[<prev] [next>] [day] [month] [year] [list]
Message-id: <E4FD2C84-41CE-40A8-9704-C55D3A51DD3D@lists.apple.com>
Date: Thu, 26 Sep 2019 13:21:30 -0700
From: Apple Product Security via Fulldisclosure <fulldisclosure@...lists.org>
To: security-announce@...ts.apple.com
Subject: [FD] APPLE-SA-2019-9-26-7 Xcode 11.0
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2019-9-26-7 Xcode 11.0
Xcode 11.0 addresses the following:
IDE SCM
Available for: macOS Mojave 10.14.4 and later
Impact: Multiple issues in libssh2
Description: Multiple issues were addressed by updating to version
2.16.
CVE-2019-3855: Chris Coulson
ld64
Available for: macOS Mojave 10.14.4 and later
Impact: Compiling code without proper input validation could lead to
arbitrary code execution with user privilege
Description: Multiple issues in ld64 in the Xcode toolchains were
addressed by updating to version ld64-507.4.
CVE-2019-8721: Pan ZhenPeng of Qihoo 360 Nirvan Team
CVE-2019-8722: Pan ZhenPeng of Qihoo 360 Nirvan Team
CVE-2019-8723: Pan ZhenPeng of Qihoo 360 Nirvan Team
CVE-2019-8724: Pan ZhenPeng of Qihoo 360 Nirvan Team
otool
Available for: macOS Mojave 10.14.4 and later
Impact: Processing a maliciously crafted file may lead to arbitrary
code execution
Description: A memory corruption issue was addressed with improved
state management.
CVE-2019-8738: Pan ZhenPeng (@Peterpan0927) of Qihoo 360 Nirvan Team
CVE-2019-8739: Pan ZhenPeng (@Peterpan0927) of Qihoo 360 Nirvan Team
Installation note:
Xcode 11.0 may be obtained from:
https://developer.apple.com/xcode/downloads/
To check that the Xcode has been updated:
* Select Xcode in the menu bar
* Select About Xcode
* The version after applying this update will be "11.0".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEM5FaaFRjww9EJgvRBz4uGe3y0M0FAl2NDI4ACgkQBz4uGe3y
0M3yBg//WnHzKci0fwo78s/jomFP1EcSVj8FQ5T3ycwITMK01X5WDyZUHJw4rHJH
l3NaJLFkjXXovzBl0aQzGHoRvOiYoMJeBCaZeix3dafLdA+6whZ8VREie4ncY31y
EI0KoPxBxocLu0WaMUmEatDJsGqQWWFy0Q4LGGmDyOIXnrRqWJrLE7Qmm6IvOr1Q
ViDpLeWzymHaAQiiXnpUR9nDvpCEA5irlbKzvmfA55FLzUYdh1RBJUjrsR+JcUJ0
IewyJD6FpFMzpOImQJ22oBArN++Fag6KjlmTDbmL1O2uCHbl1x71ZhOPBRhgWFkP
X3nXTYFLGM22SWzOjBn8el05AAfOmkuISP9219HEXfbAYZliTQw37L2VlZ86nCn2
A3F258d8m1UAOh7NGvsDN4WUQ/QD4PQ0OUPSzQtztMXHZwoSiF92fw6epCkH10dV
xb28tXuv4eI3aI2ncgf5fClOwsC6/IFeheTfimsL+6ccro2C1IiJvcMnBH7HBZ+9
k4Z414NOKlUsbhTX+8lcLKKzpN/WxppmyN01fIdwO2anu1IRXOI2D3TvRKFI+pkr
u4u/ohjf8lmCgoDPyAa4YDmiYu9I5qMb/CmLwwhdYjX2NeUBSEPb3Ctga6jwP6RH
/3kg2VAgACUG+nR08itzvCMwCzkILfiCSy6D9EkPed5aoPGIrP4=
=9Hep
-----END PGP SIGNATURE-----
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists