lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <9A025520-2BEB-4AED-9273-75C93DDCA73E@lists.apple.com>
Date: Wed, 21 Oct 2015 10:50:02 -0700
From: Apple Product Security <product-security-noreply@...ts.apple.com>
To: security-announce@...ts.apple.com
Subject: [FD] APPLE-SA-2015-10-21-5 iTunes 12.3.1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2015-10-21-5 iTunes 12.3.1

iTunes 12.3.1 is now available and addresses the following:

iTunes
Available for:  Windows 7 and later
Impact:  A man-in-the-middle attack while browsing the iTunes Store
via iTunes may result in unexpected application termination or
arbitrary code execution
Description:  Multiple memory corruption issues existed in WebKit.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2015-5928 : Apple
CVE-2015-5929 : Apple
CVE-2015-5930 : Apple
CVE-2015-5931
CVE-2015-7002 : Apple
CVE-2015-7011 : Apple
CVE-2015-7012 : Apple
CVE-2015-7013 : Apple
CVE-2015-7014

iTunes
Available for:  Windows 7 and later
Impact:  Applications that use CoreText may be vulnerable to
unexpected application termination or arbitrary code execution
Description:  Multiple memory corruption issues existed in the
processing of text files. These issues were addressed through
improved memory handling.
CVE-ID
CVE-2015-6975 : John Villamil (@day6reak), Yahoo Pentest Team
CVE-2015-6992 : John Villamil (@day6reak), Yahoo Pentest Team
CVE-2015-7017 : John Villamil (@day6reak), Yahoo Pentest Team

Installation note:

iTunes 12.3.1 may be obtained from:
http://www.apple.com/itunes/download/

You may also update to the latest version of iTunes via Apple
Software Update, which can be found in the Start menu.

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJWJuK0AAoJEBcWfLTuOo7tFqsP/i4hhZ9050OUg8jdzLx7ql9b
pw0VB3uCssp4c7m6U/Dr90sgAAG1BRqNZF5jE0ItWfaeVxUtny9iHvj9MF5mhU4O
1hd/+f9iVeA2chOi63jVBYl/RTON/HLG0EukNAt57H7UNcnpGOJMwPxciDgHb5mi
GEQEo3Q9bM2B9ReMcxCenVWBJ+e02l4iAqFBeV09BgAYvbaTvAQamjSeXkKyodI3
AkHmUuq6qWx9ka3EcMkEtm/agI2fKewlfI3WgpotkBx2lrZGUeFiuD21Nmq0diL8
O6tWt3FG4FsdrbPN7rm1NtPQq+fAnHn3EWCrpz32LB6Dh6NTqTLLesVDD5BCCK4p
TanM1TlaRPVuBxg6oCLreNN8IHAx25vhCLEsAw9GMl5JRhmBL9IjTczt91zFAAjX
fdW1bhq2O283MrRqZxvJW3eBti4IMr+cZtP9+OdlK+8zGx91LdvWNcuMS5Eg2W5T
Auwf4ZfHmVCX5DDe2wgeUqe14eTpDomCI4S4utyh6jVtA0+b7V7FEBVlqc760ThO
Gj7W4it3Ljosw6/VQodEPDiesbvhw+Cn7FcTHKxV7fgz+tLFSlEcox5BU0m/ardJ
xWJ6c7qrT8TKkE4wYGHWljhWx7o6SkU/60BYZo5FNAYllYC1bp2rQTa7G79fjMvM
eXiT4RZimmMNlbqwFKHQ
=4LVn
-----END PGP SIGNATURE-----


_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ