APPLE-SA-2005-01-11 iTunes 4.7.1
APPLE-SA-2005-01-11 iTunes 4.7.1
- Subject: APPLE-SA-2005-01-11 iTunes 4.7.1
- From: Apple Product Security <email@hidden>
- Date: Tue, 11 Jan 2005 12:00:00 -0800
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2005-01-11 iTunes 4.7.1
iTunes 4.7.1 is now available and delivers the following security
enhancement:
CVE-ID: CAN-2005-0043
Impact: Malicious playlists can cause iTunes to crash and could
execute arbitrary code
Description: iTunes supports several common playlist formats.
iTunes 4.7.1 fixes a buffer overflow in the parsing of m3u and pls
playlist files that could allow earlier versions of iTunes to crash
and execute arbitrary code. Credit to Sean de Regge
(seanderegge[at]hotmail.com) for discovering this issue, and to
iDEFENSE Labs for reporting it to us.
Available for: Mac OS X, Microsoft Windows XP, Microsoft Windows
2000
iTunes 4.7.1 may be obtained from the Software Update pane in System
Preferences, or Apple's iTunes download site:
http://www.apple.com/itunes/download/
The download file is named: "iTunes4.7.1.dmg"
Its SHA-1 digest is: 2ae8c815f18756c24dfbc1ac7d837b75b828b92a
Information will also be posted to the Apple Product Security
web site:
http://docs.info.apple.com/article.html?artnum=61798
This message is signed with Apple's Product Security PGP key,
and details are available at:
http://www.apple.com/support/security/security_pgp.html
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1
iQEVAwUBQeQviJyw5owIz4TQAQIMrgf/fYmI5LZy5DM5a61kbXgnzq5OpQQPaidH
disRa8UbjGrr+sSvEytQaxgO5vbDsZWgDGYeeaHTUeyiBdznO/b7X9moUC0uXEtC
/a/CC2219AYeoQLJCMWhiIbrkL3OQ8QHoV3KaMlcg98tHgsrZKg1ssqEZszkjNrV
Jj1dm3hYn2/DHPqzhGy2+l4Lp/8Bdg2VwXJjCLrqD6cgcSAX0HVdVq+CM2VQ1DGH
O9PjkspNxoTR2iV0VbJdc+q/Mi1HXlouNaURgR01oBYGqZoQ2mxYGMLIthgVoyri
E/c5iyPq4lwDnhyjii4fajLO/3BW6MY7RVoNWv2ipYjVi1RPQ6d6iQ==
=SryY
-----END PGP SIGNATURE-----
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden