| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-id: <36C7C33B-9D44-4E15-928D-3B39555C7EA3@lists.apple.com> Date: Wed, 29 Jan 2020 13:31:16 -0800 From: Apple Product Security via Fulldisclosure <fulldisclosure@...lists.org> To: Apple Product Security via Security-announce <security-announce@...ts.apple.com> Subject: [FD] APPLE-SA-2020-1-29-1 iCloud for Windows 7.17 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2020-1-29-1 iCloud for Windows 7.17 iCloud for Windows 7.17 addresses the following: ImageIO Available for: Windows 7 and later Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-3826: Samuel Groß of Google Project Zero libxml2 Available for: Windows 7 and later Impact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow was addressed with improved size validation. CVE-2020-3846: Ranier Vilela WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A logic issue was addressed with improved state management. CVE-2020-3867: an anonymous researcher WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2020-3825: Przemysław Sporysz of Euvic CVE-2020-3868: Marcin Towalski of Cisco Talos WebKit Available for: Windows 7 and later Impact: A malicious website may be able to cause a denial of service Description: A denial of service issue was addressed with improved memory handling. CVE-2020-3862: Srikanth Gatta of Google Chrome WebKit Page Loading Available for: Windows 7 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2020-3865: Ryan Pickren (ryanpickren.com) Installation note: iCloud for Windows 7.17 may be obtained from: https://support.apple.com/HT204283 Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEM5FaaFRjww9EJgvRBz4uGe3y0M0FAl4xy2AACgkQBz4uGe3y 0M3Oxw/8CJvsIVoh/3V6SRfu0HGNx0I4PX0UPfV2a90bEMjE6d/X1IRyswy5gbXz jM7Cj71WAOMTb/LvgteHMo7GrAKK9oypP2SQvatuJKgzzu7G3viRwJGEOzsMisZv mCJKvgJGnTSfoso8zt3F3x+EwjeOpVgcU4bJyQMBK9LS5uLBWIbkj+F7Z9x8knHv i/upVc7LYaQotFjb6vM2nzuzo+MR+fv70c4HItXQFeh9lSuQcoHEwxlkHk8WfDPh TZoQGC8vahYZf9LY1KyH8fIpBEqw1w6gIzLcIVknMjQ/+WtX23wHYWN9dwCikCwo p/ariH4XwlVNe2DUK148ViEc3CkR0qrJs9063Jd+u3qS0UWVMyXUI9k8wb6lgsnw /TQTXGTT5s1U6rSShLc2iLqYtGjmTTPAkZ2BsT80TKdE6hgP82a5ph6GM77FjNpD MkWKhMsI9LyO0g682SG7EUxNbrGk2Wq3HR7LOBDYhAymcXKqlkWZXoKpSILktZEt Pci8eHxe63JsCMvJiGZOszjQLu8f3VPgFG5PE4fxVv+k0M8C6w9viKTKNj3YVLY6 Spx0tK0e626tBmtP7LtsSxaxZ2W/aIZmFrABPAvLpKoM/LRWx7T6K8cqA4cWDxXj 75lcyho8pm5ekRwwrU4VJ/ZwsNJO16BjM9n2itI1Ol+mvDwU7jw= =sZy+ -----END PGP SIGNATURE----- _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists