lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20050111222152.GB17621@securityfocus.com>
Date: Tue, 11 Jan 2005 15:21:52 -0700
From: David Ahmad <da@...urityfocus.com>
To: bugtraq@...urityfocus.com
Subject: Fwd: APPLE-SA-2005-01-11 iTunes 4.7.1


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2005-01-11 iTunes 4.7.1

iTunes 4.7.1 is now available and delivers the following security
enhancement:

CVE-ID:  CAN-2005-0043

Impact:  Malicious playlists can cause iTunes to crash and could
execute arbitrary code

Description:  iTunes supports several common playlist formats.
iTunes 4.7.1 fixes a buffer overflow in the parsing of m3u and pls
playlist files that could allow earlier versions of iTunes to crash
and execute arbitrary code.  Credit to Sean de Regge
(seanderegge[at]hotmail.com) for discovering this issue, and to
iDEFENSE Labs for reporting it to us.

Available for:  Mac OS X, Microsoft Windows XP, Microsoft Windows
2000

iTunes 4.7.1 may be obtained from the Software Update pane in System
Preferences, or Apple's iTunes download site:
http://www.apple.com/itunes/download/

The download file is named: "iTunes4.7.1.dmg"
Its SHA-1 digest is:  2ae8c815f18756c24dfbc1ac7d837b75b828b92a

Information will also be posted to the Apple Product Security
web site:
http://docs.info.apple.com/article.html?artnum=61798

This message is signed with Apple's Product Security PGP key,
and details are available at:
http://www.apple.com/support/security/security_pgp.html

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQEVAwUBQeQviJyw5owIz4TQAQIMrgf/fYmI5LZy5DM5a61kbXgnzq5OpQQPaidH
disRa8UbjGrr+sSvEytQaxgO5vbDsZWgDGYeeaHTUeyiBdznO/b7X9moUC0uXEtC
/a/CC2219AYeoQLJCMWhiIbrkL3OQ8QHoV3KaMlcg98tHgsrZKg1ssqEZszkjNrV
Jj1dm3hYn2/DHPqzhGy2+l4Lp/8Bdg2VwXJjCLrqD6cgcSAX0HVdVq+CM2VQ1DGH
O9PjkspNxoTR2iV0VbJdc+q/Mi1HXlouNaURgR01oBYGqZoQ2mxYGMLIthgVoyri
E/c5iyPq4lwDnhyjii4fajLO/3BW6MY7RVoNWv2ipYjVi1RPQ6d6iQ==
=SryY
-----END PGP SIGNATURE-----

-- 
David Mirza Ahmad
Symantec 

PGP: 0x26005712
8D 9A B1 33 82 3D B3 D0 40 EB  AB F0 1E 67 C6 1A 26 00 57 12


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ