[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

APPLE-SA-2007-10-30 Xcode 2.5 Developer Tools

Subject: APPLE-SA-2007-10-30 Xcode 2.5 Developer Tools
From: Apple Product Security <email@hidden>
Date: Tue, 30 Oct 2007 15:13:10 -0700
Delivered-to: email@hidden
Delivered-to: email@hidden

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2007-10-30 Xcode 2.5 Developer Tools

Xcode 2.5 Developer Tools is now available and addresses the
following issues:

gdb
CVE-ID:  CVE-2006-2362
Available for:  Mac OS X v10.4.x, Mac OS X v10.5
Impact:  Processing a file with maliciously crafted TekHex content
may lead to an unexpected application termination or arbitrary code
execution
Description:  A buffer overflow exists in gdb's handling of files
with Tektronix Hex Format (TekHex) content. By enticing a user to run
gdb's "restore" command on a maliciously crafted TekHex file, an
attacker may cause an unexpected application termination or arbitrary
code execution. This update addresses the issue by performing
additional validation of TekHex records.

WebObjects
CVE-ID:  CVE-2006-5327, CVE-2006-5328
Available for:  Mac OS X v10.4.x, Mac OS X v10.5
Impact:  An uprivileged local user may be able to obtain system
privileges
Description:  The Xcode WebObjects package contains a demo version of
OpenBase for use with WebObjects example code. This demo version of
OpenBase may allow a local user to obtain system privileges. This
update addresses the issue by disabling the Apple-provided demo
version of OpenBase. Credit to Kevin Finisterre of Netragard for
reporting these issues.

Xcode 2.5 Developer Tools may be obtained from the Apple Developer
web site:
http://developer.apple.com/tools/download/
Login is required, and membership is free.

The download file is named:  "xcode25_8m2558_developerdvd.dmg"
Its SHA-1 digest is:  30884704b0a4b098f02ccbb753958cd5331b8982

Information will also be posted to the Apple Product Security
web site:
http://docs.info.apple.com/article.html?artnum=61798

This message is signed with Apple's Product Security PGP key,
and details are available at:
http://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.3 (Build 2932)

iQEVAwUBRyer9cgAoqu4Rp5tAQgP6wf/dUDjYS9SYVa0nNM16LtUIi9eHEFSwxus
eRNxLoKRpOx9SZbOtoYiPlJOCubMdsV30fEU895c/TYqt6ZWc+9YKq/F7Jz7qdNN
GBLY6qC1h+tFwUr92hu7H8WZ9wZP1CaI5SO+KQd58HuMNq7L/ywRFfiFX3IVmmY7
zBU2jo/sOGKA/lbirnFRYbK0V9xT0ElPjVjbH79dJhmwM1QOqIe0SiEO2Edq3w3A
2qAasLDGkGpthtTKADgF9cNjVXf0i7si0pST/bkbrWipmoh4Ml2JDmy+sTnCijEt
IByh8HhjSd1t9EOL2OmMvKDhTcDfkA7ZwC8O8vwmFE+2Jkww4X8FzQ==
=AxY1
-----END PGP SIGNATURE-----

_______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/security-announce/email@hidden

This email sent to email@hidden

Prev by Date: APPLE-SA-2007-10-03 Security Update for QuickTime 7.2
Previous by thread: APPLE-SA-2007-10-03 Security Update for QuickTime 7.2
Index(es):
- Date
- Thread

Home