site_archiver@lists.apple.com Delivered-To: security-announce@lists.apple.com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2007-10-30 Xcode 2.5 Developer Tools Xcode 2.5 Developer Tools is now available and addresses the following issues: gdb CVE-ID: CVE-2006-2362 Available for: Mac OS X v10.4.x, Mac OS X v10.5 Impact: Processing a file with maliciously crafted TekHex content may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow exists in gdb's handling of files with Tektronix Hex Format (TekHex) content. By enticing a user to run gdb's "restore" command on a maliciously crafted TekHex file, an attacker may cause an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of TekHex records. WebObjects CVE-ID: CVE-2006-5327, CVE-2006-5328 Available for: Mac OS X v10.4.x, Mac OS X v10.5 Impact: An uprivileged local user may be able to obtain system privileges Description: The Xcode WebObjects package contains a demo version of OpenBase for use with WebObjects example code. This demo version of OpenBase may allow a local user to obtain system privileges. This update addresses the issue by disabling the Apple-provided demo version of OpenBase. Credit to Kevin Finisterre of Netragard for reporting these issues. Xcode 2.5 Developer Tools may be obtained from the Apple Developer web site: http://developer.apple.com/tools/download/ Login is required, and membership is free. The download file is named: "xcode25_8m2558_developerdvd.dmg" Its SHA-1 digest is: 30884704b0a4b098f02ccbb753958cd5331b8982 Information will also be posted to the Apple Product Security web site: http://docs.info.apple.com/article.html?artnum=61798 This message is signed with Apple's Product Security PGP key, and details are available at: http://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.3 (Build 2932) iQEVAwUBRyer9cgAoqu4Rp5tAQgP6wf/dUDjYS9SYVa0nNM16LtUIi9eHEFSwxus eRNxLoKRpOx9SZbOtoYiPlJOCubMdsV30fEU895c/TYqt6ZWc+9YKq/F7Jz7qdNN GBLY6qC1h+tFwUr92hu7H8WZ9wZP1CaI5SO+KQd58HuMNq7L/ywRFfiFX3IVmmY7 zBU2jo/sOGKA/lbirnFRYbK0V9xT0ElPjVjbH79dJhmwM1QOqIe0SiEO2Edq3w3A 2qAasLDGkGpthtTKADgF9cNjVXf0i7si0pST/bkbrWipmoh4Ml2JDmy+sTnCijEt IByh8HhjSd1t9EOL2OmMvKDhTcDfkA7ZwC8O8vwmFE+2Jkww4X8FzQ== =AxY1 -----END PGP SIGNATURE----- _______________________________________________ Do not post admin requests to the list. They will be ignored. Security-announce mailing list (Security-announce@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/security-announce/site_archiver%40lis... This email sent to site_archiver@lists.apple.com