| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 29 Oct 2019 16:01:57 -0700 From: Apple Product Security via Fulldisclosure <fulldisclosure@...lists.org> To: security-announce@...ts.apple.com Subject: [FD] APPLE-SA-2019-10-29-5 Safari 13.0.3 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2019-10-29-5 Safari 13.0.3 Safari 13.0.3 is now available and addresses the following: WebKit Available for: macOS Mojave 10.14.6 and macOS High Sierra 10.13.6, and included in macOS Catalina 10.15.1 Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A logic issue was addressed with improved state management. CVE-2019-8813: an anonymous researcher WebKit Available for: macOS Mojave 10.14.6 and macOS High Sierra 10.13.6, and included in macOS Catalina 10.15.1 Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2019-8782: Cheolung Lee of LINE+ Security Team CVE-2019-8783: Cheolung Lee of LINE+ Graylab Security Team CVE-2019-8808: found by OSS-Fuzz CVE-2019-8811: Soyeon Park of SSLab at Georgia Tech CVE-2019-8812: an anonymous researcher CVE-2019-8814: Cheolung Lee of LINE+ Security Team CVE-2019-8816: Soyeon Park of SSLab at Georgia Tech CVE-2019-8819: Cheolung Lee of LINE+ Security Team CVE-2019-8820: Samuel Groß of Google Project Zero CVE-2019-8821: Sergei Glazunov of Google Project Zero CVE-2019-8822: Sergei Glazunov of Google Project Zero CVE-2019-8823: Sergei Glazunov of Google Project Zero WebKit Process Model Available for: macOS Mojave 10.14.6 and macOS High Sierra 10.13.6, and included in macOS Catalina 10.15.1 Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2019-8815: Apple Additional recognition WebKit We would like to acknowledge Dlive of Tencent's Xuanwu Lab and Zhiyi Zhang of Codesafe Team of Legendsec at Qi'anxin Group for their assistance. Installation note: Safari 13.0.3 may be obtained from the Mac App Store. Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQJdBAEBCABHFiEEM5FaaFRjww9EJgvRBz4uGe3y0M0FAl24p5UpHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQBz4uGe3y0M1LAg// fHUCPO59afw9n4DzZeFXpudIfkl/loz/UHJ8EpOf8KljSq0krbwAgY94o3brfpz1 Q9fZPWIfVJcijR2DdxA9qm2SKvzd5Z7mIpIJ1TBVGpU5Zi9iiqwincK8Q08HVMeP k6/Ue5VV5GTPEdhaDMPTHooMIPiUg/i7NV6PJHcLf6xEGSmOsVOCgmfho9Nt1ZXr eiUXJ7RG/4hmubbUUUNhBXLRy1dPHZYjweP5MJdezQitYSgHC/XBPktqRWqOblLT XLppf+lX3957KoqoM2nxQ+UqF/ohIclYvBw5hgoqm4pTcNscixgoVfb+eyBtR2YB n7Y4D0IBjDcqEiix6QmhqRGGgf8rH/2qCdIEcTIGffYBZngQMUWlc2x/MebiACkW /jVun5wSILGVMd/qa9ol8gsH//lr23/BE4hD0pcD1JK49T4Zp66JzHLShiQ5sqQt 6AT2axARGOeyaLNFVVrJvxaEqeM1nhYvJw37X82qSr+8YGOrznG0sUJdaISbi6bz v/YwV6Ek/6CTOMaTg1Xpgk50icAQm2cNnfBmnM/CEkUqS627Z/Y8RzKU+PFrlhuC 1AIrpyat47AdFUhJ+nbP29qfR8ANu0/GcLJPnC9aYqWftneI+V6hhs/9IvY+QQJS 9sWndqDp8uSKoG84352ubxPZNlBGAYOjwAZ3LvaO4tA= =8wFb -----END PGP SIGNATURE----- _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists