lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-id: <F2C6122C-9718-4E5A-80E9-DE49900E3E96@lists.apple.com>
Date: Tue, 19 Mar 2013 10:37:20 -0700
From: Apple Product Security <product-security-noreply@...ts.apple.com>
To: security-announce@...ts.apple.com
Subject: APPLE-SA-2013-03-19-2 Apple TV 5.2.1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2013-03-19-2 Apple TV 5.2.1

Apple TV 5.2.1 is now available and addresses the following:

Apple TV
Available for:  Apple TV 2nd generation and later
Impact:  A local user may be able to execute unsigned code
Description:  A state management issue existed in the handling of
Mach-O executable files with overlapping segments. This issue was
addressed by refusing to load an executable with overlapping
segments.
CVE-ID
CVE-2013-0977 : evad3rs

Apple TV
Available for:  Apple TV 2nd generation and later
Impact:  A local user may be able to determine the address of
structures in the kernel
Description:  An information disclosure issue existed in the ARM
prefetch abort handler. This issue was addressed by panicking if the
prefetch abort handler is not being called from an abort context.
CVE-ID
CVE-2013-0978 : evad3rs

Apple TV
Available for:  Apple TV 2nd generation and later
Impact:  A local user may be able to execute arbitrary code in the
kernel
Description:  The IOUSBDeviceFamily driver used pipe object pointers
that came from userspace. This issue was addressed by performing
additional validation of pipe object pointers.
CVE-ID
CVE-2013-0981 : evad3rs


Installation note:

Apple TV will periodically check for software updates. Alternatively,
you may manually check for software updates by selecting
"Settings -> General -> Update Software".

To check the current version of software, select
"Settings -> General -> About".

Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQIcBAEBAgAGBQJRR374AAoJEPefwLHPlZEwZCsQAKauofHzY4DpkQCj8UsuUy3J
cTHaj/XE1B8z9ef7d/h/p5EqVTi8HFfcyvWsqLBFfWjFsMzjT6Q/VLu2b1bN4bvw
PNdNReLLnnxrgAbA59MT6G6cFV0P+0Dth8d8xjEytY74NOrtHFU5ZZtzabtuaHC4
pvXybqdP1sP/Ra4/z+NdP+1b77Jm18mWvfV9zUb2z8A8J1zgLTk5p/+G8rcXnf38
UvGuz+Bc0ntX/cawX6Ajyyu+FCVvgsUJivV0ijUnwOAje8Iul6rEeBYVT9BGwwD8
9sM6sFxlyUN7GHQN4qnP37sQNm51OcRllqLSbNDcajfI4GrBqMDfR4w446R39A/y
poOF2xiaJzQltTXPD+9sfxM2SNA5z6dYK8NQEdiCf3iStA2PlO/S6QjukHGGslwQ
a3wsAm1a+ubWmwgNuTpS3+xcAq9IK0P/BkTqI0etH/fMZ9vPzI8lsY0fmsGBCIrK
FAaR7QHFTRCYISLA0Hp7wfBOMRkVAkVbfXum3NNPol1CLfj8GRVVxSwjQY5l2S13
XmFA3ZDtJ3yh56g9gu6bks6EEWjU33xAksQNuIhgxenRraNJClIrVJOWc2EXLCcs
HxrCkd8wxOGHz9irbXMnETKCYcmgID5x7DK9BbAcqleWqG0R24iTTAgMesV+Le1w
GFIZVf/ohGVSaVp0gEnb
=15vy
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ