site_archiver@lists.apple.com Delivered-To: security-announce@lists.apple.com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2011-03-09-3 Apple TV 4.2 Apple TV 4.2 is now available and addresses the following: Apple TV Available for: Apple TV 4.0 and 4.1 Impact: Multiple vulnerabilities in FreeType Description: Multiple vulnerabilities existed in FreeType, the most serious of which may lead to arbitrary code execution when processing a maliciously crafted font. These issues are addressed by updating FreeType to version 2.4.3. Further information is available via the FreeType site at http://www.freetype.org/ CVE-ID CVE-2010-3855 Apple TV Available for: Apple TV 4.0 and 4.1 Impact: Viewing a maliciously crafted TIFF image may result in an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in libTIFF's handling of JPEG encoded TIFF images. Viewing a maliciously crafted TIFF image may result in an unexpected application termination or arbitrary code execution. CVE-ID CVE-2011-0191 : Apple Apple TV Available for: Apple TV 4.0 and 4.1 Impact: Viewing a maliciously crafted TIFF image may result in an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in libTIFF's handling of CCITT Group 4 encoded TIFF images. Viewing a maliciously crafted TIFF image may result in an unexpected application termination or arbitrary code execution. CVE-ID CVE-2011-0192 : Apple Apple TV Available for: Apple TV 4.0 and 4.1 Impact: A server may be able to identify a device across connections Description: The IPv6 address chosen by the device contains the device's MAC address when using stateless address autoconfiguration (SLAAC). An IPv6 enabled server contacted by the device can use the address to track the device across connections. This update implements the IPv6 extension described in RFC 3041 by adding a temporary random address used for outgoing connections. Apple TV Available for: Apple TV 4.0 and 4.1 Impact: When connected to Wi-Fi, an attacker on the same network may be able to cause a device reset Description: A bounds checking issue existed in the handling of Wi- Fi frames. When connected to Wi-Fi, an attacker on the same network may be able to cause a device reset. CVE-ID CVE-2011-0162 : Scott Boyd of ePlus Technology, inc. Installation note: Apple TV will periodically check for software updates. Alternatively, you may manually check for software updates by selecting "Settings -> General -> Update Software". To check the current version of software, select "Settings -> General -> About". Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (Darwin) iQEcBAEBAgAGBQJNd8WoAAoJEGnF2JsdZQeevPsH/REvcVz6j5yjPW/EV3nesBvM RQkUYR0GUtoZk5f8qB15e9H8rCKNuC2oqiPGxq+wv4htPnQE1FQ/2//ambhZqkUL dNsCExTH6Szl0CAaM6IqzkpOGM5eFGNW2lO5cmUP8+mx/ocUwxHu2osKY1/fv5qO FnWDDM4VeGM9Qb+Cs3cM1kOebv+st0d90lON+z6xd5NljIFgh7S42ll8NZPm5M2R +PM53p/7/BJ4gLsP4kagOe35Ceh2HVcp5SGXGOwf1hHkwWvl+/9V0OFw+tfuw75e YwmOa7TVzEXWCLtbEa/g21ngJOxB4ItpLwO910SEYTL6dLMxIozezQjhfJuxXE8= =hQze -----END PGP SIGNATURE----- _______________________________________________ Do not post admin requests to the list. They will be ignored. Security-announce mailing list (Security-announce@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/security-announce/site_archiver%40lis... This email sent to site_archiver@lists.apple.com