[<prev] [next>] [day] [month] [year] [list]
Message-Id: <0456243E-BF8F-4CF2-8B0C-73071BC80C93@lists.apple.com>
Date: Mon, 21 Mar 2016 17:53:29 -0700
From: Apple Product Security <product-security-noreply@...ts.apple.com>
To: security-announce@...ts.apple.com
Subject: [FD] APPLE-SA-2016-03-21-4 Xcode 7.3
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2016-03-21-4 Xcode 7.3
Xcode 7.3 is now available and addresses the following:
otool
Available for: OS X El Capitan v10.11 and later
Impact: A local attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1765 : Proteas of Qihoo 360 Nirvan Team and Will Estes
(@squiffy)
subversion
Available for: OS X El Capitan v10.11 and later
Impact: A malicious server may be able to execute arbitrary code
Description: Multiple vulnerabilities existed in subversion versions
prior to 1.7.21, the most serious of which may have led to remote
code execution. These were addressed by updating subversion to
version 1.7.22.
CVE-ID
CVE-2015-3184 : C. Michael Pilato, CollabNet
CVE-2015-3187 : C. Michael Pilato, CollabNet
Xcode 7.0 may be obtained from:
https://developer.apple.com/xcode/downloads/
To check that the Xcode has been updated:
* Select Xcode in the menu bar
* Select About Xcode
* The version after applying this update will be "7.3".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJW8JQAAAoJEBcWfLTuOo7tO6gQAJAW+kXp0TuFMDT6xHo2YVIq
OiRdtYYsaQ0vLXHhDFQP+8uXPSz6KnunxKYZhA3JsSIjXZcv+O0Vw9hP/5A3/nj8
vXYCFmVW9m7rse4k7m117PYdPuKuWtAvDU19b7B2/vPsrv1R6C5R+jZj7hi9Vp2T
4Vx4oLeXCAhzpuDNfvtnyI756b8j63si2eSMSIPp+smQl4RKWtEJEAX5yHkDpeyl
cuCHiEbwx4+UomEp5jpOPGjcmohjpTrbBJE8hH/k6W85bBj+rhBPJoBAYafW7nHt
6uokIgZtU59ZEAwC8hme0vzApINfslV1fiJk1HN/rP6Cp+ptdIZGL8zydmzIh7yq
gEnfcEEhD2TTkJYnt22l42ZtCDsGJkFBF/r77EHmYWUJfmR4a4Jismp4sGGPgZ12
OitRfBzojK1+Ah6tkYV2LKIfjstprBTRZdz0XKQtjgAwfgktAalrWiibZs2zBNF5
UfZKAsM3Qc9RBK5pNQpGMlrHQtnFdD74Df4TYRlSuKZRO5DLr0STDeHXQfn4Ti/9
8+ZifqggFuWBfh5es4EFdcpxRRqWI9OKOdgQ0Oc5tXwIyAlOshxNuP3qAgVQzwwd
COicsW/1HsUoaopDuf+bzDcJPL/L9H3SRYfg4S/uv5JOjoaPr0pQC8mUfR25dZAw
cU0NiqyyiqU1H29UaU50
=9aiD
-----END PGP SIGNATURE-----
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists