site_archiver@lists.apple.com Delivered-To: security-announce@lists.apple.com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2006-10-31 Xcode Tools 2.4.1 Xcode Tools 2.4.1 is now available. Along with functionality improvements (see release notes), it also fixes the following security issue: GDB CVE-ID: CVE-2006-4146 Available for: Mac OS X v10.4 and later Impact: Opening a maliciously-crafted DWARF binary with GDB may lead to arbitrary code execution Description: GDB, the GNU Debugger, is susceptible to multiple vulnerabilities that may lead to arbitrary code execution when loading maliciously-crafted DWARF binaries. This update addresses the issues by performing additional validation while handling DWARF binaries. Credit to Will Drewry and Tavis Ormandy of the Google Security Team for reporting this issue. Xcode Tools 2.4.1 may be obtained from: http://developer.apple.com/tools/download/ The download file is named: "xcode_2.4.1_8m1910_6936315.dmg" Its SHA-1 digest is: 15204bc175c68c62045521c2b8df00760d1c4efc Information will also be posted to the Apple Product Security web site: http://docs.info.apple.com/article.html?artnum=61798 This message is signed with Apple's Product Security PGP key, and details are available at: http://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQEVAwUBRUfuLomzP5/bU5rtAQitAQgAgcJZv+go8gA2z7p1IC4nS0DIlEnHMp3O IrCNqh5YCS104sJEP/Hqv6WegyyVQL7DD6VAj+ugENol233eRgGpzcLdx+LGIdLh Vyg1HsvmeZJ5b6oEa0Rsl/wZomlt2ADNtlgWdzISbCMIGch0Chd2jRvvO5K8wbCZ KEp9HpbBzsiVdiirx598DpgE3GHNAVEQ2APhxlN87Txl25Azfq4nFeAJmsXlFMVA r0IRpAOkYk97EMXbx2EsD1OgIJ+27y67Lpy44/zqPqcuoxcxAoBZKtUHy5rJrivK BeAVN8v4ZbTa9xWL/x97nGMmYnj8r7lcNWqN4/KIfbcRtxZekBRn5g== =guST -----END PGP SIGNATURE----- _______________________________________________ Do not post admin requests to the list. They will be ignored. Security-announce mailing list (Security-announce@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/security-announce/site_archiver%40lis... This email sent to site_archiver@lists.apple.com