[<prev] [next>] [day] [month] [year] [list]
Message-id: <11420CD2-1A68-454B-A202-5471F536C42D@lists.apple.com>
Date: Wed, 12 Oct 2011 11:34:20 -0700
From: Apple Product Security <product-security-noreply@...ts.apple.com>
To: security-announce@...ts.apple.com
Subject: APPLE-SA-2011-10-12-4 Safari 5.1.1
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2011-10-12-4 Safari 5.1.1
Safari 5.1.1 is now available and addresses the following:
Safari
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7.2, OS X Lion Server v10.7.2, Windows 7, Vista,
XP SP2 or later
Impact: Visiting a malicious website may cause the execution of
arbitrary Javascript in the context of installed Safari Extensions
Description: A directory traversal issue existed in the handling of
safari-extension:// URLs. Visiting a malicious website may cause
execution of arbitrary Javascript in the context of installed Safari
Extensions, which may have context-dependent ramifications including
files from the user's system being sent to a remote server.
CVE-ID
CVE-2011-3229 : Aaron Sigel of vtty.com
Safari
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7.2, OS X Lion Server v10.7.2
Impact: Visiting a malicious website may lead to arbitrary code
execution
Description: A policy issue existed in the handling of file:// URLs.
This issue does not affect Windows systems.
CVE-ID
CVE-2011-3230 : Aaron Sigel of vtty.com
Safari
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8
Impact: Visiting a malicious website may lead to arbitrary code
execution
Description: An uninitialized memory access issue existed in the
handling of SSL certificates. This issue does not affect OS X Lion
systems or Windows systems.
CVE-ID
CVE-2011-3231 : Jason Broccardo of Fermi National Accelerator
Laboratory
WebKit
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7.2, OS X Lion Server v10.7.2, Windows 7, Vista,
XP SP2 or later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in WebKit.
CVE-ID
CVE-2011-1440 : Jose A. Vazquez of spa-s3c.blogspot.com
CVE-2011-2338 : Abhishek Arya (Inferno) of Google Chrome Security
Team using AddressSanitizer
CVE-2011-2339 : Cris Neckar of the Google Chrome Security Team
CVE-2011-2341 : Apple
CVE-2011-2351 : miaubiz
CVE-2011-2352 : Apple
CVE-2011-2354 : Apple
CVE-2011-2356 : Adam Barth and Abhishek Arya of Google Chrome
Security Team using AddressSanitizer
CVE-2011-2359 : miaubiz
CVE-2011-2788 : Mikolaj Malecki of Samsung
CVE-2011-2790 : miaubiz
CVE-2011-2792 : miaubiz
CVE-2011-2797 : miaubiz
CVE-2011-2799 : miaubiz
CVE-2011-2809 : Abhishek Arya (Inferno) of Google Chrome Security
Team
CVE-2011-2811 : Apple
CVE-2011-2813 : Cris Neckar of Google Chrome Security Team using
AddressSanitizer
CVE-2011-2814 : Abhishek Arya (Inferno) of Google Chrome Security
Team using AddressSanitizer
CVE-2011-2815 : SkyLined of Google Chrome Security Team
CVE-2011-2816 : Apple
CVE-2011-2817 : Abhishek Arya (Inferno) of Google Chrome Security
Team using AddressSanitizer
CVE-2011-2818 : Martin Barbella
CVE-2011-2820 : Raman Tenneti and Philip Rogers of Google
CVE-2011-2823 : SkyLined of Google Chrome Security Team
CVE-2011-2827 : miaubiz
CVE-2011-2831 : Abhishek Arya (Inferno) of Google Chrome Security
Team using AddressSanitizer
CVE-2011-3232 : Aki Helin of OUSPG
CVE-2011-3233 : Sadrul Habib Chowdhury of the Chromium development
community, Cris Neckar and Abhishek Arya (Inferno) of Google Chrome
Security Team
CVE-2011-3234 : miaubiz
CVE-2011-3235 : Dimitri Glazkov, Kent Tamura, Dominic Cooney of the
Chromium development community, and Abhishek Arya (Inferno) of Google
Chrome Security Team
CVE-2011-3236 : Abhishek Arya (Inferno) of Google Chrome Security
Team using AddressSanitizer
CVE-2011-3237 : Dimitri Glazkov, Kent Tamura, Dominic Cooney of the
Chromium development community, and Abhishek Arya (Inferno) of Google
Chrome Security Team
CVE-2011-3238 : Martin Barbella
CVE-2011-3239 : Slawomir Blazek
CVE-2011-3241 : Apple
WebKit
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7.2, OS X Lion Server v10.7.2, Windows 7, Vista,
XP SP2 or later
Impact: A maliciously crafted website may be able to track the URLs
that a user visits within a frame
Description: A cross-origin issue existed in the handling of the
beforeload event.
CVE-ID
CVE-2011-2800 : Juho Nurminen
WebKit
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7.2, OS X Lion Server v10.7.2, Windows 7, Vista,
XP SP2 or later
Impact: Visiting a maliciously crafted website may lead to a cross-
site scripting attack
Description: A cross-origin issue existed in the handling of the
window.open method.
CVE-ID
CVE-2011-2805 : Sergey Glazunov
WebKit
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7.2, OS X Lion Server v10.7.2, Windows 7, Vista,
XP SP2 or later
Impact: Visiting a maliciously crafted website may lead to a cross-
site scripting attack
Description: A cross-origin issue existed in the handling of the
document.documentURI property.
CVE-ID
CVE-2011-2819 : Sergey Glazunov
WebKit
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7.2, OS X Lion Server v10.7.2, Windows 7, Vista,
XP SP2 or later
Impact: Visiting a maliciously crafted website may lead to a cross-
site scripting attack
Description: A cross-origin issue existed in the handling of
inactive DOM windows.
CVE-ID
CVE-2011-3243 : Sergey Glazunov
WebKit
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7.2, OS X Lion Server v10.7.2
Impact: In Private Browsing mode, cookies may be set even if "Block
cookies" is set to "Always"
Description: A logic issue existed in the handling of cookies in
Private Browsing mode. This issue does not affect Windows systems.
CVE-ID
CVE-2011-3242 : John Adamczyk
Safari 5.1.1 is available via the Apple Software Update
application, or Apple's Safari download site at:
http://www.apple.com/safari/download/
Safari for OS X Lion v10.7.2
The download file is named: Safari5.1.1Lion.dmg
Its SHA-1 digest is: 368113397d35475a0a4d0b0dbf3b31f543cfb4c5
Safari for Mac OS X v10.6.8
The download file is named: Safari5.1.1SnowLeopard.dmg
Its SHA-1 digest is: 4c588d86032ab24984b721354748f028b559fb37
Safari for Windows 7, Vista or XP
The download file is named: SafariSetup.exe
Its SHA-1 digest is: 5a2d3e0c0e601938f1d64d517e6a8199cd563d10
Safari for Windows 7, Vista or XP from the Microsoft Choice Screen
The download file is named: Safari_Setup.exe
Its SHA-1 digest is: f0094f19b7a6b0a96a4fe6407b0037223ae44b15
Safari+QuickTime for Windows 7, Vista or XP
The file is named: SafariQuickTimeSetup.exe
Its SHA-1 digest is: 3dbfe52e5be6409d0ad1fcb22e747963e10db218
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.16 (Darwin)
iQEcBAEBAgAGBQJOlLv6AAoJEGnF2JsdZQeeqOUH/RWDBq5xXEegxI+N92+9lB42
J6ZBcO8rrigAhYz59ZJG0NF8VGZI0DSFI+dxC8XeoKfiamvkaZo1lYGLdqWiTkxz
6ODprWbfGVcwFd9rNeCbIc9E5FV0SRbS1xCv+JnrwR2i2raqgAEWc4CpAcH5mgqT
5G2cWhwS8EMUNXZz/C0IjkfNBAjQ2c9BHVHj0Wid5vyXutju3WOcBXwqcbTpNANI
NiVHf5ucaRep6110riIYazuCdFLCcwZDaySw2n2ZhelliTz1tpCa7uVoJfZjyeyw
xwY/QjLDBTSpUYDTPC//XG7ZswptKHFjrX4KtxD9XTltq5wNGJavJzKf2qa4jrM=
=ZXdu
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists