lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-id: <0E0BB40E-C303-4DD9-9B22-562E5A0F4145@lists.apple.com>
Date: Mon, 28 Jan 2013 10:50:18 -0800
From: Apple Product Security <product-security-noreply@...ts.apple.com>
To: "security-announce@...ts.apple.com" <security-announce@...ts.apple.com>
Subject: APPLE-SA-2013-01-28-2 Apple TV 5.2

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2013-01-28-2 Apple TV 5.2

Apple TV 5.2 is now available and addresses the following:

Apple TV
Available for:  Apple TV 2nd generation and later
Impact:  A user-mode process may be able to access the first page of
kernel memory
Description:  The kernel has checks to validate that the user-mode
pointer and length passed to the copyin and copyout functions would
not result in a user-mode process being able to directly access
kernel memory. The checks were not being used if the length was
smaller than one page. This issue was addressed through additional
validation of the arguments to copyin and copyout.
CVE-ID
CVE-2013-0964 : Mark Dowd of Azimuth Security

Apple TV
Available for:  Apple TV 2nd generation
Impact:  A remote attacker on the same WiFi network may be able to
cause an unexpected system termination
Description:  An out of bounds read issue exists in Broadcom's
BCM4325 and BCM4329 firmware's handling of 802.11i information
elements. This issue was addressed through additional validation of
802.11i information elements.
CVE-ID
CVE-2012-2619 : Andres Blanco and Matias Eissler of Core Security


Installation note:

Apple TV will periodically check for software updates. Alternatively,
you may manually check for software updates by selecting
"Settings -> General -> Update Software".

To check the current version of software, select
"Settings -> General -> About".

Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQIcBAEBAgAGBQJRBfhmAAoJEPefwLHPlZEwNmIP/R3GjFNdGg5UJ6cmb2eC8Ayz
3qzNZqVpjKdABZ3ra8TpZpR2Lh6Z6iKa4ZFecFqLIZXXcYiC3154zOZOQHcY5n/9
yw+mHL/UaKbwpT4rexD16WNiixha5+TQffd7gSyjeYah5g6uDz03prU8wrpM3mWv
7wRuNWuRJu5ndB7yt4zCRnfDrkLBxoarEX6YNo5aIjFfP3fFZYXrXgeaUeyZnhXY
FeO/Cu0TWgUOJgZnBeyTmWsNpt1IuFB0M+6zNUAEyWYBUjtdiGK0tmmFOQ5YjmV+
pBHDTyec+W589igwnXZs4Y27/7LHRd4jfYwA1ZhuwDdRmKvDWSsEVlApaH8nmMFs
jV8d2p5le1IdZaED9mBtkt26VCHYYowtSN05LKiKjLfSChNCtQo0ndaC7Z9Uosh7
8PE1yIC6698h4/SaNS+bmwjUI7Q/6EoQkgXQP2xUMjaPdx2Z6I9/AiIR65jCupZr
txvcg2nNxzexGsavGvALwFoRJiKdp0IHqU+Vyasept8jwHqC9ZuB8gQXP5yQSHGG
lPTKutwk3/bCaYrXhNADFtOXSsAWw0v4GtOQphfJEdZNO0JCR+gYfq0o2oVp9UG8
7w+BgEJX5uzJekQ/sSM2BCbR1kJV/j00W2n+O3SncwoEOK+UDpoYcRWcCEBRXoTf
K/prxlVAFp+wzvcT6GVP
=fPxD
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ