lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <7B55C873-09FC-4F9D-BC08-F87B186B3709@lists.apple.com>
Date: Thu, 15 Oct 2015 15:35:51 -0700
From: Apple Product Security <product-security-noreply@...ts.apple.com>
To: security-announce@...ts.apple.com
Subject: [FD] APPLE-SA-2015-10-15-1  Keynote 6.6, Pages 5.6, Numbers 3.6,
	and iWork for iOS 2.6

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2015-10-15-1  Keynote 6.6, Pages 5.6, Numbers 3.6, and
iWork for iOS 2.6

Keynote 6.6, Pages 5.6, Numbers 3.6, and iWork for iOS 2.6 are now
available which address the following:

Keynote, Pages, and Numbers
Available for:  OS X Yosemite v10.10.4 or later, iOS 8.4 or later
Impact:  Opening a maliciously crafted document may lead to
compromise of user information
Description:  Multiple input validation issues existed in parsing a
maliciously crafted document. These issues were addressed through
improved input validation.
CVE-ID
CVE-2015-3784 : Bruno Morisson of INTEGRITY S.A.
CVE-2015-7032 : Behrouz Sadeghipour (@Nahamsec) and Patrik Fehrenbach
(@ITSecurityguard)

Keynote, Pages, and Numbers
Available for:  OS X Yosemite v10.10.4 or later, iOS 8.4 or later
Impact:  Opening a maliciously crafted document may lead to
unexpected application termination or arbitrary code execution
Description:  A memory corruption issue existed in parsing a
maliciously crafted document. This issue was addressed through
improved memory handling.
CVE-ID
CVE-2015-7033 : Felix Groebert of the Google Security Team

Pages
Available for:  OS X Yosemite v10.10.4 or later, iOS 8.4 or later
Impact:  Opening a maliciously crafted Pages document may lead to
unexpected application termination or arbitrary code execution
Description:  A memory corruption issue existed in parsing a
maliciously crafted Pages document. This issue was addressed through
improved memory handling.
CVE-ID
CVE-2015-7034 : Felix Groebert of the Google Security Team

Keynote 6.6, Pages 5.6, Numbers 3.6, and iWork for iOS 2.6 may
be obtained from the App Store.

Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJWIChpAAoJEBcWfLTuOo7tm6wP/A7VLym8s1mxvtZtkL6rlP9G
LDuDKD6Q+ukd4EU41unLvgJC3DrC5XmJKBySrReX7hLBbHMElCFOa971+GVZl4aE
9gbX3zJvNf9uIzP3VSpmYw1tIdZVXr275ypdG+Nlc1YBCpcdMD6ohD9dJD1zdG8l
ieuEvRFFUFGdgtIk5PO6YKHstYFkcQbbmt/uy61y3CglIDWyPOeJ7m6DWlCPYB3I
PtY82ust1XPpJT0WSH3sfLyhluoq89VFPmiZhwDnOUopWuLmNoLntoQFnbCnRNwd
5nGzjukKGe8eQQ5guZP8wo+t57Rz37povvDWOXxvuk2mjjr0+ejQpRk+c7/4aIkX
Uyz4nW4DGCEjXDA8/yT5HXWHb7m28WehV5fnUiNVkl0PltwLY5nlSk29sD2BMiT6
DY3KUXT6ppZxqVMm3HEzM3VQKD5kfiFJkzXx1QtOzx4mAyTUKqN98Ni7ijf/O7CI
xjyNOCBNcMRtqA0ySUncvMiCeRo1b7Y2hthqY6GtmRjKbq2D8ooZyiEHGv6E10g1
Hn46jPJWPKcOMudszPUc2/AIaj94+Xb7Esq3wUSkz5e7c068oxUFBZLjVDeH8P8i
/3AUN6OXLVoGCkQvdv0kvsmQDsTJqq3iUkBSDSzE5RD8GDYh+cyi+54ZFV7BKhCi
ikrC4CqPxEcf3lk6bXKi
=Zci4
-----END PGP SIGNATURE-----


_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ