[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

APPLE-SA-2005-01-11 iTunes 4.7.1

Subject: APPLE-SA-2005-01-11 iTunes 4.7.1
From: Apple Product Security <email@hidden>
Date: Tue, 11 Jan 2005 12:00:00 -0800
Delivered-to: email@hidden
Delivered-to: email@hidden

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2005-01-11 iTunes 4.7.1

iTunes 4.7.1 is now available and delivers the following security
enhancement:

CVE-ID:  CAN-2005-0043

Impact:  Malicious playlists can cause iTunes to crash and could
execute arbitrary code

Description:  iTunes supports several common playlist formats.
iTunes 4.7.1 fixes a buffer overflow in the parsing of m3u and pls
playlist files that could allow earlier versions of iTunes to crash
and execute arbitrary code.  Credit to Sean de Regge
(seanderegge[at]hotmail.com) for discovering this issue, and to
iDEFENSE Labs for reporting it to us.

Available for:  Mac OS X, Microsoft Windows XP, Microsoft Windows
2000

iTunes 4.7.1 may be obtained from the Software Update pane in System
Preferences, or Apple's iTunes download site:
http://www.apple.com/itunes/download/

The download file is named: "iTunes4.7.1.dmg"
Its SHA-1 digest is:  2ae8c815f18756c24dfbc1ac7d837b75b828b92a

Information will also be posted to the Apple Product Security
web site:
http://docs.info.apple.com/article.html?artnum=61798

This message is signed with Apple's Product Security PGP key,
and details are available at:
http://www.apple.com/support/security/security_pgp.html

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQEVAwUBQeQviJyw5owIz4TQAQIMrgf/fYmI5LZy5DM5a61kbXgnzq5OpQQPaidH
disRa8UbjGrr+sSvEytQaxgO5vbDsZWgDGYeeaHTUeyiBdznO/b7X9moUC0uXEtC
/a/CC2219AYeoQLJCMWhiIbrkL3OQ8QHoV3KaMlcg98tHgsrZKg1ssqEZszkjNrV
Jj1dm3hYn2/DHPqzhGy2+l4Lp/8Bdg2VwXJjCLrqD6cgcSAX0HVdVq+CM2VQ1DGH
O9PjkspNxoTR2iV0VbJdc+q/Mi1HXlouNaURgR01oBYGqZoQ2mxYGMLIthgVoyri
E/c5iyPq4lwDnhyjii4fajLO/3BW6MY7RVoNWv2ipYjVi1RPQ6d6iQ==
=SryY
-----END PGP SIGNATURE-----

_______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/security-announce/email@hidden

This email sent to email@hidden

Next by Date: APPLE-SA-2005-01-25 Security Update 2005-001
Next by thread: APPLE-SA-2005-01-25 Security Update 2005-001
Index(es):
- Date
- Thread

Home