site_archiver@lists.apple.com Delivered-To: security-announce@lists.apple.com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2008-11-13 Safari 3.2 Safari 3.2 is now available and addresses the following issues: Safari CVE-ID: CVE-2005-2096 Available for: Windows XP or Vista Impact: Multiple vulnerabilities in zlib 1.2.2 Description: Multiple vulnerabilities exist in zlib 1.2.2, the most serious of which may lead to a denial of service. This update addresses the issues by updating to zlib 1.2.3. These issues do not affect Mac OS X systems. Credit to Robbie Joosten of bioinformatics@school, and David Gunnells of the University of Alabama at Birmingham for reporting these issues. Safari CVE-ID: CVE-2008-1767 Available for: Windows XP or Vista Impact: Processing an XML document may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow issue exists in the libxslt library. Viewing a maliciously crafted HTML page may lead to an unexpected application termination or arbitrary code execution. Further information on the patch applied is available via http://xmlsoft.org/XSLT/ This issue does not affect Mac OS X systems that have applied Security Update 2008-007. Credit to Anthony de Almeida Lopes of Outpost24 AB, and Chris Evans of the Google Security Team for reporting this issue. Safari CVE-ID: CVE-2008-3623 Available for: Windows XP or Vista Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow exists in CoreGraphics' handling of color spaces. Viewing a maliciously crafted image may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. Credit: Apple. Safari CVE-ID: CVE-2008-2327 Available for: Windows XP or Vista Impact: Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution Description: Multiple uninitialized memory access issues exist in libTIFF's handling of LZW-encoded TIFF images. Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through proper memory initialization and additional validation of TIFF images. This issue is addressed in systems running Mac OS X v10.5.5 or later, and in Mac OS X v10.4.11 systems that have applied Security Update 2008-006. Credit: Apple. Safari CVE-ID: CVE-2008-2332 Available for: Windows XP or Vista Impact: Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue exits in ImageIO's handling of TIFF images. Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved processing of TIFF images. This issue is addressed in systems running Mac OS X v10.5.5 or later, and in Mac OS X v10.4.11 systems that have applied Security Update 2008-006. Credit to Robert Swiecki of the Google Security Team for reporting this issue. Safari CVE-ID: CVE-2008-3608 Available for: Windows XP or Vista Impact: Viewing a large maliciously crafted JPEG image may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue exists in ImageIO's handling of embedded ICC profiles in JPEG images. Viewing a large maliciously crafted JPEG image may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved processing of ICC profiles. This issue is addressed in systems running Mac OS X v10.5.5 or later, and in Mac OS X v10.4.11 systems that have applied Security Update 2008-006. Credit: Apple. Safari CVE-ID: CVE-2008-3642 Available for: Windows XP or Vista Impact: Viewing a maliciously crafted image may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow exists in the handling of images with an embedded ICC profile. Opening a maliciously crafted image with an embedded ICC profile may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of ICC profiles in images. This issue does not affect Mac OS X systems that have applied Security Update 2008-007. Credit: Apple. Safari CVE-ID: CVE-2008-3644 Available for: Mac OS X v10.4.11, Mac OS X v10.5.5, Windows XP or Vista Impact: Sensitive information may be disclosed to a local console user Description: Disabling autocomplete on a form field may not prevent the data in the field from being stored in the browser page cache. This may lead to the disclosure of sensitive information to a local user. This update addresses the issue by properly clearing the form data. Credit to an anonymous researcher for reporting this issue. WebKit CVE-ID: CVE-2008-2303 Available for: Mac OS X v10.4.11, Mac OS X v10.5.5, Windows XP or Vista Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: A signedness issue in Safari's handling of JavaScript array indices may result in an out-of-bounds memory access. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of JavaScript array indices. Credit to SkyLined of Google for reporting this issue. WebKit CVE-ID: CVE-2008-2317 Available for: Mac OS X v10.4.11, Mac OS X v10.5.5, Windows XP or Vista Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue exists in WebCore's handling of style sheet elements. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved garbage collection. Credit to an anonymous researcher working with the TippingPoint Zero Day Initiative for reporting this issue. WebKit CVE-ID: CVE-2008-4216 Available for: Mac OS X v10.4.11, Mac OS X v10.5.5, Windows XP or Vista Impact: Visiting a maliciously crafted website may lead to the disclosure of sensitive information Description: WebKit's plug-in interface does not block plug-ins from launching local URLs. Visiting a maliciously crafted website may allow a remote attacker to launch local files in Safari, which may lead to the disclosure of sensitive information. This update addresses the issue by restricting the types of URLs that may be launched via the plug-in interface. Credit to Billy Rios of Microsoft, and Nitesh Dhanjani of Ernst & Young for reporting this issue. Safari 3.2 is available via the Apple Software Update application, or Apple's Safari download site at: http://www.apple.com/safari/download/ Safari for Mac OS X v10.5.5 The download file is named: "Safari3.2Leo.dmg" Its SHA-1 digest is: 540668ffd5e3a4727720b8687e05f7c43908424a Safari for Mac OS X v10.4.11 The download file is named: "Safari3.2Ti.dmg" Its SHA-1 digest is: 463619e89f421eceaed32ea5e9a48891ad8fdb4e Safari for Windows XP or Vista The download file is named: "SafariSetup.exe" Its SHA-1 digest is: 38be6fb56f20de8c312956cd0df40d39584bce53 Safari+QuickTime for Windows XP or Vista The file is named: "SafariQuickTimeSetup.exe" Its SHA-1 digest is: 6da9ca61479ce287cea476617253f6a93cbc6aa8 Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: http://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQEcBAEBAgAGBQJJHGGCAAoJEHkodeiKZIkBe7EH/iPYgXS6L/Lz614W00Zo5f8O CuyUiK7HZYoXaFjSvB/aYBkjHtrVKYZFGF2WLmgxFig65TchCCw5PoenU5rqUaWd pzytc1dyLxBOkqisky49SdzTsTkNT3jQWjJf9WJwMoD+s4btMVgHLDLI3WGfw3ct RcVIVrjDdgMsJ2ERnZ/R6Dxx9SB3RC3DBWCHaAgZawR8CeZdnj60M81BaDZ6Oma5 o6aNr7rUg0MfnEuqypxGVLwEHGHe9dUfs07sS/pTXvkk/7+CKNoTxe/8cOK3kuFZ RFV7rSJOWfUiG608FBvvbRO1z+4z215HGXBSPIZ5/wWThRczD3kcjWN8wv8FA/I= =klZG -----END PGP SIGNATURE----- _______________________________________________ Do not post admin requests to the list. They will be ignored. Security-announce mailing list (Security-announce@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/security-announce/site_archiver%40lis... This email sent to site_archiver@lists.apple.com