site_archiver@lists.apple.com Delivered-To: security-announce@lists.apple.com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2005-05-09 iTunes 4.8 iTunes 4.8 is now available and, among other enhancements, delivers the following security improvement: CVE-ID: CAN-2005-1248 Impact: A buffer overflow in iTunes could cause a denial of service and lead to execution of arbitrary code Description: The MPEG4 file parsing code in iTunes versions prior to 4.8 contains a buffer overflow vulnerability. Parsing a maliciously-crafted MPEG4 file could cause iTunes to terminate or potentially execute arbitrary code. iTunes 4.8 addresses this issue by improving the validation checks used when loading MPEG4 files. Credit to Mark Litchfield of NGS Software for reporting this issue. iTunes 4.8 is freely available at http://www.apple.com/itunes/download/ for Mac OS X v10.2.8 or later, Microsoft Windows XP, and Microsoft Windows 2000 For Mac OS X: The download file is named: "iTunes4.8.dmg" Its SHA-1 digest is: 5a86f278f9f83192a7789ad123d5d62f67a6a316 For Windows 2000 or XP: The download file is named: "iTunesSetup.exe" Its SHA-1 digest is: 12582d193b27991c8f069331ab12d107c569bde2 Information will also be posted to the Apple Product Security web site: http://docs.info.apple.com/article.html?artnum=61798 This message is signed with Apple's Product Security PGP key, and details are available at: http://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: PGP 8.1 iQEVAwUBQn+6yYHaV5ucd/HdAQLYzQf/SDN1AnjwypPbB7UuNOeR3PnBSNyV+Z1k L+EwCmtafm1tx2G8m8wAX0WYJ+k79cFSxfA7A8LzVGcZwN7uYjf7JT7YDmOHiMGB rJFKakNmP5iSfRObSKXylfUkjBMhriiQyYzBrsbtIPjHo/HhD3UCcKcOX0/ghFJn WPow+OatAPQWMV2ieyEDL1Yxr42SknmZrCEndrGDisPiT204R5SV38vAF4PDafbm 0/fB24UW2TPfAa/Ga50hO3IGEusAeeCRl/VJFI9bOmDcHLAAajNh9zWODZ/3j49S nbiuGlzyf23lI2mdmSZ743DxeuojIahM9wpotpWdqKMTyej4/DkbkA== =T7Wp -----END PGP SIGNATURE----- _______________________________________________ Do not post admin requests to the list. They will be ignored. Security-announce mailing list (Security-announce@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/security-announce/site_archiver%40lis... This email sent to site_archiver@lists.apple.com