Release: WSA-2024-0003

Igalia · May 21, 2024 · 553d80f · 553d80f
1 parent 74fed43
commit 553d80f
Showing 1 changed file with 30 additions and 0 deletions.
diff --git a/security/2024-05-21-security-advisory-2024-0003.md b/security/2024-05-21-security-advisory-2024-0003.md
@@ -0,0 +1,30 @@
+---
+layout: post
+title: WebKitGTK and WPE WebKit Security Advisory WSA-2024-0003
+permalink: /security/WSA-2024-0003.html
+tags: WSA
+---
+
+* Date Reported: **May 21, 2024**
+
+* Advisory ID: **WSA-2024-0003**
+
+* CVE identifiers: [CVE-2024-27834](#CVE-2024-27834)
+
+
+Several vulnerabilities were discovered in WebKitGTK and WPE WebKit.
+
+* <a name='CVE-2024-27834' href='https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27834'>CVE-2024-27834</a>
+  * Versions affected: WebKitGTK and WPE WebKit before 2.44.2.
+  * Credit to Manfred Paul working with Trend Micro's Zero Day Initiative.
+  * Impact: An attacker with arbitrary read and write capability may be able to bypass
+    Pointer Authentication. Description: The issue was addressed with improved checks.
+  * WebKit Bugzilla: 272750
+
+We recommend updating to the latest stable versions of WebKitGTK and WPE WebKit. It is the
+best way to ensure that you are running safe versions of WebKit. Please check our websites
+for information about the latest stable releases.
+
+Further information about WebKitGTK and WPE WebKit security advisories can be found at:
+[webkitgtk.org/security.html](https://webkitgtk.org/security.html) or
+[wpewebkit.org/security](https://wpewebkit.org/security).