Security-announce

Download

security-announce@lists.apple.com

April 2008

1 participants
2 discussions

APPLE-SA-2008-04-16 Safari 3.1.1
by Apple Product Security 16 Apr '08

16 Apr '08

site_archiver(a)lists.apple.com Delivered-To: security-announce(a)lists.apple.com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2008-04-16 Safari 3.1.1 Safari 3.1.1 is now available and addresses the following issues: Safari CVE-ID: CVE-2007-2398 Available for: Windows XP or Vista Impact: A maliciously crafted website may control the contents of the address bar Description: A timing issue in Safari 3.1 allows a web page to change the contents of the address bar without loading the contents of the corresponding page. This could be used to spoof the contents of a legitimate site, allowing user credentials or other information to be gathered. This issue was addressed in Safari Beta 3.0.2, but reintroduced in Safari 3.1. This update addresses the issue by restoring the address bar contents if a request for a new web page is terminated. This issue does not affect Mac OS X systems. Safari CVE-ID: CVE-2008-1024 Available for: Windows XP or Vista Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue exists in Safari's file downloading. By enticing a user to download a file with a maliciously crafted name, an attacker may cause an unexpected application termination or arbitrary code execution. This update addresses the issue through improved handling of file downloads. This issue does not affect Mac OS X systems. WebKit CVE-ID: CVE-2008-1025 Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.2, Mac OS X Server v10.5.2, Windows XP or Vista Impact: Visiting a malicious website may result in cross-site scripting Description: An issue exists in WebKit's handling of URLs containing a colon character in the host name. Opening a maliciously crafted URL may lead to a cross-site scripting attack. This update addresses the issue through improved handling of URLs. Credit to Robert Swiecki of the Google Security Team, and David Bloom for reporting this issue. WebKit CVE-ID: CVE-2008-1026 Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.2, Mac OS X Server v10.5.2, Windows XP or Vista Impact: Viewing a maliciously crafted web page may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow exists in WebKit's handling of JavaScript regular expressions. The issue may be triggered via JavaScript when processing regular expressions with large, nested repetition counts. This may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of JavaScript regular expressions. Credit to Charlie Miller working with TippingPoint's Zero Day Initiative for reporting this issue. Safari 3.1.1 is available via the Apple Software Update application, or Apple's Safari download site at: http://www.apple.com/safari/download/ Safari for Mac OS X v10.5.2 The download file is named: "Safari311UpdLeo.dmg" Its SHA-1 digest is: b46cb76eab74f9af0a6eba6d2beaa5cdf7e3380f Safari for Mac OS X v10.4.11 The download file is named: "Safari311UpdTiger.dmg" Its SHA-1 digest is: 34f03fa4a7a44a33d78018255260c85dc341b12f Safari for Windows XP or Vista The download file is named: "SafariSetup.exe" Its SHA-1 digest is: dd813e7832b43245eb909850edf6d597c7c35761 Safari+QuickTime for Windows XP or Vista The file is named: "SafariQuickTimeSetup.exe" Its SHA-1 digest is: 926346ab21a79f8c9e99f694204fb159b385e7db Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: http://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: 9.7.0.1012 wsBVAwUBSAYzzcgAoqu4Rp5tAQhAIAgAhPVzMcnTRSz5wYV3kerYiay4+naJQliF imv8cp5XU4XBwX3jS+p2S7Mq1ON2GHYxcEsGpOConX7YrU/KTrDqVKMh7SVyhZQm 46gJ7EJVCgptUPta+UWRDMSzA+M7clcSJz2mKCEsiCyMK0VdKTkGdhwslvXkCssZ HXLtohjeDEzFqno1kKk87BvvxdJGpHRk4cMSvk0nlI/4kT+LkR6wpR4v8q14a+yi oBzJVRkCvSMP3e8fj2YugbOv7OYnUxTn+4LU0E/0+M7wjOWyZ7mgY6xDtnP4Da6P xYDLZW2EHalt9kQE/2bxZS/gXc2TSLZbO+NJNzAVErHdQyeDeXVe6w== =wZQE -----END PGP SIGNATURE----- _______________________________________________ Do not post admin requests to the list. They will be ignored. Security-announce mailing list (Security-announce(a)lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/security-announce/site_archiver%40li… This email sent to site_archiver(a)lists.apple.com

1 0

APPLE-SA-2008-04-02 QuickTime 7.4.5
by Apple Product Security 03 Apr '08

03 Apr '08

site_archiver(a)lists.apple.com Delivered-To: security-announce(a)lists.apple.com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2008-04-02 QuickTime 7.4.5 QuickTime 7.4.5 is now available and addresses the following issues: QuickTime CVE-ID: CVE-2008-1013 Available for: Mac OS X v10.3.9, Mac OS X v10.4.9 or later, Mac OS X v10.5 or later, Windows Vista, XP SP2 Impact: Untrusted Java applets may obtain elevated privileges Description: An implementation issue in QuickTime for Java allows untrusted Java applets to deserialize objects provided by QTJava. Visiting a web page containing a maliciously crafted Java applet could allow the disclosure of sensitive information, or arbitrary code execution with the privileges of the current user. This update addresses the issue by disabling the ability of untrusted Java applets to deserialize QTJava objects. Credit to Adam Gowdiak for reporting this issue. QuickTime CVE-ID: CVE-2008-1014 Available for: Mac OS X v10.3.9, Mac OS X v10.4.9 or later, Mac OS X v10.5 or later, Windows Vista, XP SP2 Impact: Downloading a movie file may lead to information disclosure Description: Specially crafted QuickTime movies can automatically open external URLs, which may lead to information disclosure. This update addresses the issue through improved handling of external URLs embedded in movie files. Credit to Jorge Escala of Open Tech Solutions, and Vinoo Thomas and Rahul Mohandas of McAfee Avert Labs for reporting this issue. QuickTime CVE-ID: CVE-2008-1015 Available for: Mac OS X v10.3.9, Mac OS X v10.4.9 or later, Mac OS X v10.5 or later, Windows Vista, XP SP2 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: An issue in QuickTime's handling of data reference atoms may result in a buffer overflow. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of data reference atoms. Credit to Chris Ries of Carnegie Mellon University Computing Services for reporting this issue. QuickTime CVE-ID: CVE-2008-1016 Available for: Mac OS X v10.3.9, Mac OS X v10.4.9 or later, Mac OS X v10.5 or later, Windows Vista, XP SP2 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue exists in QuickTime's handling of movie media tracks. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved validation of movie media tracks. QuickTime CVE-ID: CVE-2008-1017 Available for: Mac OS X v10.3.9, Mac OS X v10.4.9 or later, Mac OS X v10.5 or later, Windows Vista, XP SP2 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: An issue in QuickTime's parsing of 'crgn' atoms may result in a heap buffer overflow. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. Credit to Sanbin Li working with TippingPoint's Zero Day Initiative for reporting this issue. QuickTime CVE-ID: CVE-2008-1018 Available for: Mac OS X v10.3.9, Mac OS X v10.4.9 or later, Mac OS X v10.5 or later, Windows Vista, XP SP2 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: An issue in QuickTime's parsing of 'chan' atoms may result in a heap buffer overflow. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. Credit to an anonymous researcher working with TippingPoint's Zero Day Initiative for reporting this issue. QuickTime CVE-ID: CVE-2008-1019 Available for: Mac OS X v10.3.9, Mac OS X v10.4.9 or later, Mac OS X v10.5 or later, Windows Vista, XP SP2 Impact: Opening a maliciously crafted PICT image file may lead to an unexpected application termination or arbitrary code execution Description: An issue in QuickTime's handling of PICT records may result in a heap buffer overflow. Viewing a maliciously crafted PICT image file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. Credit to bugfree working with TippingPoint's Zero Day Initiative for reporting this issue. QuickTime CVE-ID: CVE-2008-1020 Available for: Windows Vista, XP SP2 Impact: Opening a maliciously crafted PICT image file may lead to an unexpected application termination or arbitrary code execution Description: An issue in QuickTime's handling of error messages during PICT images processing may result in a heap buffer overflow. Viewing a maliciously crafted PICT image may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. This issue does not affect Mac OS X systems. Credit to Ruben Santamarta of Reversemode.com working with TippingPoint's Zero Day Initiative for reporting this issue. QuickTime CVE-ID: CVE-2008-1021 Available for: Windows Vista, XP SP2 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: An issue in QuickTime's handling of Animation codec content may result in a heap buffer overflow. Viewing a maliciously crafted movie file with Animation codec content may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. This issue does not affect Mac OS X systems. Credit to an anonymous researcher working with TippingPoint's Zero Day Initiative for reporting this issue. QuickTime CVE-ID: CVE-2008-1022 Available for: Mac OS X v10.3.9, Mac OS X v10.4.9 or later, Mac OS X v10.5 or later, Windows Vista, XP SP2 Impact: Viewing a maliciously crafted QuickTime VR movie file may lead to an unexpected application termination or arbitrary code execution Description: An issue in QuickTime's parsing of 'obji' atoms may result in a stack buffer overflow. Viewing a maliciously crafted QuickTime VR movie file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. Credit to an anonymous researcher working with TippingPoint's Zero Day Initiative for reporting this issue. QuickTime CVE-ID: CVE-2008-1023 Available for: Windows Vista, XP SP2 Impact: Opening a maliciously crafted PICT image file may lead to an unexpected application termination or arbitrary code execution Description: An issue in QuickTime's parsing of the Clip opcode may result in a heap buffer overflow. Viewing a maliciously crafted PICT image file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. This issue does not affect Mac OS X systems. Credit to Wei Wang of McAfee AVERT labs for reporting this issue. QuickTime 7.4.5 may be obtained from the Software Update application, or from the Apple Downloads site: http://www.apple.com/support/downloads/ For Mac OS X v10.5 or later The download file is named: "QuickTime745Leopard.dmg" Its SHA-1 digest is: 764ec0031f18ef999a95c6b20f417f8d2c05a10f For Mac OS X v10.4.9 through Mac OS X v10.4.11 The download file is named: "QuickTime745Tiger.dmg" Its SHA-1 digest is: 60c9b3e205e4995324dc53b2a4500318fc994e6b For Mac OS X v10.3.9 The download file is named: "QuickTime745Panther.dmg" Its SHA-1 digest is: 2b3230fbb4dcd1436bf8856b87281915a654f821 For Windows Vista / XP SP2 The download file is named: "QuickTimeInstaller.exe" Its SHA-1 digest is: 4e507f48610f9a65be18b2c37ceead18da2d4c03 QuickTime with iTunes for Windows XP or Vista The download file is named: "iTunesSetup.exe" Its SHA-1 digest is: ff2a3c234d164f30f8b1d05297a49a55f3f4e8c0 Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: http://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: 9.7.0.1012 wsBVAwUBR/QkZ8gAoqu4Rp5tAQjS8AgAiIvel0OJnxEYU3+98HdKA9tlIOcMXcf/ YCxrZhL4LO5PPaAzbtDwb3zGTN0F5ELJ5NbONAoXSEGQKQIwZOmyHg9phEjYT84Y XGY9aIsJLd5g0+s2AXzElsbqhkV8N9nh2ynIuE2iT4WTBCaEWyIR5DeVxMG8ybki KNKybQRnxQOjPNXahO89u5oChI7fVzxL82ZDs5N5aBKlyYE9EU9Gc40uJHSo2AUz +d/EeDzWUNLf/tQlP7oTDO53QnqFXOaMDih/JZq4je+IhuTz4a2N6/TCdBGplexA aqg8FGxQy3YB67W3Nwy7wiuxBpVeEVfKybH4gZfr+blkhSvHgtErCw== =9Kfn -----END PGP SIGNATURE----- _______________________________________________ Do not post admin requests to the list. They will be ignored. Security-announce mailing list (Security-announce(a)lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/security-announce/site_archiver%40li… This email sent to site_archiver(a)lists.apple.com

1 0