Release: WSA-2024-0008

aperezdc · aperezdc · commit 33e57835e153 · 2024-12-22T21:20:16.000+02:00
diff --git a/security/2024-12-22-security-advisory-2024-0008.md b/security/2024-12-22-security-advisory-2024-0008.md
@@ -0,0 +1,59 @@
+---
+layout: post
+title: WebKitGTK and WPE WebKit Security Advisory WSA-2024-0008
+permalink: /security/WSA-2024-0008.html
+tags: WSA
+---
+
+* Date Reported: **December 22, 2024**
+
+* Advisory ID: **WSA-2024-0008**
+
+* CVE identifiers: [CVE-2024-54479](#CVE-2024-54479), [CVE-2024-54502](#CVE-2024-54502), [CVE-2024-54505](#CVE-2024-54505), [CVE-2024-54508](#CVE-2024-54508), [CVE-2024-54534](#CVE-2024-54534)
+
+
+Several vulnerabilities were discovered in WebKitGTK and WPE WebKit.
+
+* <a name='CVE-2024-54479' href='https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-54479'>CVE-2024-54479</a>
+  * Versions affected: WebKitGTK and WPE WebKit before 2.46.5.
+  * Credit to Seunghyun Lee.
+  * Impact: Processing maliciously crafted web content may lead to an unexpected process
+    crash Description: The issue was addressed with improved checks.
+  * WebKit Bugzilla: 278497
+
+* <a name='CVE-2024-54502' href='https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-54502'>CVE-2024-54502</a>
+  * Versions affected: WebKitGTK and WPE WebKit before 2.46.5.
+  * Credit to Brendon Tiszka of Google Project Zero.
+  * Impact: Processing maliciously crafted web content may lead to an unexpected process
+    crash Description: The issue was addressed with improved checks.
+  * WebKit Bugzilla: 281912
+
+* <a name='CVE-2024-54505' href='https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-54505'>CVE-2024-54505</a>
+  * Versions affected: WebKitGTK and WPE WebKit before 2.46.5.
+  * Credit to Gary Kwong.
+  * Impact: Processing maliciously crafted web content may lead to memory corruption
+    Description: A type confusion issue was addressed with improved memory handling.
+  * WebKit Bugzilla: 282661
+
+* <a name='CVE-2024-54508' href='https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-54508'>CVE-2024-54508</a>
+  * Versions affected: WebKitGTK and WPE WebKit before 2.46.5.
+  * Credit to linjy of HKUS3Lab and chluo of WHUSecLab, Xiangwei Zhang of Tencent Security YUNDING
+    LAB.
+  * Impact: Processing maliciously crafted web content may lead to an unexpected process
+    crash Description: The issue was addressed with improved memory handling.
+  * WebKit Bugzilla: 282180
+
+* <a name='CVE-2024-54534' href='https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-54534'>CVE-2024-54534</a>
+  * Versions affected: WebKitGTK and WPE WebKit before 2.46.0.
+  * Credit to Tashita Software Security.
+  * Impact: Processing maliciously crafted web content may lead to memory corruption
+    Description: The issue was addressed with improved memory handling.
+  * WebKit Bugzilla: 277967
+
+We recommend updating to the latest stable versions of WebKitGTK and WPE WebKit. It is the
+best way to ensure that you are running safe versions of WebKit. Please check our websites
+for information about the latest stable releases.
+
+Further information about WebKitGTK and WPE WebKit security advisories can be found at:
+[webkitgtk.org/security.html](https://webkitgtk.org/security.html) or
+[wpewebkit.org/security](https://wpewebkit.org/security).
