[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

APPLE-SA-2006-06-29 iTunes 6.0.5

Subject: APPLE-SA-2006-06-29 iTunes 6.0.5
From: Apple Product Security <email@hidden>
Date: Thu, 29 Jun 2006 12:20:52 -0700
Delivered-to: email@hidden
Delivered-to: email@hidden

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2006-06-29 iTunes 6.0.5

iTunes 6.0.5 is now available and, in addition to its other content,
fixes the following security issue:

CVE-ID:  CVE-2006-1467
Available for:  Mac OS X v10.2.8 or later, Windows XP / 2000
Impact:  An integer overflow in iTunes could cause a denial of
service or lead to the execution of arbitrary code
Description:  The AAC file parsing code in iTunes versions prior
to 6.0.5 contains an integer overflow vulnerability. Parsing a
maliciously-crafted AAC file could cause iTunes to terminate or
potentially execute arbitrary code. iTunes 6.0.5 addresses this
issue by improving the validation checks used when loading AAC
files. Credit to ATmaCA working with TippingPoint and the Zero Day
Initiative for reporting this issue.

iTunes 6.0.5 may be obtained from:
http://www.apple.com/itunes/download/

For Mac OS X:
The download file is named:  "iTunes6.0.5.dmg"
Its SHA-1 digest is:  668d53a8ca8126a852a470e4b9f7b13c0ecd3db3

For Windows 2000 or XP:
The download file is named:  "iTunesSetup.exe"
Its SHA-1 digest is:  0a82011b904e9fea33b1482deaea93094e008d96

Information will also be posted to the Apple Product Security
web site:
http://docs.info.apple.com/article.html?artnum=61798

This message is signed with Apple's Product Security PGP key,
and details are available at:
http://www.apple.com/support/security/pgp/


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.6 (Build 6060)

iQEVAwUBRKQn3omzP5/bU5rtAQiG8Qf+K+LYZD/PUTorONxQrCQyLUFNQhJlamQy
SL13vqin0o8ogAUQuleAxuwvBPKkopdPTNadkmuABMTXFD+uDv+CyDUE3Z+93rqf
d7cC6o1e/GPZIvxyhBkZNZ9R0KsXypxIJdWTGUYECpCtf1GoVtPHut1GTqbqr1h1
qKnjzMhEqtLAlc+kjbPEhB3plEI4ga0YjhYQBLHtpAfVYIvhfJJkhZpynfsMwzpj
QXYdUAMlglwjAKNk/JkNJ9TsG4xRGxKuL3WGPxzzOgb5sAcex+/yn0njrWMHLVbx
tauOneVnh9CLRTDeYEohk+H/LhUSspnvR7c/bKt2zIC/+RMHjx091w==
=ibCr
-----END PGP SIGNATURE-----

_______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/security-announce/email@hidden

This email sent to email@hidden

Prev by Date: APPLE-SA-2006-06-27 Mac OS X v10.4.7
Next by Date: APPLE-SA-2006-06-29 Mac OS X v10.4.7 package revision
Previous by thread: APPLE-SA-2006-06-27 Mac OS X v10.4.7
Next by thread: APPLE-SA-2006-06-29 Mac OS X v10.4.7 package revision
Index(es):
- Date
- Thread

Home