From 33e57835e1534c9bcf9a0bcaed940f8769ba0bc1 Mon Sep 17 00:00:00 2001
From: Adrian Perez de Castro <aperez@igalia.com>
Date: Sun, 22 Dec 2024 21:20:16 +0200
Subject: [PATCH] Release: WSA-2024-0008

---
 .../2024-12-22-security-advisory-2024-0008.md | 59 +++++++++++++++++++
 1 file changed, 59 insertions(+)
 create mode 100644 security/2024-12-22-security-advisory-2024-0008.md

diff --git a/security/2024-12-22-security-advisory-2024-0008.md b/security/2024-12-22-security-advisory-2024-0008.md
new file mode 100644
index 000000000..27e45101b
--- /dev/null
+++ b/security/2024-12-22-security-advisory-2024-0008.md
@@ -0,0 +1,59 @@
+---
+layout: post
+title: WebKitGTK and WPE WebKit Security Advisory WSA-2024-0008
+permalink: /security/WSA-2024-0008.html
+tags: WSA
+---
+
+* Date Reported: **December 22, 2024**
+
+* Advisory ID: **WSA-2024-0008**
+
+* CVE identifiers: [CVE-2024-54479](#CVE-2024-54479), [CVE-2024-54502](#CVE-2024-54502), [CVE-2024-54505](#CVE-2024-54505), [CVE-2024-54508](#CVE-2024-54508), [CVE-2024-54534](#CVE-2024-54534)
+
+
+Several vulnerabilities were discovered in WebKitGTK and WPE WebKit.
+
+* <a name='CVE-2024-54479' href='https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-54479'>CVE-2024-54479</a>
+  * Versions affected: WebKitGTK and WPE WebKit before 2.46.5.
+  * Credit to Seunghyun Lee.
+  * Impact: Processing maliciously crafted web content may lead to an unexpected process
+    crash Description: The issue was addressed with improved checks.
+  * WebKit Bugzilla: 278497
+
+* <a name='CVE-2024-54502' href='https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-54502'>CVE-2024-54502</a>
+  * Versions affected: WebKitGTK and WPE WebKit before 2.46.5.
+  * Credit to Brendon Tiszka of Google Project Zero.
+  * Impact: Processing maliciously crafted web content may lead to an unexpected process
+    crash Description: The issue was addressed with improved checks.
+  * WebKit Bugzilla: 281912
+
+* <a name='CVE-2024-54505' href='https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-54505'>CVE-2024-54505</a>
+  * Versions affected: WebKitGTK and WPE WebKit before 2.46.5.
+  * Credit to Gary Kwong.
+  * Impact: Processing maliciously crafted web content may lead to memory corruption
+    Description: A type confusion issue was addressed with improved memory handling.
+  * WebKit Bugzilla: 282661
+
+* <a name='CVE-2024-54508' href='https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-54508'>CVE-2024-54508</a>
+  * Versions affected: WebKitGTK and WPE WebKit before 2.46.5.
+  * Credit to linjy of HKUS3Lab and chluo of WHUSecLab, Xiangwei Zhang of Tencent Security YUNDING
+    LAB.
+  * Impact: Processing maliciously crafted web content may lead to an unexpected process
+    crash Description: The issue was addressed with improved memory handling.
+  * WebKit Bugzilla: 282180
+
+* <a name='CVE-2024-54534' href='https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-54534'>CVE-2024-54534</a>
+  * Versions affected: WebKitGTK and WPE WebKit before 2.46.0.
+  * Credit to Tashita Software Security.
+  * Impact: Processing maliciously crafted web content may lead to memory corruption
+    Description: The issue was addressed with improved memory handling.
+  * WebKit Bugzilla: 277967
+
+We recommend updating to the latest stable versions of WebKitGTK and WPE WebKit. It is the
+best way to ensure that you are running safe versions of WebKit. Please check our websites
+for information about the latest stable releases.
+
+Further information about WebKitGTK and WPE WebKit security advisories can be found at:
+[webkitgtk.org/security.html](https://webkitgtk.org/security.html) or
+[wpewebkit.org/security](https://wpewebkit.org/security).