| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 21 May 2014 13:48:16 -0700
From: Apple Product Security <product-security-noreply@...ts.apple.com>
To: security-announce@...ts.apple.com
Subject: APPLE-SA-2014-05-21-1 Safari 6.1.4 and Safari 7.0.4
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2014-05-21-1 Safari 6.1.4 and Safari 7.0.4
Safari 6.1.4 and Safari 7.0.4 are now available and address the
following:
WebKit
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.3
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in WebKit.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2013-2875 : miaubiz
CVE-2013-2927 : cloudfuzzer
CVE-2014-1323 : banty
CVE-2014-1324 : Google Chrome Security Team
CVE-2014-1326 : Apple
CVE-2014-1327 : Google Chrome Security Team, Apple
CVE-2014-1329 : Google Chrome Security Team
CVE-2014-1330 : Google Chrome Security Team
CVE-2014-1331 : cloudfuzzer
CVE-2014-1333 : Google Chrome Security Team
CVE-2014-1334 : Apple
CVE-2014-1335 : Google Chrome Security Team
CVE-2014-1336 : Apple
CVE-2014-1337 : Apple
CVE-2014-1338 : Google Chrome Security Team
CVE-2014-1339 : Atte Kettunen of OUSPG
CVE-2014-1341 : Google Chrome Security Team
CVE-2014-1342 : Apple
CVE-2014-1343 : Google Chrome Security Team
CVE-2014-1344 : Ian Beer of Google Project Zero
CVE-2014-1731 : an anonymous member of the Blink development
community
WebKit
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.3
Impact: A malicious site can send messages to a connected frame or
window in a way that might circumvent the receiver's origin check
Description: An encoding issue existed in the handling of unicode
characters in URLs. A maliciously crafted URL could have led to
sending an incorrect postMessage origin. This issue was addressed
through improved encoding/decoding.
CVE-ID
CVE-2014-1346 : Erling Ellingsen of Facebook
For OS X Mavericks and OS X Mountain Lion systems, Safari 7.0.4
and Safari 6.1.4 may be obtained from Mac App Store.
For OS X Lion systems Safari 6.1.4 is available via the Apple
Software Update application.
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJTe6ELAAoJEBcWfLTuOo7tonoP/igNIR7SZEkRvtHHjHIqR2U5
a28aYgzjkALSYDppREpWPMIovnYKZAONabRMJ0r/3LFyl4juBSOsVyBCbUBg8Fpp
GFCsc7x0jva8g1DtPtk/B299GXPBi8fOhEwUIilgTo0+y7ExrgA9wUjCdlWHwPQs
Edbra42Q+52KU+NxWjyeJiPkBIy57p5P0XVnnS3tIxRLHxRed9O8GoNUHcwLhihd
dV5NOBEUvW5Gy2yEhJLZIa64aPOPG3Rz7EA/0zCRiiusLyIGVdyTaOnL4AlHrgh8
BiiAgx3xFUqYiBqCnxAO3gy3CRWhmKukesDKIPmaV27E0cFQ+FkI990oCh8ZSCZg
hi4q5j34mp44Uhr0O068hQyPaA70GAiUVgT/pB7fVS9Z9U0EOPhIvn1IybROP/44
ces9VWOzx9pjzR7OxRmk05mRijnlIQHNzSJp3/DpREDX1DvJxD2vfk8cYFPdweNR
VPFs3acbgOMCpjPLGM3S5HdY/a2UWxolvwR13AnCQ0mFkiD6FsO3z2sgtHdnMkNi
XNW7RMf/7+JesXcNiXYde5iDqE15OPTSWuiYNUHCz9WvSlJmOOSDAZ7F3YBWr+FR
tMEB/TGWZiQmacNiGkY1F4YgF5SqeAHGYeJ2amSycO90+vTU+FLWPCiTWesmu1tG
n/lA21kfHgTURqYVT+xA
=kSr/
-----END PGP SIGNATURE-----
Download attachment "signature.asc" of type "application/pgp-signature" (842 bytes)
Powered by blists - more mailing lists