lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Mon, 14 Mar 2022 17:13:13 -0700
From: Apple Product Security via Fulldisclosure <fulldisclosure@...lists.org>
To: security-announce@...ts.apple.com
Subject: [FD] APPLE-SA-2022-03-14-9 GarageBand 10.4.6

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2022-03-14-9 GarageBand 10.4.6

GarageBand 10.4.6 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213191.

MIDI
Available for: macOS Big Sur 11.5 and later
Impact: Opening a maliciously crafted file may lead to unexpected
application termination or arbitrary code execution
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2022-22657: Brandon Perry of Atredis Partners

MIDI
Available for: macOS Big Sur 11.5 and later
Impact: Opening a maliciously crafted file may lead to unexpected
application termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2022-22664: Brandon Perry of Atredis Partners

GarageBand 10.4.6 may be obtained from the App Store.
All information is also posted on the Apple Security Updates
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmIvyxwACgkQeC9qKD1p
rhi+DRAAuaC4j8hy3LXcGIDvpeoYNVizL2og9N+QWl+c75+iMmLH9j+OJ8VRy8PV
LRF+Z+FkOn1hGaqb/fSQoWPUbqK7T1NrSwTB/d3evpszUZBwP3iBASaMH5LCBQTz
VTr3GJsO8O3vu0mAKWhogopl6cK0ryN1B5b+FC7l4a0SIpV12C0Q/HhNDuPGyEqG
2rcRDXHnErv5ay+Fod5fEFApw2AFCKnXaunITkMPkmuH2zrVsLvkwDGrw5rrRT0n
iauANLX8+AYPXVWMmyIU9iMhMb5lUwNVWVtFl7qnak2QloaYFDwqMCL5Grl+iZoU
Oa3QvRFv4+QtMQqqC9UBmu8HY6srAUAD41cfHYuKdCz8F0g7494S+6clC0DW42CO
UbtpkbK/O59PAd9k7oEYzYYYQfoHfokKuzaZuar5Qs5JLaNyl+7THg3gsuezQ2Rv
mMSEbDRoA/smGPsKXIoIyUSl7Cxgw03NsPoj8Csz5s1ZQQXLxzWEYpuRHwNIemwE
EmxlmGTKlnE0EceUTxa/CtW6uVpOnFYIf95C/UOEtWBj6Yk4+C1+H42VB+m04H+A
waF5xSFGwo5pylve6PMFleoGH525/CSNwhsra1kcTkGvBmelDkpVmrjZScqsTOOu
gM+thN+eVLwOYptnTZoBni+r39PQOyf6kHR4lgnNedUCrWEo/bA=
=vSfo
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ