SB2017112947 - Fedora 26 update for qt5-qtwebengine
Published: November 29, 2017 Updated: April 24, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 15 secuirty vulnerabilities.
1) Universal XSS (CVE-ID: CVE-2017-5124)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists in the link modal due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary MHTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
2) Use-after-free error (CVE-ID: CVE-2017-5126)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to use-after-free error in PDFium. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
3) Use-after-free error (CVE-ID: CVE-2017-5127)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to use-after-free error in PDFium. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
4) Heap-based buffer overflow (CVE-ID: CVE-2017-5128)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to heap-based buffer overflow in WebGLk. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
5) Use-after-free error (CVE-ID: CVE-2017-5129)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to use-after-free error in WebAudio. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
6) Memory corruption (CVE-ID: CVE-2017-5132)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to incorrect stack manipulation in WebAssembly. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
7) Out-of-bounds write (CVE-ID: CVE-2017-5133)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to out-of-bounds write in Skia. A remote attacker can trick the victim into visiting a specially crafted website trigger out-of-bounds error and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
8) Spoofing attack (CVE-ID: CVE-2017-15386)
The disclosed vulnerability allows a remote attacker to conduct spoofing attacks.
The vulnerability exists due to an error in Blink. A remote attacker can trick the victim into visiting a specially crafted website and spoof the UI.
9) Spoofing attack (CVE-ID: CVE-2017-15387)
The disclosed vulnerability allows a remote attacker to bypass security restrictions.
The vulnerability exists due to an error in Blink. A remote attacker can trick the victim into visiting a specially crafted website and bypass content security restrictions.
10) Out-of-bounds read (CVE-ID: CVE-2017-15388)
The disclosed vulnerability allows a remote attacker to obtain potentially sensitive information.
The vulnerability exists due to out-of-bounds read in Skia. A remote attacker can trick the victim into visiting a specially crafted website and gain access to arbitrary data.
11) Spoofing attack (CVE-ID: CVE-2017-15390)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to URL spoofing in OmniBox. A remote attacker can trick the victim into visiting a specially crafted website and conduct domain spoofing attacks.
Successful exploitation of the vulnerability results in address spoofing.
12) Security restrictions bypass (CVE-ID: CVE-2017-15392)
The vulnerability allows a remote attacker to bypass security restrictions.
The vulnerability exists due to incorrect registry key handling in PlatformIntegration. A remote attacker can trick the victim into visiting a specially crafted website and bypass security restrictions.
13) Spoofing attack (CVE-ID: CVE-2017-15394)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to URL spoofing in extensions UI. A remote attacker can trick the victim into visiting a specially crafted website and conduct domain spoofing attacks.
14) Stack-based buffer overflow (CVE-ID: CVE-2017-15396)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists due to stack-based buffer overflow in V8. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and cause the system to crash.
15) Stack-based buffer overflow (CVE-ID: CVE-2017-15398)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to stack-based buffer overflow in QUIC. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
Remediation
Install update from vendor's website.