lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-id: <27710F57-2BDF-4C32-AD3A-59B4D625CBD0@lists.apple.com>
Date: Thu, 14 Mar 2013 14:02:07 -0700
From: Apple Product Security <product-security-noreply@...ts.apple.com>
To: security-announce@...ts.apple.com
Subject: APPLE-SA-2013-03-14-2 Safari 6.0.3

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2013-03-14-2 Safari 6.0.3

Safari 6.0.3 is now available and addresses the following:

WebKit
Available for:  OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8.2
Impact:  Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description:  Multiple memory corruption issues existed in WebKit.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2012-2824 : miaubiz
CVE-2012-2857 : Arthur Gerkis
CVE-2013-0948 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0949 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0950 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0951 : Apple
CVE-2013-0952 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0953 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0954 : Dominic Cooney of Google and Martin Barbella of the
Google Chrome Security Team
CVE-2013-0955 : Apple
CVE-2013-0956 : Apple Product Security
CVE-2013-0958 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0959 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0960 : Apple
CVE-2013-0961 : wushi of team509 working with iDefense VCP

WebKit
Available for:  OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8.2
Impact:  Visiting a maliciously crafted website may lead to a cross-
site scripting attack
Description:  A cross-site scripting issue existed in the handling of
frame elements. This issue was addressed through improved origin
tracking.
CVE-ID
CVE-2012-2889 : Sergey Glazunov

WebKit
Available for:  OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8.2
Impact:  Copying and pasting content on a malicious website may lead
to a cross-site scripting attack
Description:  A cross-site scripting issue existed in the handling of
content pasted from a different origin. This issue was addressed
through additional validation of pasted content.
CVE-ID
CVE-2013-0962 : Mario Heiderich of Cure53

For OS X Lion systems Safari 6.0.3 is available via
the Apple Software Update application.

For OS X Mountain Lion systems Safari 6.0.3 is included with
OS X v10.8.3.

Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQIcBAEBAgAGBQJRQBJQAAoJEPefwLHPlZEwj8MP/0dgfaWcn1PZL/BJWaCiBHFn
/FLQX83+8v+KexkQY4j1DxvlnrIT6ufAuAZV1VHOzWHhDngwt7EWzPUhT8o8FygE
7qWzamv47n/u2PfMmjNqTivBkEx6PchF1Hlny9cu6xY41NzKsYeQKiIwMJWGAojj
huYz31K/YKG/mx1AaS0eVSn7Ypevpq9j7QmnvS6ojQm+b7jKCmpHRlnTSDLRshST
QzWo/Do5fcavT9gPqVVm1qag+QzvKTMa6ZK7IDEsnHil1aA3T94taR0AJLVtYzrv
zeB8ZJyKNC2ols5QnNknJeqwpTkijaUoRkoZkG/HLGA4OT9PKXRWUoBxpvxGjj6W
bixIKYGItWEm5DndatgdDdpKXIlAIf1nMKNmjdDq3C0TYi4bTR6jkcRC8LL+2MrZ
ZZdjXdzjmm4PTJpXaIxL7IiaMy1j4Hy+EpciUVZ0sDHGQ+pBgv7QBPKym+g56VNB
o48bFGYbyGyDX2Jiag17rLxlh25qZ6YU2ZDsdFs+dXOgg+VX+sU31O94cOa07whH
6k3916hAGRaE4E+sQZYyHdWzgosk1J5Fj2aN6OGzrjYOxNH4ZiNvzmloruGFQKBx
fhDw8HUijO6eFfhqBEkGm/9rp99SobXBo4A13S6lAbu9x/hQ7WyzC86T03JcoQlu
f08mcBxZvJYFFXVgWg6x
=SOkH
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ