Date: Wed, 16 Sep 2015 11:05:31 -0700
From: Apple Product Security <product-security-noreply@...ts.apple.com>
To: security-announce@...ts.apple.com
Subject: [FD] APPLE-SA-2015-09-16-2 Xcode 7.0

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2015-09-16-2 Xcode 7.0

Xcode 7.0 is now available and addresses the following:

DevTools
Available for:  OS X Yosemite v10.10.4 or later
Impact:  An attacker may be able to bypass access restrictions
Description:  An API issue existed in the apache configuration. This
issue was addressed by updating header files to use the latest
version.
CVE-ID
CVE-2015-3185 : Branko Aibej of the Apache Software Foundation

IDE Xcode Server
Available for:  OS X Yosemite 10.10 or later
Impact:  An attacker may be able to access restricted parts of the
filesystem
Description:  A comparison issue existed in the node.js send module
prior to version 0.8.4. This issue was addressed by upgrading to
version 0.12.3.
CVE-ID
CVE-2014-6394 : Ilya Kantor

IDE Xcode Server
Available for:  OS X Yosemite v10.10.4 or later
Impact:  Multiple vulnerabilties in OpenSSL
Description:  Multiple vulnerabilties existed in the node.js OpenSSL
module prior to version 1.0.1j. These issues were addressed by
updating openssl to version 1.0.1j.
CVE-ID
CVE-2014-3513
CVE-2014-3566
CVE-2014-3567
CVE-2014-3568

IDE Xcode Server
Available for:  OS X Yosemite v10.10.4 or later
Impact:  An attacker with a privileged network position may be able
to inspect traffic to Xcode Server
Description:  Connections to Xcode Server may have been made without
encryption. This issue was addressed through improved network
connection logic.
CVE-ID
CVE-2015-5910 : an anonymous researcher

IDE Xcode Server
Available for:  OS X Yosemite v10.10.4 or later
Impact:  Build notifications may be sent to unintended recipients
Description:  An access issue existed in the handling of repository
email lists. This issue was addressed through improved validation.
CVE-ID
CVE-2015-5909 : Daniel Tomlinson of Rocket Apps, David Gatwood of
Anchorfree

subversion
Available for:  OS X Yosemite v10.10.4 or later
Impact:  Multiple vulnerabilities existed in svn versions prior to
1.7.19
Description:  Multiple vulnerabilities existed in svn versions prior
to 1.7.19. These issues were addressed by updating svn to version
1.7.20.
CVE-ID
CVE-2015-0248
CVE-2015-0251


Xcode 7.0 may be obtained from:
https://developer.apple.com/xcode/downloads/

To check that the Xcode has been updated:

* Select Xcode in the menu bar
* Select About Xcode
* The version after applying this update will be "7.0".

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJV+axlAAoJEBcWfLTuOo7tzuMQAJhCQaeClT0rDozh+WlKgM6f
X86xFeXLJ1gjlPKH183Bvm2gTW0m5kQuoNK1grarMB+rEeb8mPsOczwrIJisxVlr
5zkW/7JktHcsBU5vUa4j4T/CEJjp92VPZ4ub3k3eQOrhinn4E86uKcMxrYoQOAE0
YFMSDaPBFy+LIJ08ROB/AH8fkGJMLRCRAp43IGgzNuxCDx9jzW97m1dh86mR1CxP
GdhWRvN7T5YqXyJTw6pZbEHtVXjty8appe2ScvHByCRxa4gZq+/JinHInLjaB4p7
3o58rAWh7lDhcEi3HqkIu0YW6fLslPydCHTI4cH1PCHTuevNjjvK34IqMbD0jG/t
tO+vQFhwXpD5chsSB2oP2zLOWAJ7BA5uwvArkJhGKKzQ5DEI0soLBWG7Koe3RitO
HokIMyx0r+sf4YD+OP4RVPU9bU4FpayXZnECmHzWmK2vguihbIzjxq+Knvx7aiF9
js1Qn0DxT2puVYdhixtkvYKT7r8XRjI8MPLEwS+tX1Yg1Lqhz2G1MR6mO9iBW56L
g5deOuCVc56qeaobuUK0clvdFYtyd5jIXgh0zspZ4ssCbbdCOTZUQaG1mBGkIf3R
JgWTX8ny1Fdk9om3dmZVWUCzzqxJR/tm5M7kjGc425ZGaoBRWLga1VIjNz7MEfKS
YMBNmqt6weEewNqyDMnX
=SGgX
-----END PGP SIGNATURE-----


_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists