VARIoT IoT vulnerabilities database

libpthread in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via an app that uses a crafted syscall to interfere with locking. Apple Mac OS X and iOS are prone to multiple security vulnerabilities. Attackers can exploit these issues to obtain sensitive information, execute arbitrary code with system privileges, perform unauthorized actions, bypass security restrictions, cause denial-of-service conditions, and perform other attacks. Versions prior to iOS 8.4.1 and OS X 10.10.5 are vulnerable. in the United States

WebKit in Apple iOS before 8.4.1 allows remote attackers to spoof clicks via a crafted web site that leverages tap events. Apple iOS Used in etc. WebKit Contains a vulnerability in which clicks are counterfeited. Supplementary information : CWE Vulnerability type by CWE-254: Security Features ( Security function ) Has been identified. Apple iOS is prone to multiple security vulnerabilities. Attackers can exploit these issues to access sensitive information, perform unauthorized actions, bypass security restrictions, and perform other attacks. Versions prior to iOS 8.4.1 are vulnerable. Note: The issue described by CVE-2015-3778 has been removed. The issue is discussed in BID 83590 (Apple Mac OS X and iOS CVE-2015-3778 Information Disclosure Vulnerability). WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome

FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-3804 and CVE-2015-5775. Attackers can exploit these issues to obtain sensitive information, execute arbitrary code with system privileges, perform unauthorized actions, bypass security restrictions, cause denial-of-service conditions, and perform other attacks. Versions prior to iOS 8.4.1 and OS X 10.10.5 are vulnerable. in the United States. FontParser is a font parsing component

WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, allows remote attackers to bypass a Content Security Policy protection mechanism by using a video control in conjunction with an IMG element within an OBJECT element. Apple iOS And work on other products Apple Safari Used in etc. WebKit Contains a vulnerability that bypasses the content security policy protection mechanism. Supplementary information : CWE Vulnerability type by CWE-254: Security Features ( Security function ) Has been identified. WebKit is prone to multiple security-bypass vulnerabilities. An attacker can exploit these issues to bypass certain same-origin policy restrictions and perform unauthorized actions in the affected application, which may aid in further attacks. Apple iOS is an operating system developed for mobile devices; Apple Safari is a web browser that is the default browser included with the Mac OS X and iOS operating systems. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. CVE-ID CVE-2015-3753 : Antonio Sanso and Damien Antipa of Adobe WebKit Page Loading Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, and OS X Yosemite v10.10.4 Impact: Cached authentication state may reveal private browsing history Description: An issue existed in caching of HTTP authentication. CVE-ID CVE-2015-3755 : xisigr of Tencent's Xuanwu Lab Safari 8.0.8, Safari 7.1.8, and Safari 6.2.8 may be obtained from the Mac App Store. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2015-08-13-3 iOS 8.4.1 iOS 8.4.1 is now available and addresses the following: AppleFileConduit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A maliciously crafted afc command may allow access to protected parts of the filesystem Description: An issue existed in the symbolic linking mechanism of afc. This issue was addressed by adding additional path checks. CVE-ID CVE-2015-5746 : evad3rs, TaiG Jailbreak Team Air Traffic Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: AirTraffic may have allowed access to protected parts of the filesystem Description: A path traversal issue existed in asset handling. This was addressed with improved validation. CVE-ID CVE-2015-5766 : TaiG Jailbreak Team Backup Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to create symlinks to protected regions of the disk Description: An issue existed within the path validation logic for symlinks. This issue was addressed through improved path sanitization. CVE-ID CVE-2015-5752 : TaiG Jailbreak Team bootp Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious Wi-Fi network may be able to determine networks a device has previously accessed Description: Upon connecting to a Wi-Fi network, iOS may have broadcast MAC addresses of previously accessed networks via the DNAv4 protocol. This issue was addressed through disabling DNAv4 on unencrypted Wi-Fi networks. CVE-ID CVE-2015-3778 : Piers O'Hanlon of Oxford Internet Institute, University of Oxford (on the EPSRC Being There project) Certificate UI Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker with a privileged network position may be able to accept untrusted certificates from the lock screen Description: Under certain circumstances, the device may have presented a certificate trust dialog while in a locked state. This issue was addressed through improved state management. CVE-ID CVE-2015-3756 : Andy Grant of NCC Group CloudKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to access the iCloud user record of a previously signed in user Description: A state inconsistency existed in CloudKit when signing out users. This issue was addressed through improved state handling. CVE-ID CVE-2015-3782 : Deepkanwal Plaha of University of Toronto CFPreferences Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious app may be able to read other apps' managed preferences Description: An issue existed in the third-party app sandbox. This issue was addressed by improving the third-party sandbox profile. CVE-ID CVE-2015-3793 : Andreas Weinlein of the Appthority Mobility Threat Team Code Signing Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute unsigned code Description: An issue existed that allowed unsigned code to be appended to signed code in a specially crafted executable file. This issue was addressed through improved code signature validation. CVE-ID CVE-2015-3806 : TaiG Jailbreak Team Code Signing Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A specially crafted executable file could allow unsigned, malicious code to execute Description: An issue existed in the way multi-architecture executable files were evaluated that could have allowed unsigned code to be executed. This issue was addressed through improved validation of executable files. CVE-ID CVE-2015-3803 : TaiG Jailbreak Team Code Signing Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user may be able to execute unsigned code Description: A validation issue existed in the handling of Mach-O files. This was addressed by adding additional checks. CVE-ID CVE-2015-3802 : TaiG Jailbreak Team CVE-2015-3805 : TaiG Jailbreak Team CoreMedia Playback Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in CoreMedia Playback. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5777 : Apple CVE-2015-5778 : Apple CoreText Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Processing a maliciously crafted font file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation. CVE-ID CVE-2015-5755 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-5761 : John Villamil (@day6reak), Yahoo Pentest Team DiskImages Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Processing a maliciously crafted DMG file may lead to an unexpected application termination or arbitrary code execution with system privileges Description: A memory corruption issue existed in parsing of malformed DMG images. This issue was addressed through improved memory handling. CVE-ID CVE-2015-3800 : Frank Graziano of the Yahoo Pentest Team FontParser Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Processing a maliciously crafted font file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation. CVE-ID CVE-2015-3804 : Apple CVE-2015-5756 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-5775 : Apple ImageIO Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Processing a maliciously crafted .tiff file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the processing of .tiff files. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-5758 : Apple ImageIO Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may result in the disclosure of process memory Description: An uninitialized memory access issue existed in ImageIO's handling of PNG images. Visiting a malicious website may result in sending data from process memory to the website. This issue was addressed through improved memory initialization and additional validation of PNG images. CVE-ID CVE-2015-5781 : Michal Zalewski ImageIO Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may result in the disclosure of process memory Description: An uninitialized memory access issue existed in ImageIO's handling of TIFF images. Visiting a malicious website may result in sending data from process memory to the website. This issue is addressed through improved memory initialization and additional validation of TIFF images. CVE-ID CVE-2015-5782 : Michal Zalewski IOKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Parsing a maliciously crafted plist may lead to an unexpected application termination or arbitrary code execution with system privileges Description: A memory corruption existed in processing of malformed plists. This issue was addressed through improved memory handling. CVE-ID CVE-2015-3776 : Teddy Reed of Facebook Security, Patrick Stein (@jollyjinx) of Jinx Germany IOHIDFamily Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user may be able to execute arbitrary code with system privileges Description: A buffer overflow issue existed in IOHIDFamily. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5774 : TaiG Jailbreak Team Kernel Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to determine kernel memory layout Description: An issue existed in the mach_port_space_info interface, which could have led to the disclosure of kernel memory layout. This was addressed by disabling the mach_port_space_info interface. CVE-ID CVE-2015-3766 : Cererdlong of Alibaba Mobile Security Team, @PanguTeam Kernel Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An integer overflow existed in the handling of IOKit functions. This issue was addressed through improved validation of IOKit API arguments. CVE-ID CVE-2015-3768 : Ilja van Sprundel Libc Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Processing a maliciously crafted regular expression may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the TRE library. This issue was addressed through improved memory handling. CVE-ID CVE-2015-3796 : Ian Beer of Google Project Zero CVE-2015-3797 : Ian Beer of Google Project Zero CVE-2015-3798 : Ian Beer of Google Project Zero Libinfo Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in handling AF_INET6 sockets. This issue was addressed by improved memory handling. CVE-ID CVE-2015-5776 : Apple libpthread Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in handling syscalls. This issue was addressed through improved lock state checking. CVE-ID CVE-2015-5757 : Lufeng Li of Qihoo 360 libxml2 Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Parsing a maliciously crafted XML document may lead to disclosure of user information Description: A memory corruption issue existed in parsing of XML files. This issue was addressed through improved memory handling. CVE-ID CVE-2015-3807 : Michal Zalewski libxml2 Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Multiple vulnerabilities existed in libxml2 versions prior to 2.9.2, the most serious of which may allow a remote attacker to cause a denial of service Description: Multiple vulnerabilities existed in libxml2 versions prior to 2.9.2. These were addressed by updating libxml2 to version 2.9.2. CVE-ID CVE-2012-6685 : Felix Groebert of Google CVE-2014-0191 : Felix Groebert of Google CVE-2014-3660 : Felix Groebert of Google libxpc Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in handling of malformed XPC messages. This issue was improved through improved bounds checking. CVE-ID CVE-2015-3795 : Mathew Rowley Location Framework Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user may be able to modify protected parts of the filesystem Description: A symbolic link issue was addressed through improved path validation. CVE-ID CVE-2015-3759 : Cererdlong of Alibaba Mobile Security Team MobileInstallation Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious enterprise application may be able to replace extensions for other apps Description: An issue existed in the install logic for universal provisioning profile apps, which allowed a collision to occur with existing bundle IDs. This issue was addressed through improved bundle ID validation. CVE-ID CVE-2015-5770 : FireEye MSVDX Driver Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Viewing a malicious video may lead to a unexpected system termination Description: A denial of service issue was addressed through improved memory handling. CVE-ID CVE-2015-5769 : Proteas of Qihoo 360 Nirvan Team Office Viewer Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Parsing a maliciously crafted XML file may lead to disclosure of user information Description: An external entity reference issue existed in XML file parsing. This issue was addressed through improved parsing. CVE-ID CVE-2015-3784 : Bruno Morisson of INTEGRITY S.A. QL Office Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Parsing a maliciously crafted office document may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in parsing of office documents. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5773 : Apple Safari Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a malicious website may lead to user interface spoofing Description: A malicious website could open another site and prompt for user input without a way for the user to tell where the prompt originated. The issue was addressed by displaying the prompt's origin to the user. CVE-ID CVE-2015-3729 : Code Audit Labs of VulnHunt.com Safari Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious website may trigger an infinite number of alert messages Description: An issue existed where a malicious or hacked website could show infinite alert messages and make users believe their browser was locked. The issue was addressed through throttling of JavaScript alerts. CVE-ID CVE-2015-3763 Sandbox_profiles Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An malicious app may be able to read other apps' managed preferences Description: An issue existed in the third-party app sandbox. This issue was addressed by improving the third-party sandbox profile. CVE-ID CVE-2015-5749 : Andreas Weinlein of the Appthority Mobility Threat Team UIKit WebView Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to initiate FaceTime calls without user authorization Description: An issue existed in the parsing of FaceTime URLs within WebViews. This issue was addressed through improved URL validation. CVE-ID CVE-2015-3758 : Brian Simmons of Salesforce, Guillaume Ross WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. This issue was addressed through improved URL handling. CVE-ID CVE-2015-3755 : xisigr of Tencent's Xuanwu Lab WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious website may exfiltrate image data cross-origin Description: Images fetched through URLs that redirected to a data:image resource could have been exfiltrated cross-origin. This issue was addressed through improved canvas taint tracking. CVE-ID CVE-2015-3753 : Antonio Sanso and Damien Antipa of Adobe WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious website can trigger plaintext requests to an origin under HTTP Strict Transport Security Description: An issue existed where Content Security Policy report requests would not honor HTTP Strict Transport Security (HSTS). The issue was addressed by applying HSTS to CSP. CVE-ID CVE-2015-3750 : Muneaki Nishimura (nishimunea) WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious website can make a tap event produce a synthetic click on another page Description: An issue existed in how synthetic clicks are generated from tap events that could cause clicks to target other pages. The issue was addressed through restricted click propagation. CVE-ID CVE-2015-5759 : Phillip Moon and Matt Weston of Sandfield WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Content Security Policy report requests may leak cookies Description: Two issues existed in how cookies were added to Content Security Policy report requests. Cookies were sent in cross-origin report requests in violation of the standard. Cookies set during regular browsing were sent in private browsing. These issues were addressed through improved cookie handling. CVE-ID CVE-2015-3752 : Muneaki Nishimura (nishimunea) WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Image loading may violate a website's Content Security Policy directive Description: An issue existed where websites with video controls would load images nested in object elements in violation of the website's Content Security Policy directive. CVE-ID CVE-2015-3751 : Muneaki Nishimura (nishimunea) Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "8.4.1". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIcBAEBCAAGBQJVzM4DAAoJEBcWfLTuOo7tstIQAKxtjly6AG1Hjo34z4nRSei8 AyZLycwG+oCwcL22lsYOnQgVl2cNDJulsFmJzGWRApHNbfiMDqg/MdlyXzJDB8jg PLJJmR8CIqMKDKxAq/zQ1XJxTLt9579KTOpiTvMpT3ac+En0PDGeftTutzepiIz4 2GAkNmUclWaYygLCfNyQhQNWe7LtoGzxEkjJOa+oAFaNHpx4o1LrZrqkp3w1/mSG ZyHsH6U7UR2QowkXj/h1wNLBX82tc4QkH64VTEeHgl6txWTrQhlubdBc1cVfkw1+ NJh6oJ4xEivXhG//yaBaj0UZ+GyqwhtuiIwxG4YYteQUjuuXEze/WFkLblYCRbiP DzFK93xbPD0jETOYbV6+QS12rIJ+CfeMM1ILmMLsKHpeh5O/WB4oGsN3G8UGCju7 Swh1aEzy1krOFN9qqEtkItEUDMahYnF6W9gQE3Uoo8Gx47qZ/s+1rG9z7yyMtN+O Xg8SULkblnUYGUFoiZItYZNDPbalbPKGUQG8Td3R3cl7O01xRtn0odmvy4baSX8+ 7o15etb0ihnNfpRV7eAk7U8w9L1OdCPaTLk9msQR2v9xBMQzmd4ypsIp2A+MY9e2 fOGRuC/o6dGy7v2yT6t5uqbCKrcJQ2lHJI78hVB8A+3+6bqKZ9jpg/gtTy0Qzolp b/jh8IEOuyI7+KrcrD3U =tJVt -----END PGP SIGNATURE-----

The Content Security Policy implementation in WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not properly restrict cookie transmission for report requests, which allows remote attackers to obtain sensitive information via vectors involving (1) a cross-origin request or (2) a private-browsing request. Apple iOS And work on other products Apple Safari Used in etc. WebKit is prone to multiple security-bypass vulnerabilities. An attacker can exploit these issues to bypass certain same-origin policy restrictions and perform unauthorized actions in the affected application, which may aid in further attacks. Apple iOS is an operating system developed for mobile devices; Apple Safari is a web browser that is the default browser included with the Mac OS X and iOS operating systems. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. The vulnerability stems from the fact that the program does not properly restrict the transmission of cookies for report requests. A remote attacker can exploit this vulnerability to obtain sensitive information by sending cross-origin or private-browsing requests. CVE-ID CVE-2015-3753 : Antonio Sanso and Damien Antipa of Adobe WebKit Page Loading Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, and OS X Yosemite v10.10.4 Impact: Cached authentication state may reveal private browsing history Description: An issue existed in caching of HTTP authentication. CVE-ID CVE-2015-3755 : xisigr of Tencent's Xuanwu Lab Safari 8.0.8, Safari 7.1.8, and Safari 6.2.8 may be obtained from the Mac App Store. ============================================================================ Ubuntu Security Notice USN-2937-1 March 21, 2016 webkitgtk vulnerabilities ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 15.10 - Ubuntu 14.04 LTS Summary: Several security issues were fixed in WebKitGTK+. Software Description: - webkitgtk: Web content engine library for GTK+ Details: A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 15.10: libjavascriptcoregtk-1.0-0 2.4.10-0ubuntu0.15.10.1 libjavascriptcoregtk-3.0-0 2.4.10-0ubuntu0.15.10.1 libwebkitgtk-1.0-0 2.4.10-0ubuntu0.15.10.1 libwebkitgtk-3.0-0 2.4.10-0ubuntu0.15.10.1 Ubuntu 14.04 LTS: libjavascriptcoregtk-1.0-0 2.4.10-0ubuntu0.14.04.1 libjavascriptcoregtk-3.0-0 2.4.10-0ubuntu0.14.04.1 libwebkitgtk-1.0-0 2.4.10-0ubuntu0.14.04.1 libwebkitgtk-3.0-0 2.4.10-0ubuntu0.14.04.1 This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any applications that use WebKitGTK+, such as Epiphany and Evolution, to make all the necessary changes. References: http://www.ubuntu.com/usn/usn-2937-1 CVE-2014-1748, CVE-2015-1071, CVE-2015-1076, CVE-2015-1081, CVE-2015-1083, CVE-2015-1120, CVE-2015-1122, CVE-2015-1127, CVE-2015-1153, CVE-2015-1155, CVE-2015-3658, CVE-2015-3659, CVE-2015-3727, CVE-2015-3731, CVE-2015-3741, CVE-2015-3743, CVE-2015-3745, CVE-2015-3747, CVE-2015-3748, CVE-2015-3749, CVE-2015-3752, CVE-2015-5788, CVE-2015-5794, CVE-2015-5801, CVE-2015-5809, CVE-2015-5822, CVE-2015-5928 Package Information: https://launchpad.net/ubuntu/+source/webkitgtk/2.4.10-0ubuntu0.15.10.1 https://launchpad.net/ubuntu/+source/webkitgtk/2.4.10-0ubuntu0.14.04.1 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2015-08-13-3 iOS 8.4.1 iOS 8.4.1 is now available and addresses the following: AppleFileConduit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A maliciously crafted afc command may allow access to protected parts of the filesystem Description: An issue existed in the symbolic linking mechanism of afc. This issue was addressed by adding additional path checks. CVE-ID CVE-2015-5746 : evad3rs, TaiG Jailbreak Team Air Traffic Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: AirTraffic may have allowed access to protected parts of the filesystem Description: A path traversal issue existed in asset handling. This was addressed with improved validation. CVE-ID CVE-2015-5766 : TaiG Jailbreak Team Backup Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to create symlinks to protected regions of the disk Description: An issue existed within the path validation logic for symlinks. This issue was addressed through improved path sanitization. CVE-ID CVE-2015-5752 : TaiG Jailbreak Team bootp Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious Wi-Fi network may be able to determine networks a device has previously accessed Description: Upon connecting to a Wi-Fi network, iOS may have broadcast MAC addresses of previously accessed networks via the DNAv4 protocol. This issue was addressed through disabling DNAv4 on unencrypted Wi-Fi networks. CVE-ID CVE-2015-3778 : Piers O'Hanlon of Oxford Internet Institute, University of Oxford (on the EPSRC Being There project) Certificate UI Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker with a privileged network position may be able to accept untrusted certificates from the lock screen Description: Under certain circumstances, the device may have presented a certificate trust dialog while in a locked state. This issue was addressed through improved state management. CVE-ID CVE-2015-3756 : Andy Grant of NCC Group CloudKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to access the iCloud user record of a previously signed in user Description: A state inconsistency existed in CloudKit when signing out users. This issue was addressed through improved state handling. CVE-ID CVE-2015-3782 : Deepkanwal Plaha of University of Toronto CFPreferences Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious app may be able to read other apps' managed preferences Description: An issue existed in the third-party app sandbox. This issue was addressed by improving the third-party sandbox profile. CVE-ID CVE-2015-3793 : Andreas Weinlein of the Appthority Mobility Threat Team Code Signing Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute unsigned code Description: An issue existed that allowed unsigned code to be appended to signed code in a specially crafted executable file. This issue was addressed through improved code signature validation. CVE-ID CVE-2015-3806 : TaiG Jailbreak Team Code Signing Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A specially crafted executable file could allow unsigned, malicious code to execute Description: An issue existed in the way multi-architecture executable files were evaluated that could have allowed unsigned code to be executed. This issue was addressed through improved validation of executable files. CVE-ID CVE-2015-3803 : TaiG Jailbreak Team Code Signing Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user may be able to execute unsigned code Description: A validation issue existed in the handling of Mach-O files. This was addressed by adding additional checks. CVE-ID CVE-2015-3802 : TaiG Jailbreak Team CVE-2015-3805 : TaiG Jailbreak Team CoreMedia Playback Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in CoreMedia Playback. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5777 : Apple CVE-2015-5778 : Apple CoreText Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Processing a maliciously crafted font file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation. CVE-ID CVE-2015-5755 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-5761 : John Villamil (@day6reak), Yahoo Pentest Team DiskImages Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Processing a maliciously crafted DMG file may lead to an unexpected application termination or arbitrary code execution with system privileges Description: A memory corruption issue existed in parsing of malformed DMG images. This issue was addressed through improved memory handling. CVE-ID CVE-2015-3800 : Frank Graziano of the Yahoo Pentest Team FontParser Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Processing a maliciously crafted font file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation. CVE-ID CVE-2015-3804 : Apple CVE-2015-5756 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-5775 : Apple ImageIO Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Processing a maliciously crafted .tiff file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the processing of .tiff files. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-5758 : Apple ImageIO Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may result in the disclosure of process memory Description: An uninitialized memory access issue existed in ImageIO's handling of PNG images. Visiting a malicious website may result in sending data from process memory to the website. This issue was addressed through improved memory initialization and additional validation of PNG images. CVE-ID CVE-2015-5781 : Michal Zalewski ImageIO Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may result in the disclosure of process memory Description: An uninitialized memory access issue existed in ImageIO's handling of TIFF images. Visiting a malicious website may result in sending data from process memory to the website. This issue is addressed through improved memory initialization and additional validation of TIFF images. CVE-ID CVE-2015-5782 : Michal Zalewski IOKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Parsing a maliciously crafted plist may lead to an unexpected application termination or arbitrary code execution with system privileges Description: A memory corruption existed in processing of malformed plists. This issue was addressed through improved memory handling. CVE-ID CVE-2015-3776 : Teddy Reed of Facebook Security, Patrick Stein (@jollyjinx) of Jinx Germany IOHIDFamily Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user may be able to execute arbitrary code with system privileges Description: A buffer overflow issue existed in IOHIDFamily. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5774 : TaiG Jailbreak Team Kernel Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to determine kernel memory layout Description: An issue existed in the mach_port_space_info interface, which could have led to the disclosure of kernel memory layout. This was addressed by disabling the mach_port_space_info interface. CVE-ID CVE-2015-3766 : Cererdlong of Alibaba Mobile Security Team, @PanguTeam Kernel Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An integer overflow existed in the handling of IOKit functions. This issue was addressed through improved validation of IOKit API arguments. CVE-ID CVE-2015-3768 : Ilja van Sprundel Libc Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Processing a maliciously crafted regular expression may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the TRE library. This issue was addressed through improved memory handling. CVE-ID CVE-2015-3796 : Ian Beer of Google Project Zero CVE-2015-3797 : Ian Beer of Google Project Zero CVE-2015-3798 : Ian Beer of Google Project Zero Libinfo Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in handling AF_INET6 sockets. This issue was addressed by improved memory handling. CVE-ID CVE-2015-5776 : Apple libpthread Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in handling syscalls. This issue was addressed through improved lock state checking. CVE-ID CVE-2015-5757 : Lufeng Li of Qihoo 360 libxml2 Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Parsing a maliciously crafted XML document may lead to disclosure of user information Description: A memory corruption issue existed in parsing of XML files. This issue was addressed through improved memory handling. CVE-ID CVE-2015-3807 : Michal Zalewski libxml2 Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Multiple vulnerabilities existed in libxml2 versions prior to 2.9.2, the most serious of which may allow a remote attacker to cause a denial of service Description: Multiple vulnerabilities existed in libxml2 versions prior to 2.9.2. These were addressed by updating libxml2 to version 2.9.2. CVE-ID CVE-2012-6685 : Felix Groebert of Google CVE-2014-0191 : Felix Groebert of Google CVE-2014-3660 : Felix Groebert of Google libxpc Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in handling of malformed XPC messages. This issue was improved through improved bounds checking. CVE-ID CVE-2015-3795 : Mathew Rowley Location Framework Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user may be able to modify protected parts of the filesystem Description: A symbolic link issue was addressed through improved path validation. CVE-ID CVE-2015-3759 : Cererdlong of Alibaba Mobile Security Team MobileInstallation Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious enterprise application may be able to replace extensions for other apps Description: An issue existed in the install logic for universal provisioning profile apps, which allowed a collision to occur with existing bundle IDs. This issue was addressed through improved bundle ID validation. CVE-ID CVE-2015-5770 : FireEye MSVDX Driver Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Viewing a malicious video may lead to a unexpected system termination Description: A denial of service issue was addressed through improved memory handling. CVE-ID CVE-2015-5769 : Proteas of Qihoo 360 Nirvan Team Office Viewer Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Parsing a maliciously crafted XML file may lead to disclosure of user information Description: An external entity reference issue existed in XML file parsing. This issue was addressed through improved parsing. CVE-ID CVE-2015-3784 : Bruno Morisson of INTEGRITY S.A. QL Office Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Parsing a maliciously crafted office document may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in parsing of office documents. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5773 : Apple Safari Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a malicious website may lead to user interface spoofing Description: A malicious website could open another site and prompt for user input without a way for the user to tell where the prompt originated. The issue was addressed by displaying the prompt's origin to the user. CVE-ID CVE-2015-3729 : Code Audit Labs of VulnHunt.com Safari Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious website may trigger an infinite number of alert messages Description: An issue existed where a malicious or hacked website could show infinite alert messages and make users believe their browser was locked. The issue was addressed through throttling of JavaScript alerts. CVE-ID CVE-2015-3763 Sandbox_profiles Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An malicious app may be able to read other apps' managed preferences Description: An issue existed in the third-party app sandbox. This issue was addressed by improving the third-party sandbox profile. CVE-ID CVE-2015-5749 : Andreas Weinlein of the Appthority Mobility Threat Team UIKit WebView Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to initiate FaceTime calls without user authorization Description: An issue existed in the parsing of FaceTime URLs within WebViews. This issue was addressed through improved URL validation. CVE-ID CVE-2015-3758 : Brian Simmons of Salesforce, Guillaume Ross WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. This issue was addressed through improved URL handling. CVE-ID CVE-2015-3755 : xisigr of Tencent's Xuanwu Lab WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious website may exfiltrate image data cross-origin Description: Images fetched through URLs that redirected to a data:image resource could have been exfiltrated cross-origin. This issue was addressed through improved canvas taint tracking. CVE-ID CVE-2015-3753 : Antonio Sanso and Damien Antipa of Adobe WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious website can trigger plaintext requests to an origin under HTTP Strict Transport Security Description: An issue existed where Content Security Policy report requests would not honor HTTP Strict Transport Security (HSTS). The issue was addressed by applying HSTS to CSP. CVE-ID CVE-2015-3750 : Muneaki Nishimura (nishimunea) WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious website can make a tap event produce a synthetic click on another page Description: An issue existed in how synthetic clicks are generated from tap events that could cause clicks to target other pages. The issue was addressed through restricted click propagation. Cookies were sent in cross-origin report requests in violation of the standard. Cookies set during regular browsing were sent in private browsing. These issues were addressed through improved cookie handling. CVE-ID CVE-2015-3752 : Muneaki Nishimura (nishimunea) WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Image loading may violate a website's Content Security Policy directive Description: An issue existed where websites with video controls would load images nested in object elements in violation of the website's Content Security Policy directive. This issue was addressed through improved Content Security Policy enforcement. CVE-ID CVE-2015-3751 : Muneaki Nishimura (nishimunea) Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "8.4.1". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIcBAEBCAAGBQJVzM4DAAoJEBcWfLTuOo7tstIQAKxtjly6AG1Hjo34z4nRSei8 AyZLycwG+oCwcL22lsYOnQgVl2cNDJulsFmJzGWRApHNbfiMDqg/MdlyXzJDB8jg PLJJmR8CIqMKDKxAq/zQ1XJxTLt9579KTOpiTvMpT3ac+En0PDGeftTutzepiIz4 2GAkNmUclWaYygLCfNyQhQNWe7LtoGzxEkjJOa+oAFaNHpx4o1LrZrqkp3w1/mSG ZyHsH6U7UR2QowkXj/h1wNLBX82tc4QkH64VTEeHgl6txWTrQhlubdBc1cVfkw1+ NJh6oJ4xEivXhG//yaBaj0UZ+GyqwhtuiIwxG4YYteQUjuuXEze/WFkLblYCRbiP DzFK93xbPD0jETOYbV6+QS12rIJ+CfeMM1ILmMLsKHpeh5O/WB4oGsN3G8UGCju7 Swh1aEzy1krOFN9qqEtkItEUDMahYnF6W9gQE3Uoo8Gx47qZ/s+1rG9z7yyMtN+O Xg8SULkblnUYGUFoiZItYZNDPbalbPKGUQG8Td3R3cl7O01xRtn0odmvy4baSX8+ 7o15etb0ihnNfpRV7eAk7U8w9L1OdCPaTLk9msQR2v9xBMQzmd4ypsIp2A+MY9e2 fOGRuC/o6dGy7v2yT6t5uqbCKrcJQ2lHJI78hVB8A+3+6bqKZ9jpg/gtTy0Qzolp b/jh8IEOuyI7+KrcrD3U =tJVt -----END PGP SIGNATURE-----

WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3. Apple iOS and Apple Safari Used in etc. WebKit is prone to multiple unspecified memory-corruption vulnerabilities. An attacker may exploit these issues by enticing victims into viewing a malicious webpage. Successful exploits may allow attackers to execute arbitrary code in the context of the affected browser or cause denial-of-service conditions; other attacks may also be possible. Apple iOS is an operating system developed for mobile devices; Apple Safari is a web browser that is the default browser included with the Mac OS X and iOS operating systems. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. The following products and versions are affected: Apple iOS prior to 8.4.1, Safari prior to 6.2.8, 7.x prior to 7.1.8, and 8.x prior to 8.0.8. This issue was addressed by updating to the latest version of the Microsoft Visual C++ Redistributable Package. CVE-ID CVE-2015-3753 : Antonio Sanso and Damien Antipa of Adobe WebKit Page Loading Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, and OS X Yosemite v10.10.4 Impact: Cached authentication state may reveal private browsing history Description: An issue existed in caching of HTTP authentication. CVE-ID CVE-2015-3755 : xisigr of Tencent's Xuanwu Lab Safari 8.0.8, Safari 7.1.8, and Safari 6.2.8 may be obtained from the Mac App Store. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2015-08-13-3 iOS 8.4.1 iOS 8.4.1 is now available and addresses the following: AppleFileConduit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A maliciously crafted afc command may allow access to protected parts of the filesystem Description: An issue existed in the symbolic linking mechanism of afc. This issue was addressed by adding additional path checks. CVE-ID CVE-2015-5746 : evad3rs, TaiG Jailbreak Team Air Traffic Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: AirTraffic may have allowed access to protected parts of the filesystem Description: A path traversal issue existed in asset handling. This was addressed with improved validation. CVE-ID CVE-2015-5766 : TaiG Jailbreak Team Backup Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to create symlinks to protected regions of the disk Description: An issue existed within the path validation logic for symlinks. This issue was addressed through improved path sanitization. CVE-ID CVE-2015-5752 : TaiG Jailbreak Team bootp Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious Wi-Fi network may be able to determine networks a device has previously accessed Description: Upon connecting to a Wi-Fi network, iOS may have broadcast MAC addresses of previously accessed networks via the DNAv4 protocol. This issue was addressed through disabling DNAv4 on unencrypted Wi-Fi networks. CVE-ID CVE-2015-3778 : Piers O'Hanlon of Oxford Internet Institute, University of Oxford (on the EPSRC Being There project) Certificate UI Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker with a privileged network position may be able to accept untrusted certificates from the lock screen Description: Under certain circumstances, the device may have presented a certificate trust dialog while in a locked state. This issue was addressed through improved state management. CVE-ID CVE-2015-3756 : Andy Grant of NCC Group CloudKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to access the iCloud user record of a previously signed in user Description: A state inconsistency existed in CloudKit when signing out users. This issue was addressed through improved state handling. CVE-ID CVE-2015-3782 : Deepkanwal Plaha of University of Toronto CFPreferences Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious app may be able to read other apps' managed preferences Description: An issue existed in the third-party app sandbox. This issue was addressed by improving the third-party sandbox profile. CVE-ID CVE-2015-3793 : Andreas Weinlein of the Appthority Mobility Threat Team Code Signing Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute unsigned code Description: An issue existed that allowed unsigned code to be appended to signed code in a specially crafted executable file. This issue was addressed through improved code signature validation. CVE-ID CVE-2015-3806 : TaiG Jailbreak Team Code Signing Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A specially crafted executable file could allow unsigned, malicious code to execute Description: An issue existed in the way multi-architecture executable files were evaluated that could have allowed unsigned code to be executed. This issue was addressed through improved validation of executable files. CVE-ID CVE-2015-3803 : TaiG Jailbreak Team Code Signing Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user may be able to execute unsigned code Description: A validation issue existed in the handling of Mach-O files. This was addressed by adding additional checks. CVE-ID CVE-2015-3802 : TaiG Jailbreak Team CVE-2015-3805 : TaiG Jailbreak Team CoreMedia Playback Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in CoreMedia Playback. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5777 : Apple CVE-2015-5778 : Apple CoreText Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Processing a maliciously crafted font file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation. CVE-ID CVE-2015-5755 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-5761 : John Villamil (@day6reak), Yahoo Pentest Team DiskImages Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Processing a maliciously crafted DMG file may lead to an unexpected application termination or arbitrary code execution with system privileges Description: A memory corruption issue existed in parsing of malformed DMG images. This issue was addressed through improved memory handling. CVE-ID CVE-2015-3800 : Frank Graziano of the Yahoo Pentest Team FontParser Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Processing a maliciously crafted font file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation. CVE-ID CVE-2015-3804 : Apple CVE-2015-5756 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-5775 : Apple ImageIO Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Processing a maliciously crafted .tiff file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the processing of .tiff files. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-5758 : Apple ImageIO Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may result in the disclosure of process memory Description: An uninitialized memory access issue existed in ImageIO's handling of PNG images. Visiting a malicious website may result in sending data from process memory to the website. This issue was addressed through improved memory initialization and additional validation of PNG images. CVE-ID CVE-2015-5781 : Michal Zalewski ImageIO Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may result in the disclosure of process memory Description: An uninitialized memory access issue existed in ImageIO's handling of TIFF images. Visiting a malicious website may result in sending data from process memory to the website. This issue is addressed through improved memory initialization and additional validation of TIFF images. CVE-ID CVE-2015-5782 : Michal Zalewski IOKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Parsing a maliciously crafted plist may lead to an unexpected application termination or arbitrary code execution with system privileges Description: A memory corruption existed in processing of malformed plists. This issue was addressed through improved memory handling. CVE-ID CVE-2015-3776 : Teddy Reed of Facebook Security, Patrick Stein (@jollyjinx) of Jinx Germany IOHIDFamily Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user may be able to execute arbitrary code with system privileges Description: A buffer overflow issue existed in IOHIDFamily. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5774 : TaiG Jailbreak Team Kernel Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to determine kernel memory layout Description: An issue existed in the mach_port_space_info interface, which could have led to the disclosure of kernel memory layout. This was addressed by disabling the mach_port_space_info interface. CVE-ID CVE-2015-3766 : Cererdlong of Alibaba Mobile Security Team, @PanguTeam Kernel Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An integer overflow existed in the handling of IOKit functions. This issue was addressed through improved validation of IOKit API arguments. CVE-ID CVE-2015-3768 : Ilja van Sprundel Libc Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Processing a maliciously crafted regular expression may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the TRE library. This issue was addressed through improved memory handling. CVE-ID CVE-2015-3796 : Ian Beer of Google Project Zero CVE-2015-3797 : Ian Beer of Google Project Zero CVE-2015-3798 : Ian Beer of Google Project Zero Libinfo Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in handling AF_INET6 sockets. This issue was addressed by improved memory handling. CVE-ID CVE-2015-5776 : Apple libpthread Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in handling syscalls. This issue was addressed through improved lock state checking. CVE-ID CVE-2015-5757 : Lufeng Li of Qihoo 360 libxml2 Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Parsing a maliciously crafted XML document may lead to disclosure of user information Description: A memory corruption issue existed in parsing of XML files. This issue was addressed through improved memory handling. CVE-ID CVE-2015-3807 : Michal Zalewski libxml2 Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Multiple vulnerabilities existed in libxml2 versions prior to 2.9.2, the most serious of which may allow a remote attacker to cause a denial of service Description: Multiple vulnerabilities existed in libxml2 versions prior to 2.9.2. These were addressed by updating libxml2 to version 2.9.2. CVE-ID CVE-2012-6685 : Felix Groebert of Google CVE-2014-0191 : Felix Groebert of Google CVE-2014-3660 : Felix Groebert of Google libxpc Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in handling of malformed XPC messages. This issue was improved through improved bounds checking. CVE-ID CVE-2015-3795 : Mathew Rowley Location Framework Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user may be able to modify protected parts of the filesystem Description: A symbolic link issue was addressed through improved path validation. CVE-ID CVE-2015-3759 : Cererdlong of Alibaba Mobile Security Team MobileInstallation Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious enterprise application may be able to replace extensions for other apps Description: An issue existed in the install logic for universal provisioning profile apps, which allowed a collision to occur with existing bundle IDs. This issue was addressed through improved bundle ID validation. CVE-ID CVE-2015-5770 : FireEye MSVDX Driver Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Viewing a malicious video may lead to a unexpected system termination Description: A denial of service issue was addressed through improved memory handling. CVE-ID CVE-2015-5769 : Proteas of Qihoo 360 Nirvan Team Office Viewer Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Parsing a maliciously crafted XML file may lead to disclosure of user information Description: An external entity reference issue existed in XML file parsing. This issue was addressed through improved parsing. CVE-ID CVE-2015-3784 : Bruno Morisson of INTEGRITY S.A. QL Office Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Parsing a maliciously crafted office document may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in parsing of office documents. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5773 : Apple Safari Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a malicious website may lead to user interface spoofing Description: A malicious website could open another site and prompt for user input without a way for the user to tell where the prompt originated. The issue was addressed by displaying the prompt's origin to the user. CVE-ID CVE-2015-3729 : Code Audit Labs of VulnHunt.com Safari Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious website may trigger an infinite number of alert messages Description: An issue existed where a malicious or hacked website could show infinite alert messages and make users believe their browser was locked. The issue was addressed through throttling of JavaScript alerts. CVE-ID CVE-2015-3763 Sandbox_profiles Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An malicious app may be able to read other apps' managed preferences Description: An issue existed in the third-party app sandbox. This issue was addressed by improving the third-party sandbox profile. CVE-ID CVE-2015-5749 : Andreas Weinlein of the Appthority Mobility Threat Team UIKit WebView Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to initiate FaceTime calls without user authorization Description: An issue existed in the parsing of FaceTime URLs within WebViews. This issue was addressed through improved URL validation. CVE-ID CVE-2015-3758 : Brian Simmons of Salesforce, Guillaume Ross WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. This issue was addressed through improved URL handling. CVE-ID CVE-2015-3755 : xisigr of Tencent's Xuanwu Lab WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious website may exfiltrate image data cross-origin Description: Images fetched through URLs that redirected to a data:image resource could have been exfiltrated cross-origin. This issue was addressed through improved canvas taint tracking. CVE-ID CVE-2015-3753 : Antonio Sanso and Damien Antipa of Adobe WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious website can trigger plaintext requests to an origin under HTTP Strict Transport Security Description: An issue existed where Content Security Policy report requests would not honor HTTP Strict Transport Security (HSTS). The issue was addressed by applying HSTS to CSP. CVE-ID CVE-2015-3750 : Muneaki Nishimura (nishimunea) WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious website can make a tap event produce a synthetic click on another page Description: An issue existed in how synthetic clicks are generated from tap events that could cause clicks to target other pages. The issue was addressed through restricted click propagation. CVE-ID CVE-2015-5759 : Phillip Moon and Matt Weston of Sandfield WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Content Security Policy report requests may leak cookies Description: Two issues existed in how cookies were added to Content Security Policy report requests. Cookies were sent in cross-origin report requests in violation of the standard. Cookies set during regular browsing were sent in private browsing. These issues were addressed through improved cookie handling. CVE-ID CVE-2015-3752 : Muneaki Nishimura (nishimunea) WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Image loading may violate a website's Content Security Policy directive Description: An issue existed where websites with video controls would load images nested in object elements in violation of the website's Content Security Policy directive. This issue was addressed through improved Content Security Policy enforcement. CVE-ID CVE-2015-3751 : Muneaki Nishimura (nishimunea) Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "8.4.1". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIcBAEBCAAGBQJVzM4DAAoJEBcWfLTuOo7tstIQAKxtjly6AG1Hjo34z4nRSei8 AyZLycwG+oCwcL22lsYOnQgVl2cNDJulsFmJzGWRApHNbfiMDqg/MdlyXzJDB8jg PLJJmR8CIqMKDKxAq/zQ1XJxTLt9579KTOpiTvMpT3ac+En0PDGeftTutzepiIz4 2GAkNmUclWaYygLCfNyQhQNWe7LtoGzxEkjJOa+oAFaNHpx4o1LrZrqkp3w1/mSG ZyHsH6U7UR2QowkXj/h1wNLBX82tc4QkH64VTEeHgl6txWTrQhlubdBc1cVfkw1+ NJh6oJ4xEivXhG//yaBaj0UZ+GyqwhtuiIwxG4YYteQUjuuXEze/WFkLblYCRbiP DzFK93xbPD0jETOYbV6+QS12rIJ+CfeMM1ILmMLsKHpeh5O/WB4oGsN3G8UGCju7 Swh1aEzy1krOFN9qqEtkItEUDMahYnF6W9gQE3Uoo8Gx47qZ/s+1rG9z7yyMtN+O Xg8SULkblnUYGUFoiZItYZNDPbalbPKGUQG8Td3R3cl7O01xRtn0odmvy4baSX8+ 7o15etb0ihnNfpRV7eAk7U8w9L1OdCPaTLk9msQR2v9xBMQzmd4ypsIp2A+MY9e2 fOGRuC/o6dGy7v2yT6t5uqbCKrcJQ2lHJI78hVB8A+3+6bqKZ9jpg/gtTy0Qzolp b/jh8IEOuyI7+KrcrD3U =tJVt -----END PGP SIGNATURE-----

The SMB client in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors. Apple Mac OS X is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code with system privileges, gain admin privileges, bypass security restrictions, cause denial-of-service conditions, obtain sensitive information, and perform other attacks. Note: The issue described by CVE-2015-3778 has been removed. The issue is discussed in BID 83590 (Apple Mac OS X and iOS CVE-2015-3778 Information Disclosure Vulnerability). These issues affect OS X prior to 10.10.5. SMB client is one of the client program components that can access SMB/CIFS server

Remote file inclusion allows an attacker to craft a specific URL referencing the Schneider Electric Modicon BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, or BMXP342030H PLC web server, which, when launched, will result in the browser redirecting to a remote file via a Java script loaded with the web page. plural Schneider Electric Modicon The product contains an input validation vulnerability.Information may be obtained and information may be altered. Modicon PLC is a programmable controller product for the dam, energy, food agriculture and other industries. Schneider Electric Modicon M340 PLC is a medium-sized PLC platform for industrial processes and architectures. There are several security holes in the Modicon M340 PLC Station P34 module. Exploitation of these vulnerabilities could allow remote attackers to obtain sensitive information or execute arbitrary code on a web server, bypass authentication mechanisms, and access vulnerable devices

Ruijie Networks is the leading brand of network solutions in China. As a national enterprise, Ruijie Networks adheres to the path of independent research and development, and has opened up a unique avenue for innovation in the highly competitive network equipment market. Manufacturers represented by Ruijie Networks not only strive for lower network construction and network costs for Chinese users, but also effectively ensure network security and controllability. Ruijie Networks RG-NBR series gateway has an authorization bypass vulnerability. Allows attackers to exploit this vulnerability to read arbitrary files.

KACO New Energy XP100U Up to XP-JAVA 2.0 is affected by incorrect access control. Credentials will always be returned in plain-text from the local server during the KACO XP100U authentication process, regardless of whatever passwords have been provided, which leads to an information disclosure vulnerability. KAKO HMI is a Human Machine Interface (HMI). A security bypass vulnerability exists in KAKO HMI. An attacker could use this vulnerability to bypass the authentication mechanism and gain access to the affected device. KAKO HMI Is a Scada HMI

Cisco NX-OS on Nexus 9000 devices 11.1(1c) allows remote authenticated users to cause a denial of service (device hang) via large files that are copied to a device's filesystem, aka Bug ID CSCuu77225. Cisco Nexus is a data center-class switch from Cisco. Cisco Nexus 9000 Series Software is prone to a denial-of-service vulnerability An attacker can exploit this issue to cause a denial-of-service condition, denying service to legitimate users. This issue is being tracked by Cisco bug ID CSCuu77225. The vulnerability is caused by the program not correctly handling large files in the /tmp directory

Moxa ioLogik E2200 devices before 3.12 and ioAdmin Configuration Utility before 3.18 do not properly encrypt credentials, which makes it easier for remote attackers to obtain the associated cleartext via unspecified vectors. Moxa's ioLogik E2200 and ioAdmin Configuration Utility are products of Moxa. The former is an Ethernet RTU (Remote Terminal Control System) controller, which is a set of software for managing and configuring the ioLogik E2200. A security vulnerability exists in Moxa's ioLogik E2200 version prior to 3.12 and in versions prior to ioAdmin Configuration Utility 3.18. The vulnerability stems from the program failing to encrypt the certificate. A remote attacker can exploit this vulnerability to obtain relevant plaintext data. Moxa ioLogik E2210 is a smart Ethernet I / O product from Moxa. There is a security vulnerability in Moxa ioLogik E2210. Attackers can use this vulnerability to obtain sensitive information and unauthorized access rights, implement replay attacks, and perform unauthorized operations. This may aid in further attacks

Moxa ioLogik E2200 devices before 3.12 and ioAdmin Configuration Utility before 3.18 do not properly encrypt data, which makes it easier for remote attackers to obtain the associated cleartext via unspecified vectors. Moxa's ioLogik E2200 and ioAdmin Configuration Utility are products of Moxa. The former is an Ethernet RTU (Remote Terminal Control System) controller, which is a set of software for managing and configuring the ioLogik E2200. A security vulnerability exists in Moxa's ioLogik E2200 version prior to 3.12 and earlier versions of ioAdmin Configuration Utility 3.18. The vulnerability stems from a program failing to encrypt data. Moxa ioLogik E2210 is a smart Ethernet I / O product from Moxa. There is a security vulnerability in Moxa ioLogik E2210. Attackers can use this vulnerability to obtain sensitive information and unauthorized access rights, implement replay attacks, and perform unauthorized operations. This may aid in further attacks

Cisco TelePresence Video Communication Server (VCS) X8.5.2 allows remote authenticated users to execute arbitrary commands in the context of the nobody user account via an unspecified web-page parameter, aka Bug ID CSCuv12333. Successfully exploiting this issue may allow an attacker to execute arbitrary commands in the context of the affected device. This issue is being tracked by Cisco Bug ID CSCuv12333

The Unicast Reverse Path Forwarding (uRPF) implementation in Cisco Adaptive Security Appliance (ASA) Software 9.3(1.50), 9.3(2.100), 9.3(3), and 9.4(1) mishandles cases where an IP address belongs to an internal interface but is also in the ASA routing table, which allows remote attackers to bypass uRPF validation via spoofed packets, aka Bug ID CSCuv60724. Vendors have confirmed this vulnerability Bug ID CSCuv60724 It is released as.Via a forged packet by a third party, uRPF May be bypassed. Cisco Adaptive Security Appliance Software is prone to a remote security-bypass vulnerability. An attacker can exploit this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. This issue is tracked by Cisco Bug ID CSCuv60724. The appliance also includes IPS (Intrusion Prevention System), SSL VPN, IPSec VPN, anti-spam, and more. The vulnerability comes from the fact that the program does not perform uRPF authentication correctly. The following releases are affected: Cisco ASA Release 9.3(1.50), Release 9.3(2.100), Release 9.3(3), Release 9.4(1)

The System Snapshot feature in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.1 allows remote authenticated users to obtain sensitive password-hash information by reading the snapshot file, aka Bug ID CSCuv40422. An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. This issue is being tracked by Cisco BugId CSCuv40422. A remote attacker could exploit this vulnerability by downloading a snapshot file to crack password hashes

Nexus Data Broker (NDB) on Cisco Nexus 3000 devices with software 6.0(2)A6(1) allows remote attackers to cause a denial of service (Java process restart) via crafted connections to the Java application, aka Bug ID CSCut87006. The Cisco Nexus 3000 Series is a switch product developed by Cisco. This issue is being tracked by Cisco bug ID CSCut87006

Open redirect vulnerability in Cisco WebEx Node for Media Convergence Server (MCS) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via crafted HTTP request parameters, aka Bug ID CSCuv32136. Vendors have confirmed this vulnerability Bug ID CSCuv32136 It is released as. Supplementary information : CWE Vulnerability type by CWE-601: URL Redirection to Untrusted Site ( Open redirect ) Has been identified. An attacker can leverage this issue to conduct phishing attacks; other attacks are possible. Cisco WebEx Node for MCS is a set of integrated audio, video and Web conferencing software from Cisco

The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c. OpenSSH (OpenBSD Secure Shell) is a set of connection tools maintained by the OpenBSD project group for secure access to remote computers. This tool is an open source implementation of the SSH protocol, which supports encryption of all transmissions and can effectively prevent eavesdropping, connection hijacking, and other network-level attacks. A remote code execution vulnerability exists in OpenSSH. An attacker could use this vulnerability to execute arbitrary code in the context of an affected application and may cause a denial of service. Failed exploit attempts may result in denial-of-service conditions. There is a security vulnerability in the monitor component in the sshd of OpenSSH 6.9 and earlier versions based on non-OpenBSD platforms. The vulnerability is caused by the program incorrectly receiving the external username data in the MONITOR_REQ_PAM_INIT_CTX request. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2015-10-21-4 OS X El Capitan 10.11.1 and Security Update 2015-007 OS X El Capitan 10.11.1 and Security Update 2015-007 are now available and address the following: Accelerate Framework Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan 10.11 Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: A memory corruption issue existed in the Accelerate Framework in multi-threading mode. This issue was addressed through improved accessor element validation and improved object locking. CVE-ID CVE-2015-5940 : Apple apache_mod_php Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan 10.11 Impact: Multiple vulnerabilities in PHP Description: Multiple vulnerabilities existed in PHP versions prior to 5.5.29 and 5.4.45. These were addressed by updating PHP to versions 5.5.29 and 5.4.45. CVE-ID CVE-2015-0235 CVE-2015-0273 CVE-2015-6834 CVE-2015-6835 CVE-2015-6836 CVE-2015-6837 CVE-2015-6838 ATS Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan 10.11 Impact: Visiting a maliciously crafted webpage may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in ATS. This issue was addressed through improved memory handling. CVE-ID CVE-2015-6985 : John Villamil (@day6reak), Yahoo Pentest Team Audio Available for: OS X El Capitan 10.11 Impact: A malicious application may be able to execute arbitrary code Description: An uninitialized memory issue existed in coreaudiod. This issue was addressed through improved memory initialization. CVE-ID CVE-2015-7003 : Mark Brand of Google Project Zero Audio Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan 10.11 Impact: Playing a malicious audio file may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the handling of audio files. These issues were addressed through improved memory handling. CVE-ID CVE-2015-5933 : Apple CVE-2015-5934 : Apple Bom Available for: OS X El Capitan 10.11 Impact: Unpacking a maliciously crafted archive may lead to arbitrary code execution Description: A file traversal vulnerability existed in the handling of CPIO archives. This issue was addressed through improved validation of metadata. CVE-ID CVE-2015-7006 : Mark Dowd of Azimuth Security CFNetwork Available for: OS X El Capitan 10.11 Impact: Visiting a maliciously crafted website may lead to cookies being overwritten Description: A parsing issue existed when handling cookies with different letter casing. This issue was addressed through improved parsing. CVE-ID CVE-2015-7023 : Marvin Scholz; Xiaofeng Zheng and Jinjin Liang of Tsinghua University, Jian Jiang of University of California, Berkeley, Haixin Duan of Tsinghua University and International Computer Science Institute, Shuo Chen of Microsoft Research Redmond, Tao Wan of Huawei Canada, Nicholas Weaver of International Computer Science Institute and University of California, Berkeley, coordinated via CERT/CC configd Available for: OS X El Capitan 10.11 Impact: A malicious application may be able to elevate privileges Description: A heap based buffer overflow issue existed in the DNS client library. CVE-ID CVE-2015-7015 : PanguTeam CoreGraphics Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan 10.11 Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: Multiple memory corruption issues existed in CoreGraphics. These issues were addressed through improved memory handling. CVE-ID CVE-2015-5925 : Apple CVE-2015-5926 : Apple CoreText Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan 10.11 Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the handling of font files. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-6992 : John Villamil (@day6reak), Yahoo Pentest Team CoreText Available for: OS X Yosemite v10.10.5 and OS X El Capitan 10.11 Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the handling of font files. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-6975 : John Villamil (@day6reak), Yahoo Pentest Team CoreText Available for: OS X El Capitan 10.11 Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the handling of font files. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-7017 : John Villamil (@day6reak), Yahoo Pentest Team CoreText Available for: OS X Mavericks v10.9.5 and OS X Yosemite v10.10.5 Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the handling of font files. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-5944 : John Villamil (@day6reak), Yahoo Pentest Team Disk Images Available for: OS X El Capitan 10.11 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in the parsing of disk images. This issue was addressed through improved memory handling. CVE-ID CVE-2015-6995 : Ian Beer of Google Project Zero EFI Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan 10.11 Impact: An attacker can exercise unused EFI functions Description: An issue existed with EFI argument handling. This was addressed by removing the affected functions. CVE-ID CVE-2015-7035 : Corey Kallenberg, Xeno Kovah, John Butterworth, and Sam Cornwell of The MITRE Corporation, coordinated via CERT/CC File Bookmark Available for: OS X El Capitan 10.11 Impact: Browsing to a folder with malformed bookmarks may cause unexpected application termination Description: An input validation issue existed in parsing bookmark metadata. This issue was addressed through improved validation checks. CVE-ID CVE-2015-6987 : Luca Todesco (@qwertyoruiop) FontParser Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan 10.11 Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the handling of font files. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-5927 : Apple CVE-2015-5942 CVE-2015-6976 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-6977 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-6978 : Jaanus Kp, Clarified Security, working with HP's Zero Day Initiative CVE-2015-6991 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-6993 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-7009 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-7010 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-7018 : John Villamil (@day6reak), Yahoo Pentest Team FontParser Available for: OS X El Capitan 10.11 Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the handling of font files. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-6990 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-7008 : John Villamil (@day6reak), Yahoo Pentest Team Grand Central Dispatch Available for: OS X Yosemite v10.10.5 and OS X El Capitan 10.11 Impact: Processing a maliciously crafted package may lead to arbitrary code execution Description: A memory corruption issue existed in the handling of dispatch calls. This issue was addressed through improved memory handling. CVE-ID CVE-2015-6989 : Apple Graphics Drivers Available for: OS X El Capitan 10.11 Impact: A local user may be able to cause unexpected system termination or read kernel memory Description: Multiple out of bounds read issues existed in the NVIDIA graphics driver. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-7019 : Ian Beer of Google Project Zero CVE-2015-7020 : Moony Li of Trend Micro Graphics Drivers Available for: OS X El Capitan 10.11 Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2015-7021 : Moony Li of Trend Micro ImageIO Available for: OS X Mavericks v10.9.5 and OS X Yosemite v10.10.5 Impact: Processing a maliciously crafted image file may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the parsing of image metadata. These issues were addressed through improved metadata validation. CVE-ID CVE-2015-5935 : Apple CVE-2015-5938 : Apple ImageIO Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan 10.11 Impact: Processing a maliciously crafted image file may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the parsing of image metadata. These issues were addressed through improved metadata validation. CVE-ID CVE-2015-5936 : Apple CVE-2015-5937 : Apple CVE-2015-5939 : Apple IOAcceleratorFamily Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan 10.11 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in IOAcceleratorFamily. This issue was addressed through improved memory handling. CVE-ID CVE-2015-6996 : Ian Beer of Google Project Zero IOHIDFamily Available for: OS X El Capitan 10.11 Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2015-6974 : Luca Todesco (@qwertyoruiop) Kernel Available for: OS X Yosemite v10.10.5 Impact: A local user may be able to execute arbitrary code with system privileges Description: A type confusion issue existed in the validation of Mach tasks. This issue was addressed through improved Mach task validation. CVE-ID CVE-2015-5932 : Luca Todesco (@qwertyoruiop), Filippo Bigarella Kernel Available for: OS X El Capitan 10.11 Impact: An attacker with a privileged network position may be able to execute arbitrary code Description: An uninitialized memory issue existed in the kernel. This issue was addressed through improved memory initialization. CVE-ID CVE-2015-6988 : The Brainy Code Scanner (m00nbsd) Kernel Available for: OS X El Capitan 10.11 Impact: A local application may be able to cause a denial of service Description: An issue existed when reusing virtual memory. This issue was addressed through improved validation. CVE-ID CVE-2015-6994 : Mark Mentovai of Google Inc. libarchive Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan 10.11 Impact: A malicious application may be able to overwrite arbitrary files Description: An issue existed within the path validation logic for symlinks. This issue was addressed through improved path sanitization. CVE-ID CVE-2015-6984 : Christopher Crone of Infinit, Jonathan Schleifer MCX Application Restrictions Available for: OS X Yosemite v10.10.5 and OS X El Capitan 10.11 Impact: A developer-signed executable may acquire restricted entitlements Description: An entitlement validation issue existed in Managed Configuration. A developer-signed app could bypass restrictions on use of restricted entitlements and elevate privileges. This issue was addressed through improved provisioning profile validation. CVE-ID CVE-2015-7016 : Apple Net-SNMP Available for: OS X El Capitan 10.11 Impact: An attacker in a privileged network position may be able to cause a denial of service Description: Multiple issues existed in netsnmp version 5.6. These issues were addressed by using patches affecting OS X from upstream. CVE-ID CVE-2012-6151 CVE-2014-3565 OpenGL Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan 10.11 Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: A memory corruption issue existed in OpenGL. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5924 : Apple OpenSSH Available for: OS X El Capitan 10.11 Impact: A local user may be able to conduct impersonation attacks Description: A privilege separation issue existed in PAM support. This issue was addressed with improved authorization checks. CVE-ID CVE-2015-6563 : Moritz Jodeit of Blue Frost Security GmbH Sandbox Available for: OS X El Capitan 10.11 Impact: A local user may be able to execute arbitrary code with kernel privileges Description: An input validation issue existed when handling NVRAM parameters. This issue was addressed through improved validation. CVE-ID CVE-2015-5945 : Rich Trouton (@rtrouton), Howard Hughes Medical Institute, Apple Script Editor Available for: OS X El Capitan 10.11 Impact: An attacker may trick a user into running arbitrary AppleScript Description: In some circumstances, Script Editor did not ask for user confirmation before executing AppleScripts. This issue was addressed by prompting for user confirmation before executing AppleScripts. CVE-ID CVE-2015-7007 : Joe Vennix of Rapid7 Security Available for: OS X El Capitan 10.11 Impact: A malicious application may be able to overwrite arbitrary files Description: A double free issue existed in the handling of AtomicBufferedFile descriptors. This issue was addressed through improved validation of AtomicBufferedFile descriptors. CVE-ID CVE-2015-6983 : David Benjamin, Greg Kerr, Mark Mentovai and Sergey Ulanov from the Chrome Team SecurityAgent Available for: OS X El Capitan 10.11 Impact: A malicious application can programmatically control keychain access prompts Description: A method existed for applications to create synthetic clicks on keychain prompts. This was addressed by disabling synthetic clicks for keychain access windows. CVE-ID CVE-2015-5943 Installation note: OS X El Capitan v10.11.1 includes the security content of Safari 9.0.1: https://support.apple.com/kb/HT205377 OS X El Capitan 10.11.1 and Security Update 2015-007 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJWJuKsAAoJEBcWfLTuOo7t8e0P/igVHKDXeLNib2eEzbS2BMVV Ee968BgEDw1xnHK8zzh3bbRNxxAUT9lwe8RuSYECfp8sUYySb51/VIWpmidewsqB az7mJ4Gohldppejc5tykHDoTYesQL7iySLn74PdxZfZXbtz2EGJK19cA6hIHcO5x ZiMCbJzTaAOylKRQRRi3kMdNWEzxbtm90247vNx/zMSjs1bhGlQbJsCVDmX/Q9uH Xja9aPCHDfaQueTw5idbXwT+Y/+I9ytBlL5JXVrjRUDYCtuewC4DNsQxZY0qcDyE A7/0G7iYW5vOECNhpoLA0+1MbdHxJXhwJtmIKX8zucYqe/Vr4j41oGey/HJW55ER USJ2RBpMtGhDEolyvxz7FlSPYOIpp05mwMB0GWQWAmkWDAxnagkQm9xwKBMt4eq4 CNdI0YaX0iPPWYIkI3HpZHdzuwbE5b053cw1hLKc0OVQBiqLUQxe3W5s64ZqTSe0 whlm9lt/9EUwyfXHEiXTYi/d+CF8+JthY4ieXRJ4mwz77udafmgA5Pbl71SqB8pE 7TBByuCOFdou6JmdJPahLDxoGRA+i7Z+a8Myn4WtbemkjrO9iZ/VsdAdl/Db+7cz rEgSPjelEC5z5WxQspiuohxU1NkDnMgWm2Tnx+pFBOfZMheE4xnTfve3vqY+gQdN 4GbuRXld4PbxeDdel0Nk =snJ4 -----END PGP SIGNATURE----- . 6) - i386, x86_64 3. Security Fix(es): * It was found that the OpenSSH client did not properly enforce the ForwardX11Timeout setting. A malicious or compromised remote X application could possibly use this flaw to establish a trusted connection to the local X server, even if only untrusted X11 forwarding was requested. (CVE-2015-6564) * An access flaw was discovered in OpenSSH; the OpenSSH client did not correctly handle failures to generate authentication cookies for untrusted X11 forwarding. A malicious or compromised remote X application could possibly use this flaw to establish a trusted connection to the local X server, even if only untrusted X11 forwarding was requested. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: openssh security, bug fix, and enhancement update Advisory ID: RHSA-2015:2088-06 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-2088.html Issue date: 2015-11-19 CVE Names: CVE-2015-5600 CVE-2015-6563 CVE-2015-6564 ===================================================================== 1. Summary: Updated openssh packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: OpenSSH is OpenBSD's SSH (Secure Shell) protocol implementation. These packages include the core files necessary for both the OpenSSH client and server. A flaw was found in the way OpenSSH handled PAM authentication when using privilege separation. An attacker with valid credentials on the system and able to fully compromise a non-privileged pre-authentication process using a different flaw could use this flaw to authenticate as other users. (CVE-2015-6563) A use-after-free flaw was found in OpenSSH. (CVE-2015-6564) It was discovered that the OpenSSH sshd daemon did not check the list of keyboard-interactive authentication methods for duplicates. A remote attacker could use this flaw to bypass the MaxAuthTries limit, making it easier to perform password guessing attacks. (CVE-2015-5600) It was found that the OpenSSH ssh-agent, a program to hold private keys used for public key authentication, was vulnerable to password guessing attacks. An attacker able to connect to the agent could use this flaw to conduct a brute-force attack to unlock keys in the ssh-agent. (BZ#1238238) This update fixes the following bugs: * Previously, the sshd_config(5) man page was misleading and could thus confuse the user. This update improves the man page text to clearly describe the AllowGroups feature. (BZ#1150007) * The limit for the function for restricting the number of files listed using the wildcard character (*) that prevents the Denial of Service (DoS) for both server and client was previously set too low. Consequently, the user reaching the limit was prevented from listing a directory with a large number of files over Secure File Transfer Protocol (SFTP). This update increases the aforementioned limit, thus fixing this bug. (BZ#1160377) * When the ForceCommand option with a pseudoterminal was used and the MaxSession option was set to "2", multiplexed SSH connections did not work as expected. After the user attempted to open a second multiplexed connection, the attempt failed if the first connection was still open. This update modifies OpenSSH to issue only one audit message per session, and the user is thus able to open two multiplexed connections in this situation. (BZ#1199112) * The ssh-copy-id utility failed if the account on the remote server did not use an sh-like shell. Remote commands have been modified to run in an sh-like shell, and ssh-copy-id now works also with non-sh-like shells. (BZ#1201758) * Due to a race condition between auditing messages and answers when using ControlMaster multiplexing, one session in the shared connection randomly and unexpectedly exited the connection. This update fixes the race condition in the auditing code, and multiplexing connections now work as expected even with a number of sessions created at once. (BZ#1240613) In addition, this update adds the following enhancements: * As not all Lightweight Directory Access Protocol (LDAP) servers possess a default schema, as expected by the ssh-ldap-helper program, this update provides the user with an ability to adjust the LDAP query to get public keys from servers with a different schema, while the default functionality stays untouched. (BZ#1201753) * With this enhancement update, the administrator is able to set permissions for files uploaded using Secure File Transfer Protocol (SFTP). (BZ#1197989) * This update provides the LDAP schema in LDAP Data Interchange Format (LDIF) format as a complement to the old schema previously accepted by OpenLDAP. (BZ#1184938) * With this update, the user can selectively disable the Generic Security Services API (GSSAPI) key exchange algorithms as any normal key exchange. (BZ#1253062) Users of openssh are advised to upgrade to these updated packages, which correct these issues and add these enhancements. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1125110 - pam_namespace usage is not consistent across system-wide PAM configuration 1160377 - sftp is failing using wildcards and many files 1178116 - Default selinux policy prevents ssh-ldap-helper from connecting to LDAP server 1181591 - No Documentation= line in the sshd.service file 1184938 - Provide LDIF version of LPK schema 1187597 - sshd -T does not show all (default) options, inconsistency 1197666 - ssh client using HostbasedAuthentication aborts in FIPS mode 1197989 - RFE: option to let openssh/sftp force the exact permissions on newly uploaded files 1238238 - openssh: weakness of agent locking (ssh-add -x) to password guessing 1245969 - CVE-2015-5600 openssh: MaxAuthTries limit bypass via duplicates in KbdInteractiveDevices 1252844 - CVE-2015-6563 openssh: Privilege separation weakness related to PAM support 1252852 - CVE-2015-6564 openssh: Use-after-free bug related to PAM support 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: openssh-6.6.1p1-22.el7.src.rpm x86_64: openssh-6.6.1p1-22.el7.x86_64.rpm openssh-askpass-6.6.1p1-22.el7.x86_64.rpm openssh-clients-6.6.1p1-22.el7.x86_64.rpm openssh-debuginfo-6.6.1p1-22.el7.x86_64.rpm openssh-keycat-6.6.1p1-22.el7.x86_64.rpm openssh-server-6.6.1p1-22.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: openssh-debuginfo-6.6.1p1-22.el7.i686.rpm openssh-debuginfo-6.6.1p1-22.el7.x86_64.rpm openssh-ldap-6.6.1p1-22.el7.x86_64.rpm openssh-server-sysvinit-6.6.1p1-22.el7.x86_64.rpm pam_ssh_agent_auth-0.9.3-9.22.el7.i686.rpm pam_ssh_agent_auth-0.9.3-9.22.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: openssh-6.6.1p1-22.el7.src.rpm x86_64: openssh-6.6.1p1-22.el7.x86_64.rpm openssh-clients-6.6.1p1-22.el7.x86_64.rpm openssh-debuginfo-6.6.1p1-22.el7.x86_64.rpm openssh-keycat-6.6.1p1-22.el7.x86_64.rpm openssh-server-6.6.1p1-22.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: openssh-askpass-6.6.1p1-22.el7.x86_64.rpm openssh-debuginfo-6.6.1p1-22.el7.i686.rpm openssh-debuginfo-6.6.1p1-22.el7.x86_64.rpm openssh-ldap-6.6.1p1-22.el7.x86_64.rpm openssh-server-sysvinit-6.6.1p1-22.el7.x86_64.rpm pam_ssh_agent_auth-0.9.3-9.22.el7.i686.rpm pam_ssh_agent_auth-0.9.3-9.22.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: openssh-6.6.1p1-22.el7.src.rpm aarch64: openssh-6.6.1p1-22.el7.aarch64.rpm openssh-clients-6.6.1p1-22.el7.aarch64.rpm openssh-debuginfo-6.6.1p1-22.el7.aarch64.rpm openssh-keycat-6.6.1p1-22.el7.aarch64.rpm openssh-server-6.6.1p1-22.el7.aarch64.rpm ppc64: openssh-6.6.1p1-22.el7.ppc64.rpm openssh-askpass-6.6.1p1-22.el7.ppc64.rpm openssh-clients-6.6.1p1-22.el7.ppc64.rpm openssh-debuginfo-6.6.1p1-22.el7.ppc64.rpm openssh-keycat-6.6.1p1-22.el7.ppc64.rpm openssh-server-6.6.1p1-22.el7.ppc64.rpm ppc64le: openssh-6.6.1p1-22.el7.ppc64le.rpm openssh-askpass-6.6.1p1-22.el7.ppc64le.rpm openssh-clients-6.6.1p1-22.el7.ppc64le.rpm openssh-debuginfo-6.6.1p1-22.el7.ppc64le.rpm openssh-keycat-6.6.1p1-22.el7.ppc64le.rpm openssh-server-6.6.1p1-22.el7.ppc64le.rpm s390x: openssh-6.6.1p1-22.el7.s390x.rpm openssh-askpass-6.6.1p1-22.el7.s390x.rpm openssh-clients-6.6.1p1-22.el7.s390x.rpm openssh-debuginfo-6.6.1p1-22.el7.s390x.rpm openssh-keycat-6.6.1p1-22.el7.s390x.rpm openssh-server-6.6.1p1-22.el7.s390x.rpm x86_64: openssh-6.6.1p1-22.el7.x86_64.rpm openssh-askpass-6.6.1p1-22.el7.x86_64.rpm openssh-clients-6.6.1p1-22.el7.x86_64.rpm openssh-debuginfo-6.6.1p1-22.el7.x86_64.rpm openssh-keycat-6.6.1p1-22.el7.x86_64.rpm openssh-server-6.6.1p1-22.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): aarch64: openssh-askpass-6.6.1p1-22.el7.aarch64.rpm openssh-debuginfo-6.6.1p1-22.el7.aarch64.rpm openssh-ldap-6.6.1p1-22.el7.aarch64.rpm openssh-server-sysvinit-6.6.1p1-22.el7.aarch64.rpm pam_ssh_agent_auth-0.9.3-9.22.el7.aarch64.rpm ppc64: openssh-debuginfo-6.6.1p1-22.el7.ppc.rpm openssh-debuginfo-6.6.1p1-22.el7.ppc64.rpm openssh-ldap-6.6.1p1-22.el7.ppc64.rpm openssh-server-sysvinit-6.6.1p1-22.el7.ppc64.rpm pam_ssh_agent_auth-0.9.3-9.22.el7.ppc.rpm pam_ssh_agent_auth-0.9.3-9.22.el7.ppc64.rpm ppc64le: openssh-debuginfo-6.6.1p1-22.el7.ppc64le.rpm openssh-ldap-6.6.1p1-22.el7.ppc64le.rpm openssh-server-sysvinit-6.6.1p1-22.el7.ppc64le.rpm pam_ssh_agent_auth-0.9.3-9.22.el7.ppc64le.rpm s390x: openssh-debuginfo-6.6.1p1-22.el7.s390.rpm openssh-debuginfo-6.6.1p1-22.el7.s390x.rpm openssh-ldap-6.6.1p1-22.el7.s390x.rpm openssh-server-sysvinit-6.6.1p1-22.el7.s390x.rpm pam_ssh_agent_auth-0.9.3-9.22.el7.s390.rpm pam_ssh_agent_auth-0.9.3-9.22.el7.s390x.rpm x86_64: openssh-debuginfo-6.6.1p1-22.el7.i686.rpm openssh-debuginfo-6.6.1p1-22.el7.x86_64.rpm openssh-ldap-6.6.1p1-22.el7.x86_64.rpm openssh-server-sysvinit-6.6.1p1-22.el7.x86_64.rpm pam_ssh_agent_auth-0.9.3-9.22.el7.i686.rpm pam_ssh_agent_auth-0.9.3-9.22.el7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: openssh-6.6.1p1-22.el7.src.rpm x86_64: openssh-6.6.1p1-22.el7.x86_64.rpm openssh-askpass-6.6.1p1-22.el7.x86_64.rpm openssh-clients-6.6.1p1-22.el7.x86_64.rpm openssh-debuginfo-6.6.1p1-22.el7.x86_64.rpm openssh-keycat-6.6.1p1-22.el7.x86_64.rpm openssh-server-6.6.1p1-22.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: openssh-debuginfo-6.6.1p1-22.el7.i686.rpm openssh-debuginfo-6.6.1p1-22.el7.x86_64.rpm openssh-ldap-6.6.1p1-22.el7.x86_64.rpm openssh-server-sysvinit-6.6.1p1-22.el7.x86_64.rpm pam_ssh_agent_auth-0.9.3-9.22.el7.i686.rpm pam_ssh_agent_auth-0.9.3-9.22.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-5600 https://access.redhat.com/security/cve/CVE-2015-6563 https://access.redhat.com/security/cve/CVE-2015-6564 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFWTj/BXlSAg2UNWIIRAgIEAJ4+Nlu4NsYtiDloNVrVn2F/vT/9kACdEHqE h3XwDOy3+OSs/h1DEpVBtV0= =x/s+ -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201512-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: OpenSSH: Multiple vulnerabilities Date: December 20, 2015 Bugs: #553724, #555518, #557340 ID: 201512-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in OpenSSH, the worst of which could lead to arbitrary code execution, or cause a Denial of Service condition. Please review the CVE identifiers referenced below for details. Impact ====== Workaround ========== There is no known workaround at this time. Resolution ========== All OpenSSH users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/openssh-6.9_p1-r2" References ========== [ 1 ] CVE-2015-5352 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5352 [ 2 ] CVE-2015-5600 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5600 [ 3 ] CVE-2015-6563 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6563 [ 4 ] CVE-2015-6564 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6564 [ 5 ] CVE-2015-6565 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6565 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201512-04 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2015 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none. GE Healthcare Centricity PACS Workstation is a US-based image archiving and transmission system workstation for the medical industry. GE Healthcare Centricity PACS Workstation includes built-in accounts. Administrator users use the 'CANal1' password; IIS users use the 'iis' password, which allows remote attackers to use these accounts to control the device