527752, 1546014    
Bug Blocks: 1527762    

Description Sam Fowler 2017-12-20 03:42:30 UTC 
Processing maliciously crafted web content in WebKitGTK+ before version 2.18.4 may lead to arbitrary code execution. Technical details are currently unknown.

References:
https://webkitgtk.org/security/WSA-2017-0010.html
https://vuldb.com/?id.110748
Comment 1 Sam Fowler 2017-12-21 06:33:29 UTC 
Created mingw-webkitgtk tracking bugs for this issue:

Affects: fedora-all [bug 1527750]


Created mingw-webkitgtk3 tracking bugs for this issue:

Affects: fedora-all [bug 1527752]


Created webkitgtk tracking bugs for this issue:

Affects: epel-all [bug 1527748]
Affects: fedora-all [bug 1527751]


Created webkitgtk4 tracking bugs for this issue:

Affects: fedora-all [bug 1527749]