lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-id: <77D03844-56E1-4D06-B513-56AFC61CA34F@lists.apple.com>
Date: Thu, 29 Nov 2012 11:34:11 -0800
From: Apple Product Security <product-security-noreply@...ts.apple.com>
To: security-announce@...ts.apple.com
Subject: APPLE-SA-2012-11-29-1 Apple TV 5.1.1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2012-11-29-1 Apple TV 5.1.1

Apple TV 5.1.1 is now available and addresses the following:

Apple TV
Available for:  Apple TV 2nd generation and later
Impact:  Compromised applications may be able to determine addresses
in the kernel
Description:  An information disclosure issue existed in the handling
of APIs related to kernel extensions. Responses containing a
OSBundleMachOHeaders key may have included kernel addresses, which
may aid in bypassing address space layout randomization protection.
This issue was addressed by unsliding the addresses before returning
them.
CVE-ID
CVE-2012-3749 : Mark Dowd of Azimuth Security, Eric Monti of Square,
and additional anonymous researchers

Apple TV
Available for:  Apple TV 2nd generation and later
Impact:  An attacker with a privileged network position may cause an
unexpected application termination or arbitrary code execution
Description:  A time of check to time of use issue existed in the
handling of JavaScript arrays. This issue was addressed through
additional validation of JavaScript arrays.
CVE-ID
CVE-2012-3748 : Joost Pol and Daan Keuper of Certified Secure working
with HP TippingPoint's Zero Day Initiative


Installation note:

Apple TV will periodically check for software updates. Alternatively,
you may manually check for software updates by selecting
"Settings -> General -> Update Software".

To check the current version of software, select
"Settings -> General -> About".

Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQIcBAEBAgAGBQJQtpmWAAoJEPefwLHPlZEwd8sP+waxIXnUyMc6YA7Nh/f6cC69
whHE1CRR/5MQuu0RvgM6WQpOKlgUapphmJptiahy1VTWezul0ikFZrK7isY9Qhiq
DqfqiNanq0AMLtMHMCJ2U1cfZXjmgBQ/8gBo0AH5R28xHLjDKQmFtsbxep9eitgm
lPCm8No+3HhQfP2YVxxw7BqtdtOS40+opq9W90BZkL1OCnglw9rwQH6CAnGLmNFb
g+3/mfBMzYB4aeob1rg3Zj6xmWCLJXtnNPzU+bxyxJiQDTNJcVQc4rLo+J4yBcDY
4/hJspNiA1LyjvrqJE6998Zzs7ULwnpoIhZR0/oy4q76o7ETtsRvlLIzig4Erwwo
SgAAtyw4Zn/6Ii4siCCto6xvrn4PvD4ph7Z8yQFBWlR5zbHDH1JuqTNjxGi1eJb5
N6AtpwtvVUcEKtQyRB4a6hvoeCRCjSMSXLMHyAXNx2sJny8FXT+zqVwgWjGD6BDq
bPYMWi1JnCiVBMJYH3DShv0keJvsvslC4IJjXjRoN/I+17EurnRw7f0ZhyiMaj4d
vrc4adHEsX0f34N4ug1zLmDGPDHKT7ob+rp1DvYp2XVD+rsyJ7HmtpehIoupWAgC
aZQtLXiJPKLC/JB+r+i/CyKcYWhzhYlrROd69CubjdXS3VBvup5wmzvuXHws9QwE
tmigYJfnTwIsjKU4P9SS
=VpYW
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ