VARIoT IoT vulnerabilities database
| VAR-201501-0265 | CVE-2014-8828 | Apple OS X In the sandbox sandbox-profile Vulnerability written to cache |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
Sandbox in Apple OS X before 10.10 allows attackers to write to the sandbox-profile cache via a sandboxed app that includes a com.apple.sandbox segment in a path. Apple Mac OS X is prone to multiple security vulnerabilities.
The update addresses new vulnerabilities that affect Bluetooth, CPU Software, CommerceKit Framework, CoreGraphics, CoreSymbolication, Intel Graphics Driver, IOHIDFamily, IOUSBFamily, Kernel, LaunchServices, LoginWindow, Sandbox, SceneKit, security, security_taskgate, Spotlight, SpotlightIndex, sysmond, and UserAccountUpdater components.
Attackers can exploit these issues to execute arbitrary code, gain unauthorized access, bypass security restrictions, disclose sensitive information and perform other attacks. Failed attacks may cause denial-of-service conditions.
These issues affect OS X prior to 10.10.2. Sandbox is a sandbox system that provides the operating system with a method to limit the use of system resources by applications. An attacker could exploit this vulnerability with a specially crafted application to write to the sandbox-profile cache
| VAR-201501-0264 | CVE-2014-8827 | Apple OS X of LoginWindow Vulnerability in which important information is obtained |
CVSS V2: 2.1 CVSS V3: - Severity: LOW |
LoginWindow in Apple OS X before 10.10.2 does not transition to the lock-screen state immediately upon being woken from sleep, which allows physically proximate attackers to obtain sensitive information by reading the screen. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. Apple Mac OS X is prone to multiple security vulnerabilities.
The update addresses new vulnerabilities that affect Bluetooth, CPU Software, CommerceKit Framework, CoreGraphics, CoreSymbolication, Intel Graphics Driver, IOHIDFamily, IOUSBFamily, Kernel, LaunchServices, LoginWindow, Sandbox, SceneKit, security, security_taskgate, Spotlight, SpotlightIndex, sysmond, and UserAccountUpdater components.
Attackers can exploit these issues to execute arbitrary code, gain unauthorized access, bypass security restrictions, disclose sensitive information and perform other attacks. Failed attacks may cause denial-of-service conditions.
These issues affect OS X prior to 10.10.2. LoginWindow is one of the login window components. The vulnerability is caused by not locking the screen immediately when the program transitions from sleep mode to work mode
| VAR-201501-0263 | CVE-2014-8826 | Apple OS X of LaunchServices In Gatekeeper Vulnerabilities that circumvent protection mechanisms |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
LaunchServices in Apple OS X before 10.10.2 does not properly handle file-type metadata, which allows attackers to bypass the Gatekeeper protection mechanism via a crafted JAR archive. Supplementary information : CWE Vulnerability type by CWE-19: Data Handling ( Data processing ) Has been identified. Apple Mac OS X is prone to multiple security vulnerabilities.
The update addresses new vulnerabilities that affect Bluetooth, CPU Software, CommerceKit Framework, CoreGraphics, CoreSymbolication, Intel Graphics Driver, IOHIDFamily, IOUSBFamily, Kernel, LaunchServices, LoginWindow, Sandbox, SceneKit, security, security_taskgate, Spotlight, SpotlightIndex, sysmond, and UserAccountUpdater components.
Attackers can exploit these issues to execute arbitrary code, gain unauthorized access, bypass security restrictions, disclose sensitive information and perform other attacks. Failed attacks may cause denial-of-service conditions.
These issues affect OS X prior to 10.10.2. LaunchServices is one of the components that uses a running application to open other applications or documents
| VAR-201501-0261 | CVE-2014-8824 | Apple OS X Kernel kernel Vulnerable to arbitrary code execution |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
The kernel in Apple OS X before 10.10.2 does not properly validate IODataQueue object metadata fields, which allows attackers to execute arbitrary code in a privileged context via a crafted app. Apple Mac OS X is prone to multiple security vulnerabilities.
The update addresses new vulnerabilities that affect Bluetooth, CPU Software, CommerceKit Framework, CoreGraphics, CoreSymbolication, Intel Graphics Driver, IOHIDFamily, IOUSBFamily, Kernel, LaunchServices, LoginWindow, Sandbox, SceneKit, security, security_taskgate, Spotlight, SpotlightIndex, sysmond, and UserAccountUpdater components.
Attackers can exploit these issues to execute arbitrary code, gain unauthorized access, bypass security restrictions, disclose sensitive information and perform other attacks. Failed attacks may cause denial-of-service conditions.
These issues affect OS X prior to 10.10.2. The vulnerability stems from the fact that the program does not properly validate the metadata field of the IODataQueue object
| VAR-201501-0262 | CVE-2014-8825 | Apple OS X Privileged vulnerability in Kernel |
CVSS V2: 7.2 CVSS V3: - Severity: HIGH |
The kernel in Apple OS X before 10.10.2 does not properly perform identitysvc validation of certain directory-service functionality, which allows local users to gain privileges or spoof directory-service responses via unspecified vectors. Apple Mac OS X is prone to multiple security vulnerabilities.
The update addresses new vulnerabilities that affect Bluetooth, CPU Software, CommerceKit Framework, CoreGraphics, CoreSymbolication, Intel Graphics Driver, IOHIDFamily, IOUSBFamily, Kernel, LaunchServices, LoginWindow, Sandbox, SceneKit, security, security_taskgate, Spotlight, SpotlightIndex, sysmond, and UserAccountUpdater components.
Attackers can exploit these issues to execute arbitrary code, gain unauthorized access, bypass security restrictions, disclose sensitive information and perform other attacks. Failed attacks may cause denial-of-service conditions.
These issues affect OS X prior to 10.10.2. The vulnerability stems from the fact that the program does not correctly execute the identitysvc verification of the directory-service function. A local attacker can exploit this vulnerability to obtain permissions or forge directory-service responses
| VAR-201501-0260 | CVE-2014-8823 | Apple OS X of IOUSBFamily of IOUSB Vulnerability to read arbitrary kernel memory area in controller |
CVSS V2: 4.7 CVSS V3: - Severity: MEDIUM |
The IOUSBControllerUserClient::ReadRegister function in the IOUSB controller in IOUSBFamily in Apple OS X before 10.10.2 allows local users to read data from arbitrary kernel-memory locations by leveraging root access and providing a crafted first argument. Apple Mac OS X is prone to multiple security vulnerabilities.
The update addresses new vulnerabilities that affect Bluetooth, CPU Software, CommerceKit Framework, CoreGraphics, CoreSymbolication, Intel Graphics Driver, IOHIDFamily, IOUSBFamily, Kernel, LaunchServices, LoginWindow, Sandbox, SceneKit, security, security_taskgate, Spotlight, SpotlightIndex, sysmond, and UserAccountUpdater components.
Attackers can exploit these issues to execute arbitrary code, gain unauthorized access, bypass security restrictions, disclose sensitive information and perform other attacks. Failed attacks may cause denial-of-service conditions.
These issues affect OS X prior to 10.10.2
| VAR-201501-0259 | CVE-2014-8822 | Apple OS X of IOHIDFamily Vulnerable to arbitrary code execution |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
IOHIDFamily in Apple OS X before 10.10.2 allows attackers to execute arbitrary code in a kernel context or cause a denial of service (write to kernel memory) via a crafted app that calls an unspecified user-client method. Supplementary information : CWE Vulnerability type by CWE-19: Data Handling ( Data processing ) Has been identified. Apple Mac OS X is prone to multiple security vulnerabilities.
The update addresses new vulnerabilities that affect Bluetooth, CPU Software, CommerceKit Framework, CoreGraphics, CoreSymbolication, Intel Graphics Driver, IOHIDFamily, IOUSBFamily, Kernel, LaunchServices, LoginWindow, Sandbox, SceneKit, security, security_taskgate, Spotlight, SpotlightIndex, sysmond, and UserAccountUpdater components.
Attackers can exploit these issues to execute arbitrary code, gain unauthorized access, bypass security restrictions, disclose sensitive information and perform other attacks. Failed attacks may cause denial-of-service conditions.
These issues affect OS X prior to 10.10.2
| VAR-201501-0258 | CVE-2014-8821 | Apple OS X of Intel Graphics Driver Vulnerability gained in |
CVSS V2: 7.2 CVSS V3: - Severity: HIGH |
The Intel Graphics Driver in Apple OS X before 10.10.2 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2014-8819 and CVE-2014-8820. This vulnerability CVE-2014-8819 and CVE-2014-8820 Is a different vulnerability.Authority may be obtained by local users.
The update addresses new vulnerabilities that affect Bluetooth, CPU Software, CommerceKit Framework, CoreGraphics, CoreSymbolication, Intel Graphics Driver, IOHIDFamily, IOUSBFamily, Kernel, LaunchServices, LoginWindow, Sandbox, SceneKit, security, security_taskgate, Spotlight, SpotlightIndex, sysmond, and UserAccountUpdater components.
Attackers can exploit these issues to execute arbitrary code, gain unauthorized access, bypass security restrictions, disclose sensitive information and perform other attacks. Failed attacks may cause denial-of-service conditions.
These issues affect OS X prior to 10.10.2. Intel Graphics Driver is one of the graphics card drivers
| VAR-201501-0256 | CVE-2014-8819 | Apple OS X of Intel Graphics Driver Vulnerability gained in |
CVSS V2: 7.2 CVSS V3: - Severity: HIGH |
The Intel Graphics Driver in Apple OS X before 10.10.2 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2014-8820 and CVE-2014-8821. This vulnerability CVE-2014-8820 and CVE-2014-8821 Is a different vulnerability.Authority may be obtained by local users.
The update addresses new vulnerabilities that affect Bluetooth, CPU Software, CommerceKit Framework, CoreGraphics, CoreSymbolication, Intel Graphics Driver, IOHIDFamily, IOUSBFamily, Kernel, LaunchServices, LoginWindow, Sandbox, SceneKit, security, security_taskgate, Spotlight, SpotlightIndex, sysmond, and UserAccountUpdater components.
Attackers can exploit these issues to execute arbitrary code, gain unauthorized access, bypass security restrictions, disclose sensitive information and perform other attacks. Failed attacks may cause denial-of-service conditions.
These issues affect OS X prior to 10.10.2. Intel Graphics Driver is one of the graphics card drivers
| VAR-201501-0257 | CVE-2014-8820 | Apple OS X of Intel Graphics Driver Vulnerability gained in |
CVSS V2: 7.2 CVSS V3: - Severity: HIGH |
The Intel Graphics Driver in Apple OS X before 10.10.2 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2014-8819 and CVE-2014-8821. This vulnerability CVE-2014-8819 and CVE-2014-8821 Is a different vulnerability.Authority may be obtained by local users.
The update addresses new vulnerabilities that affect Bluetooth, CPU Software, CommerceKit Framework, CoreGraphics, CoreSymbolication, Intel Graphics Driver, IOHIDFamily, IOUSBFamily, Kernel, LaunchServices, LoginWindow, Sandbox, SceneKit, security, security_taskgate, Spotlight, SpotlightIndex, sysmond, and UserAccountUpdater components.
Attackers can exploit these issues to execute arbitrary code, gain unauthorized access, bypass security restrictions, disclose sensitive information and perform other attacks. Failed attacks may cause denial-of-service conditions.
These issues affect OS X prior to 10.10.2. Intel Graphics Driver is one of the graphics card drivers
| VAR-201501-0255 | CVE-2014-8817 | Apple OS X of CoreSymbolication Vulnerable to arbitrary code execution |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
coresymbolicationd in CoreSymbolication in Apple OS X before 10.10.2 does not verify that expected data types are present in XPC messages, which allows attackers to execute arbitrary code in a privileged context via a crafted app, as demonstrated by lack of verification of xpc_dictionary_get_value API return values during handling of a (1) match_mmap_archives, (2) delete_mmap_archives, (3) write_mmap_archive, or (4) read_mmap_archive command. Supplementary information : CWE Vulnerability type by CWE-19: Data Handling ( Data processing ) Has been identified. http://cwe.mitre.org/data/definitions/19.htmlAn attacker could execute arbitrary code in a privileged context through a crafted application. Apple Mac OS X is prone to multiple security vulnerabilities.
The update addresses new vulnerabilities that affect Bluetooth, CPU Software, CommerceKit Framework, CoreGraphics, CoreSymbolication, Intel Graphics Driver, IOHIDFamily, IOUSBFamily, Kernel, LaunchServices, LoginWindow, Sandbox, SceneKit, security, security_taskgate, Spotlight, SpotlightIndex, sysmond, and UserAccountUpdater components.
Attackers can exploit these issues to execute arbitrary code, gain unauthorized access, bypass security restrictions, disclose sensitive information and perform other attacks. Failed attacks may cause denial-of-service conditions.
These issues affect OS X prior to 10.10.2. The vulnerability stems from the fact that the program does not validate the data types in XPC messages
| VAR-201501-0254 | CVE-2014-8816 | Apple OS X of CoreGraphics Vulnerable to arbitrary code execution |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
CoreGraphics in Apple OS X before 10.10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted PDF document. Apple Mac OS X is prone to multiple security vulnerabilities.
The update addresses new vulnerabilities that affect Bluetooth, CPU Software, CommerceKit Framework, CoreGraphics, CoreSymbolication, Intel Graphics Driver, IOHIDFamily, IOUSBFamily, Kernel, LaunchServices, LoginWindow, Sandbox, SceneKit, security, security_taskgate, Spotlight, SpotlightIndex, sysmond, and UserAccountUpdater components.
Attackers can exploit these issues to execute arbitrary code, gain unauthorized access, bypass security restrictions, disclose sensitive information and perform other attacks. Failed attacks may cause denial-of-service conditions.
These issues affect OS X prior to 10.10.2
| VAR-201501-0117 | CVE-2015-0312 | Adobe Flash Player Memory double free vulnerability |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Double free vulnerability in Adobe Flash Player before 13.0.0.264 and 14.x through 16.x before 16.0.0.296 on Windows and OS X and before 11.2.202.440 on Linux allows attackers to execute arbitrary code via unspecified vectors. Supplementary information : CWE Vulnerability type by CWE-415: Double Free ( Double release ) Has been identified. http://cwe.mitre.org/data/definitions/415.htmlAn attacker could execute arbitrary code. Adobe Flash Player is prone to an unspecified remote code-execution vulnerability. Failed exploit attempts will likely cause a denial-of-service condition. The product enables viewing of applications, content and video across screens and browsers. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update
Advisory ID: RHSA-2015:0094-01
Product: Red Hat Enterprise Linux Supplementary
Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0094.html
Issue date: 2015-01-27
CVE Names: CVE-2015-0310 CVE-2015-0311 CVE-2015-0312
=====================================================================
1. Summary:
An updated Adobe Flash Player package that fixes multiple security issues
is now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
Red Hat Product Security has rated this update as having Critical security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
3. Description:
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in. These
vulnerabilities are detailed in the Adobe Security Bulletin APSB15-02, and
APSB15-03, listed in the References section.
Multiple flaws were found in the way flash-plugin displayed certain SWF
content. An attacker could use these flaws to create a specially crafted
SWF file that would cause flash-plugin to crash or, potentially, execute
arbitrary code when the victim loaded a page containing the malicious SWF
content.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1185137 - CVE-2015-0310 flash-plugin: Vulnerability that could be used to circumvent memory randomization mitigations (APSB15-02)
1185296 - CVE-2015-0311 CVE-2015-0312 flash-plugin: multiple critical vulnerabilities (APSA15-01)(APSB15-03)
6. Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386:
flash-plugin-11.2.202.440-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.440-1.el5.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386:
flash-plugin-11.2.202.440-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.440-1.el5.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386:
flash-plugin-11.2.202.440-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.440-1.el6.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386:
flash-plugin-11.2.202.440-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.440-1.el6.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386:
flash-plugin-11.2.202.440-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.440-1.el6.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2015-0310
https://access.redhat.com/security/cve/CVE-2015-0311
https://access.redhat.com/security/cve/CVE-2015-0312
https://access.redhat.com/security/updates/classification/#critical
https://helpx.adobe.com/security/products/flash-player/apsb15-02.html
https://helpx.adobe.com/security/products/flash-player/apsb15-03.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2015 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iD8DBQFUyAGGXlSAg2UNWIIRAi1BAJ9Q5Uq7Z9D/i5dIrMbLRMK/TUbVpQCfZhjG
Xjm8B3oIdHx7wx6dzJxrEAw=
=70K0
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
| VAR-201501-0623 | CVE-2014-4477 | Apple Used in products Webkit Vulnerable to arbitrary code execution |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4476 and CVE-2014-4479. Apple iOS , Apple Safari and Apple TV Used in etc. WebKit Any code that could be executed or service disruption ( Memory corruption and application crash ) There are vulnerabilities that are put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of Set objects. The issue lies in the usage of an iterator after clearing the object. An attacker can leverage this vulnerability to execute code under the context of the renderer process. WebKit is prone to an unspecified memory-corruption vulnerability. Failed exploit attempts will likely cause denial-of-service conditions. Apple iOS is an operating system developed for mobile devices; Apple Safari is a web browser that is the default browser included with Mac OS X and iOS operating systems; Apple TV is a high-definition television set-top box product. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. ------------------------------------------------------------------------
WebKitGTK+ Security Advisory WSA-2015-0002
------------------------------------------------------------------------
Date reported : December 28, 2015
Advisory ID : WSA-2015-0002
Advisory URL : http://webkitgtk.org/security/WSA-2015-0002.html
CVE identifiers : CVE-2013-6663, CVE-2014-1748, CVE-2014-3192,
CVE-2014-4409, CVE-2014-4410, CVE-2014-4411,
CVE-2014-4412, CVE-2014-4413, CVE-2014-4414,
CVE-2014-4452, CVE-2014-4459, CVE-2014-4465,
CVE-2014-4466, CVE-2014-4468, CVE-2014-4469,
CVE-2014-4470, CVE-2014-4471, CVE-2014-4472,
CVE-2014-4473, CVE-2014-4474, CVE-2014-4475,
CVE-2014-4476, CVE-2014-4477, CVE-2014-4479,
CVE-2015-1068, CVE-2015-1069, CVE-2015-1070,
CVE-2015-1071, CVE-2015-1072, CVE-2015-1073,
CVE-2015-1074, CVE-2015-1075, CVE-2015-1076,
CVE-2015-1077, CVE-2015-1080, CVE-2015-1081,
CVE-2015-1082, CVE-2015-1083, CVE-2015-1084,
CVE-2015-1119, CVE-2015-1120, CVE-2015-1121,
CVE-2015-1122, CVE-2015-1124, CVE-2015-1126,
CVE-2015-1127, CVE-2015-1152, CVE-2015-1153,
CVE-2015-1154, CVE-2015-1155, CVE-2015-1156,
CVE-2015-2330, CVE-2015-3658, CVE-2015-3659,
CVE-2015-3660, CVE-2015-3727, CVE-2015-3730,
CVE-2015-3731, CVE-2015-3732, CVE-2015-3733,
CVE-2015-3734, CVE-2015-3735, CVE-2015-3736,
CVE-2015-3737, CVE-2015-3738, CVE-2015-3739,
CVE-2015-3740, CVE-2015-3741, CVE-2015-3742,
CVE-2015-3743, CVE-2015-3744, CVE-2015-3745,
CVE-2015-3746, CVE-2015-3747, CVE-2015-3748,
CVE-2015-3749, CVE-2015-3750, CVE-2015-3751,
CVE-2015-3752, CVE-2015-3753, CVE-2015-3754,
CVE-2015-3755, CVE-2015-5788, CVE-2015-5789,
CVE-2015-5790, CVE-2015-5791, CVE-2015-5792,
CVE-2015-5793, CVE-2015-5794, CVE-2015-5795,
CVE-2015-5797, CVE-2015-5798, CVE-2015-5799,
CVE-2015-5800, CVE-2015-5801, CVE-2015-5802,
CVE-2015-5803, CVE-2015-5804, CVE-2015-5805,
CVE-2015-5806, CVE-2015-5807, CVE-2015-5809,
CVE-2015-5810, CVE-2015-5811, CVE-2015-5812,
CVE-2015-5813, CVE-2015-5814, CVE-2015-5815,
CVE-2015-5816, CVE-2015-5817, CVE-2015-5818,
CVE-2015-5819, CVE-2015-5822, CVE-2015-5823,
CVE-2015-5825, CVE-2015-5826, CVE-2015-5827,
CVE-2015-5828, CVE-2015-5928, CVE-2015-5929,
CVE-2015-5930, CVE-2015-5931, CVE-2015-7002,
CVE-2015-7012, CVE-2015-7013, CVE-2015-7014,
CVE-2015-7048, CVE-2015-7095, CVE-2015-7097,
CVE-2015-7099, CVE-2015-7100, CVE-2015-7102,
CVE-2015-7103, CVE-2015-7104.
Several vulnerabilities were discovered on WebKitGTK+.
CVE-2013-6663
Versions affected: WebKitGTK+ before 2.4.0.
Credit to Atte Kettunen of OUSPG.
Use-after-free vulnerability in the SVGImage::setContainerSize
function in core/svg/graphics/SVGImage.cpp in the SVG implementation
in Blink, as used in Google Chrome before 33.0.1750.146, allows
remote attackers to cause a denial of service or possibly have
unspecified other impact via vectors related to the resizing of a
view.
CVE-2014-1748
Versions affected: WebKitGTK+ before 2.6.0.
Credit to Jordan Milne.
The ScrollView::paint function in platform/scroll/ScrollView.cpp in
Blink, as used in Google Chrome before 35.0.1916.114, allows remote
attackers to spoof the UI by extending scrollbar painting into the
parent frame.
CVE-2014-3192
Versions affected: WebKitGTK+ before 2.6.3.
Credit to cloudfuzzer.
Use-after-free vulnerability in the
ProcessingInstruction::setXSLStyleSheet function in
core/dom/ProcessingInstruction.cpp in the DOM implementation in
Blink, as used in Google Chrome before 38.0.2125.101, allows remote
attackers to cause a denial of service or possibly have unspecified
other impact via unknown vectors.
CVE-2014-4409
Versions affected: WebKitGTK+ before 2.6.0.
Credit to Yosuke Hasegawa (NetAgent Co., Led.).
CVE-2014-4410
Versions affected: WebKitGTK+ before 2.6.0.
Credit to Eric Seidel of Google.
CVE-2014-4411
Versions affected: WebKitGTK+ before 2.6.0.
Credit to Google Chrome Security Team.
CVE-2014-4412
Versions affected: WebKitGTK+ before 2.4.0.
CVE-2014-4413
Versions affected: WebKitGTK+ before 2.4.0.
CVE-2014-4414
Versions affected: WebKitGTK+ before 2.4.0.
CVE-2014-4452
Versions affected: WebKitGTK+ before 2.6.0.
Credit to unknown.
CVE-2014-4459
Versions affected: WebKitGTK+ before 2.6.2.
Credit to unknown.
CVE-2014-4465
Versions affected: WebKitGTK+ before 2.6.2.
Credit to Rennie deGraaf of iSEC Partners.
CVE-2014-4466
Versions affected: WebKitGTK+ before 2.6.2.
CVE-2014-4468
Versions affected: WebKitGTK+ before 2.6.0.
CVE-2014-4469
Versions affected: WebKitGTK+ before 2.6.4.
CVE-2014-4470
Versions affected: WebKitGTK+ before 2.6.0.
CVE-2014-4471
Versions affected: WebKitGTK+ before 2.6.0.
CVE-2014-4472
Versions affected: WebKitGTK+ before 2.6.0.
CVE-2014-4473
Versions affected: WebKitGTK+ before 2.6.0.
CVE-2014-4474
Versions affected: WebKitGTK+ before 2.6.2.
CVE-2014-4475
Versions affected: WebKitGTK+ before 2.6.0.
CVE-2014-4476
Versions affected: WebKitGTK+ before 2.6.2.
CVE-2014-4477
Versions affected: WebKitGTK+ before 2.6.4.
Credit to lokihardt@ASRT working with HP’s Zero Day Initiative.
CVE-2014-4479
Versions affected: WebKitGTK+ before 2.6.4.
CVE-2015-1068
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1069
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1070
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1071
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1072
Versions affected: WebKitGTK+ before 2.8.0.
Credit to unknown.
CVE-2015-1073
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1074
Versions affected: WebKitGTK+ before 2.6.4.
CVE-2015-1075
Versions affected: WebKitGTK+ before 2.8.0.
Credit to Google Chrome Security Team.
CVE-2015-1076
Versions affected: WebKitGTK+ before 2.8.0.
Credit to unknown.
CVE-2015-1077
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1080
Versions affected: WebKitGTK+ before 2.6.0.
CVE-2015-1081
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1082
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1083
Versions affected: WebKitGTK+ before 2.6.4.
CVE-2015-1084
Versions affected: WebKitGTK+ before 2.6.1.
CVE-2015-1119
Versions affected: WebKitGTK+ before 2.8.0.
Credit to Renata Hodovan of University of Szeged / Samsung
Electronics.
CVE-2015-1120
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1121
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1122
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-1124
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1126
Versions affected: WebKitGTK+ before 2.8.0.
Credit to Jouko Pynnonen of Klikki Oy.
CVE-2015-1127
Versions affected: WebKitGTK+ before 2.8.0.
Credit to Tyler C (2.6.5).
The private-browsing implementation in WebKit in Apple Safari before
6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 places browsing
history into an index, which might allow local users to obtain
sensitive information by reading index entries.
CVE-2015-1152
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-1153
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1154
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1155
Versions affected: WebKitGTK+ before 2.10.0.
Credit to Joe Vennix of Rapid7 Inc. working with HP's Zero Day
Initiative.
CVE-2015-1156
Versions affected: WebKitGTK+ before 2.8.0.
Credit to Zachary Durber of Moodle.
CVE-2015-2330
Versions affected: WebKitGTK+ before 2.6.6.
Credit to Ross Lagerwall.
Late TLS certificate verification in WebKitGTK+ prior to 2.6.6
allows remote attackers to view a secure HTTP request, including,
for example, secure cookies.
CVE-2015-3658
Versions affected: WebKitGTK+ before 2.8.1.
Credit to Brad Hill of Facebook.
CVE-2015-3659
Versions affected: WebKitGTK+ before 2.8.3.
Credit to Peter Rutenbar working with HP's Zero Day Initiative.
CVE-2015-3660
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-3727
Versions affected: WebKitGTK+ before 2.8.1.
Credit to Peter Rutenbar working with HP's Zero Day Initiative.
CVE-2015-3730
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-3731
Versions affected: WebKitGTK+ before 2.8.3.
CVE-2015-3732
Versions affected: WebKitGTK+ before 2.8.3.
CVE-2015-3733
Versions affected: WebKitGTK+ before 2.8.3.
CVE-2015-3734
Versions affected: WebKitGTK+ before 2.8.3.
CVE-2015-3735
Versions affected: WebKitGTK+ before 2.8.3.
CVE-2015-3736
Versions affected: WebKitGTK+ before 2.8.3.
CVE-2015-3737
Versions affected: WebKitGTK+ before 2.8.3.
CVE-2015-3738
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-3739
Versions affected: WebKitGTK+ before 2.8.1.
CVE-2015-3740
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-3741
Versions affected: WebKitGTK+ before 2.8.1.
CVE-2015-3742
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-3743
Versions affected: WebKitGTK+ before 2.8.3.
CVE-2015-3744
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-3745
Versions affected: WebKitGTK+ before 2.8.1.
CVE-2015-3746
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-3747
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-3748
Versions affected: WebKitGTK+ before 2.8.3.
CVE-2015-3749
Versions affected: WebKitGTK+ before 2.8.3.
CVE-2015-3750
Versions affected: WebKitGTK+ before 2.10.0.
Credit to Muneaki Nishimura (nishimunea).
WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x
before 8.0.8, as used in iOS before 8.4.1 and other products, does
not enforce the HTTP Strict Transport Security (HSTS) protection
mechanism for Content Security Policy (CSP) report requests, which
allows man-in-the-middle attackers to obtain sensitive information
by sniffing the network or spoof a report by modifying the client-
server data stream.
CVE-2015-3751
Versions affected: WebKitGTK+ before 2.10.0.
Credit to Muneaki Nishimura (nishimunea).
CVE-2015-3752
Versions affected: WebKitGTK+ before 2.8.4.
Credit to Muneaki Nishimura (nishimunea).
CVE-2015-3753
Versions affected: WebKitGTK+ before 2.8.3.
Credit to Antonio Sanso and Damien Antipa of Adobe.
CVE-2015-3754
Versions affected: WebKitGTK+ before 2.10.0.
Credit to Dongsung Kim (@kid1ng).
CVE-2015-3755
Versions affected: WebKitGTK+ before 2.10.0.
Credit to xisigr of Tencent's Xuanwu Lab.
CVE-2015-5788
Versions affected: WebKitGTK+ before 2.8.0.
The WebKit Canvas implementation in Apple iOS before 9 allows remote
attackers to bypass the Same Origin Policy and obtain sensitive
image information via vectors involving a CANVAS element.
CVE-2015-5789
Versions affected: WebKitGTK+ before 2.6.1.
CVE-2015-5790
Versions affected: WebKitGTK+ before 2.6.2.
CVE-2015-5791
Versions affected: WebKitGTK+ before 2.6.0.
CVE-2015-5792
Versions affected: WebKitGTK+ before 2.4.0.
CVE-2015-5793
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-5794
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-5795
Versions affected: WebKitGTK+ before 2.8.3.
CVE-2015-5797
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-5798
Versions affected: WebKitGTK+ before 2.6.0.
CVE-2015-5799
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-5800
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-5801
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-5802
Versions affected: WebKitGTK+ before 2.6.0.
CVE-2015-5803
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-5804
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-5805
Versions affected: WebKitGTK+ before 2.10.0.
Credit to unknown.
CVE-2015-5806
Versions affected: WebKitGTK+ before 2.8.3.
CVE-2015-5807
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-5809
Versions affected: WebKitGTK+ before 2.8.4.
CVE-2015-5810
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-5811
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-5812
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-5813
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-5814
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-5815
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-5816
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-5817
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-5818
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-5819
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-5822
Versions affected: WebKitGTK+ before 2.8.1.
Credit to Mark S. Miller of Google.
CVE-2015-5823
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-5825
Versions affected: WebKitGTK+ before 2.10.0.
Credit to Yossi Oren et al. of Columbia University's Network
Security Lab.
CVE-2015-5826
Versions affected: WebKitGTK+ before 2.6.5.
Credit to filedescriptior, Chris Evans.
CVE-2015-5827
Versions affected: WebKitGTK+ before 2.10.0.
Credit to Gildas.
WebKit in Apple iOS before 9 allows remote attackers to bypass the
Same Origin Policy and obtain an object reference via vectors
involving a (1) custom event, (2) message event, or (3) pop state
event.
CVE-2015-5828
Versions affected: WebKitGTK+ before 2.10.0.
Credit to Lorenzo Fontana.
CVE-2015-5928
Versions affected: WebKitGTK+ before 2.8.4.
CVE-2015-5929
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-5930
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-5931
Versions affected: WebKitGTK+ before 2.10.0.
Credit to unknown.
CVE-2015-7002
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-7012
Versions affected: WebKitGTK+ before 2.8.4.
CVE-2015-7013
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-7014
Versions affected: WebKitGTK+ before 2.10.0.
Credit to unknown.
CVE-2015-7048
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-7095
Versions affected: WebKitGTK+ before 2.10.2.
CVE-2015-7097
Versions affected: WebKitGTK+ before 2.10.3.
CVE-2015-7099
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-7100
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-7102
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-7103
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-7104
Versions affected: WebKitGTK+ before 2.10.0.
We recommend updating to the last stable version of WebKitGTK+. It is
the best way of ensuring that you are running a safe version of
WebKitGTK+. Please check our website for information about the last
stable releases.
Further information about WebKitGTK+ Security Advisories can be found
at: http://webkitgtk.org/security.html
The WebKitGTK+ team,
December 28, 2015
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2015-01-27-2 iOS 8.1.3
iOS 8.1.3 is now available and addresses the following:
AppleFileConduit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A maliciously crafted afc command may allow access to
protected parts of the filesystem
Description: A vulnerability existed in the symbolic linking
mechanism of afc. This issue was addressed by adding additional path
checks.
CVE-ID
CVE-2014-4480 : TaiG Jailbreak Team
CoreGraphics
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: An integer overflow existed in the handling of PDF
files. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-4481 : Felipe Andres Manzano of the Binamuse VRT, via the
iSIGHT Partners GVP Program
dyld
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A local user may be able to execute unsigned code
Description: A state management issue existed in the handling of
Mach-O executable files with overlapping segments. This issue was
addressed through improved validation of segment sizes.
CVE-ID
CVE-2014-4455 : TaiG Jailbreak Team
FontParser
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in the handling of font
files. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-4483 : Apple
FontParser
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Processing a maliciously crafted .dfont file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue existed in the handling of
.dfont files. This issue was addressed through improved bounds
checking.
CVE-ID
CVE-2014-4484 : Gaurav Baruah working with HP's Zero Day Initiative
Foundation
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Viewing a maliciously crafted XML file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in the XML parser. This issue
was addressed through improved bounds checking.
CVE-ID
CVE-2014-4485 : Apple
IOAcceleratorFamily
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A null pointer dereference existed in
IOAcceleratorFamily's handling of resource lists. This issue was
addressed by removing unneeded code.
CVE-ID
CVE-2014-4486 : Ian Beer of Google Project Zero
IOHIDFamily
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A buffer overflow existed in IOHIDFamily. This issue
was addressed through improved size validation.
CVE-ID
CVE-2014-4487 : TaiG Jailbreak Team
IOHIDFamily
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A validation issue existed in IOHIDFamily's handling of
resource queue metadata. This issue was addressed through improved
validation of metadata.
CVE-ID
CVE-2014-4488 : Apple
IOHIDFamily
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A null pointer dereference existed in IOHIDFamily's
handling of event queues. This issue was addressed through improved
validation.
CVE-ID
CVE-2014-4489 : @beist
iTunes Store
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A website may be able to bypass sandbox restrictions using
the iTunes Store
Description: An issue existed in the handling of URLs redirected
from Safari to the iTunes Store that could allow a malicious website
to bypass Safari's sandbox restrictions. The issue was addressed with
improved filtering of URLs opened by the iTunes Store.
CVE-ID
CVE-2014-8840 : lokihardt@ASRT working with HP's Zero Day Initiative
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Maliciously crafted or compromised iOS applications may be
able to determine addresses in the kernel
Description: An information disclosure issue existed in the handling
of APIs related to kernel extensions. Responses containing an
OSBundleMachOHeaders key may have included kernel addresses, which
may aid in bypassing address space layout randomization protection.
This issue was addressed by unsliding the addresses before returning
them.
CVE-ID
CVE-2014-4491 : @PanguTeam, Stefan Esser
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: An issue existed in the kernel shared memory subsystem
that allowed an attacker to write to memory that was intended to be
read-only. This issue was addressed with stricter checking of shared
memory permissions.
CVE-ID
CVE-2014-4495 : Ian Beer of Google Project Zero
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Maliciously crafted or compromised iOS applications may be
able to determine addresses in the kernel
Description: The mach_port_kobject kernel interface leaked kernel
addresses and heap permutation value, which may aid in bypassing
address space layout randomization protection. This was addressed by
disabling the mach_port_kobject interface in production
configurations.
CVE-ID
CVE-2014-4496 : TaiG Jailbreak Team
libnetcore
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious, sandboxed app can compromise the networkd
daemon
Description: Multiple type confusion issues existed in networkd's
handling of interprocess communication. The issue is addressed
through additional type checking.
CVE-ID
CVE-2014-4492 : Ian Beer of Google Project Zero
MobileInstallation
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious enterprise-signed application may be able to
take control of the local container for applications already on a
device
Description: A vulnerability existed in the application installation
process. This was addressed by preventing enterprise applications
from overriding existing applications in specific scenarios.
CVE-ID
CVE-2014-4493 : Hui Xue and Tao Wei of FireEye, Inc.
Springboard
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Enterprise-signed applications may be launched without
prompting for trust
Description: An issue existed in determining when to prompt for
trust when first opening an enterprise-signed application. This issue
was addressed through improved code signature validation.
CVE-ID
CVE-2014-4494 : Song Jin, Hui Xue, and Tao Wei of FireEye, Inc.
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a website that frames malicious content may lead to
UI spoofing
Description: A UI spoofing issue existed in the handling of
scrollbar boundaries. This issue was addressed through improved
bounds checking.
CVE-ID
CVE-2014-4467 : Jordan Milne
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Style sheets are loaded cross-origin which may allow for
data exfiltration
Description: An SVG loaded in an img element could load a CSS file
cross-origin. This issue was addressed through enhanced blocking of
external CSS references in SVGs.
CVE-ID
CVE-2014-4465 : Rennie deGraaf of iSEC Partners
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in WebKit.
These issues were addressed through improved memory handling. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About.
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
iQIcBAEBAgAGBQJUx8umAAoJEBcWfLTuOo7tTskQAI5o4uXj16m90mQhSqUYG35F
pCbUBiLJj4IWcgLsNDKgnhcmX6YOA+q7LnyCuU91K4DLybFZr5/OrxDU4/qCsKQb
8o6uRHdtfq6zrOrUgv+hKXP36Rf5v/zl/P9JViuJoKZXMQow6DYoTpCaUAUwp23z
mrF3EwzZyxfT2ICWwPS7r8A9annIprGBZLJz1Yr7Ek90WILTg9RbgnI60IBfpLzn
Bi4ej9FqV2HAy4S9Fad6jyB9E0rAsl6PRMPGKVvOa2o1/mLqiFGR06qyHwJ+ynj8
tTGcnVhiZVaiur807DY1hb6uB2oLFQXxHFYe3T17l3igM/iminMpWfcq/PmnIIwR
IASrhc24qgUywOGK6FfVKdoh5KNgb3xK4X7U9YL9/eMwgT48a2qO6lLTfYdFfBCh
wEzMAFEDpnkwOSw/s5Ry0eCY+p+DU0Kxr3Ter3zkNO0abf2yXjAtu4nHBk3I1t4P
y8fM8vcWhPDTdfhIWp5Vwcs6sxCGXO1/w6Okuv4LlEDkSJ0Vm2AdhnE0TmhWW0BB
w7XMGRYdUCYRbGIta1wciD8yR1xeAWGIOL9+tYROfK4jgPgFGNjtkhqMWNxLZwnR
IEHZ2hYBhf3bWCtEDP5nZBV7jdUUdMxDzDX9AuPp67SXld2By+iMe8AYgu6EVhfY
CfDJ+b9mxdd8GswiT3OO
=j9pr
-----END PGP SIGNATURE-----
.
CVE-ID
CVE-2014-3192 : cloudfuzzer
CVE-2014-4476 : Apple
CVE-2014-4477 : lokihardt@ASRT working with HP's Zero Day
Initiative
CVE-2014-4479 : Apple
Safari 8.0.3, Safari 7.1.3, and Safari 6.2.3 may be obtained from
the Mac App Store
| VAR-201501-0624 | CVE-2014-4479 | Apple Used in products Webkit Vulnerable to arbitrary code execution |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4476 and CVE-2014-4477. Apple iOS , Apple Safari and Apple TV Used in etc. WebKit Any code that could be executed or service disruption ( Memory corruption and application crash ) There are vulnerabilities that are put into a state. WebKit is prone to an unspecified memory-corruption vulnerability.
Attackers can exploit this issue to execute arbitrary code within the context of the user running the affected application. Failed exploit attempts will likely cause denial-of-service conditions. Apple iOS is an operating system developed for mobile devices; Apple Safari is a web browser that is the default browser included with Mac OS X and iOS operating systems; Apple TV is a high-definition television set-top box product. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. ------------------------------------------------------------------------
WebKitGTK+ Security Advisory WSA-2015-0002
------------------------------------------------------------------------
Date reported : December 28, 2015
Advisory ID : WSA-2015-0002
Advisory URL : http://webkitgtk.org/security/WSA-2015-0002.html
CVE identifiers : CVE-2013-6663, CVE-2014-1748, CVE-2014-3192,
CVE-2014-4409, CVE-2014-4410, CVE-2014-4411,
CVE-2014-4412, CVE-2014-4413, CVE-2014-4414,
CVE-2014-4452, CVE-2014-4459, CVE-2014-4465,
CVE-2014-4466, CVE-2014-4468, CVE-2014-4469,
CVE-2014-4470, CVE-2014-4471, CVE-2014-4472,
CVE-2014-4473, CVE-2014-4474, CVE-2014-4475,
CVE-2014-4476, CVE-2014-4477, CVE-2014-4479,
CVE-2015-1068, CVE-2015-1069, CVE-2015-1070,
CVE-2015-1071, CVE-2015-1072, CVE-2015-1073,
CVE-2015-1074, CVE-2015-1075, CVE-2015-1076,
CVE-2015-1077, CVE-2015-1080, CVE-2015-1081,
CVE-2015-1082, CVE-2015-1083, CVE-2015-1084,
CVE-2015-1119, CVE-2015-1120, CVE-2015-1121,
CVE-2015-1122, CVE-2015-1124, CVE-2015-1126,
CVE-2015-1127, CVE-2015-1152, CVE-2015-1153,
CVE-2015-1154, CVE-2015-1155, CVE-2015-1156,
CVE-2015-2330, CVE-2015-3658, CVE-2015-3659,
CVE-2015-3660, CVE-2015-3727, CVE-2015-3730,
CVE-2015-3731, CVE-2015-3732, CVE-2015-3733,
CVE-2015-3734, CVE-2015-3735, CVE-2015-3736,
CVE-2015-3737, CVE-2015-3738, CVE-2015-3739,
CVE-2015-3740, CVE-2015-3741, CVE-2015-3742,
CVE-2015-3743, CVE-2015-3744, CVE-2015-3745,
CVE-2015-3746, CVE-2015-3747, CVE-2015-3748,
CVE-2015-3749, CVE-2015-3750, CVE-2015-3751,
CVE-2015-3752, CVE-2015-3753, CVE-2015-3754,
CVE-2015-3755, CVE-2015-5788, CVE-2015-5789,
CVE-2015-5790, CVE-2015-5791, CVE-2015-5792,
CVE-2015-5793, CVE-2015-5794, CVE-2015-5795,
CVE-2015-5797, CVE-2015-5798, CVE-2015-5799,
CVE-2015-5800, CVE-2015-5801, CVE-2015-5802,
CVE-2015-5803, CVE-2015-5804, CVE-2015-5805,
CVE-2015-5806, CVE-2015-5807, CVE-2015-5809,
CVE-2015-5810, CVE-2015-5811, CVE-2015-5812,
CVE-2015-5813, CVE-2015-5814, CVE-2015-5815,
CVE-2015-5816, CVE-2015-5817, CVE-2015-5818,
CVE-2015-5819, CVE-2015-5822, CVE-2015-5823,
CVE-2015-5825, CVE-2015-5826, CVE-2015-5827,
CVE-2015-5828, CVE-2015-5928, CVE-2015-5929,
CVE-2015-5930, CVE-2015-5931, CVE-2015-7002,
CVE-2015-7012, CVE-2015-7013, CVE-2015-7014,
CVE-2015-7048, CVE-2015-7095, CVE-2015-7097,
CVE-2015-7099, CVE-2015-7100, CVE-2015-7102,
CVE-2015-7103, CVE-2015-7104.
Several vulnerabilities were discovered on WebKitGTK+.
CVE-2013-6663
Versions affected: WebKitGTK+ before 2.4.0.
Credit to Atte Kettunen of OUSPG.
Use-after-free vulnerability in the SVGImage::setContainerSize
function in core/svg/graphics/SVGImage.cpp in the SVG implementation
in Blink, as used in Google Chrome before 33.0.1750.146, allows
remote attackers to cause a denial of service or possibly have
unspecified other impact via vectors related to the resizing of a
view.
CVE-2014-1748
Versions affected: WebKitGTK+ before 2.6.0.
Credit to Jordan Milne.
The ScrollView::paint function in platform/scroll/ScrollView.cpp in
Blink, as used in Google Chrome before 35.0.1916.114, allows remote
attackers to spoof the UI by extending scrollbar painting into the
parent frame.
CVE-2014-3192
Versions affected: WebKitGTK+ before 2.6.3.
Credit to cloudfuzzer.
Use-after-free vulnerability in the
ProcessingInstruction::setXSLStyleSheet function in
core/dom/ProcessingInstruction.cpp in the DOM implementation in
Blink, as used in Google Chrome before 38.0.2125.101, allows remote
attackers to cause a denial of service or possibly have unspecified
other impact via unknown vectors.
CVE-2014-4409
Versions affected: WebKitGTK+ before 2.6.0.
Credit to Yosuke Hasegawa (NetAgent Co., Led.).
CVE-2014-4410
Versions affected: WebKitGTK+ before 2.6.0.
Credit to Eric Seidel of Google.
CVE-2014-4411
Versions affected: WebKitGTK+ before 2.6.0.
Credit to Google Chrome Security Team.
CVE-2014-4412
Versions affected: WebKitGTK+ before 2.4.0.
CVE-2014-4413
Versions affected: WebKitGTK+ before 2.4.0.
CVE-2014-4414
Versions affected: WebKitGTK+ before 2.4.0.
CVE-2014-4452
Versions affected: WebKitGTK+ before 2.6.0.
Credit to unknown.
CVE-2014-4459
Versions affected: WebKitGTK+ before 2.6.2.
Credit to unknown.
CVE-2014-4465
Versions affected: WebKitGTK+ before 2.6.2.
Credit to Rennie deGraaf of iSEC Partners.
CVE-2014-4466
Versions affected: WebKitGTK+ before 2.6.2.
CVE-2014-4468
Versions affected: WebKitGTK+ before 2.6.0.
CVE-2014-4469
Versions affected: WebKitGTK+ before 2.6.4.
CVE-2014-4470
Versions affected: WebKitGTK+ before 2.6.0.
CVE-2014-4471
Versions affected: WebKitGTK+ before 2.6.0.
CVE-2014-4472
Versions affected: WebKitGTK+ before 2.6.0.
CVE-2014-4473
Versions affected: WebKitGTK+ before 2.6.0.
CVE-2014-4474
Versions affected: WebKitGTK+ before 2.6.2.
CVE-2014-4475
Versions affected: WebKitGTK+ before 2.6.0.
CVE-2014-4476
Versions affected: WebKitGTK+ before 2.6.2.
CVE-2014-4477
Versions affected: WebKitGTK+ before 2.6.4.
Credit to lokihardt@ASRT working with HP’s Zero Day Initiative.
CVE-2014-4479
Versions affected: WebKitGTK+ before 2.6.4.
CVE-2015-1068
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1069
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1070
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1071
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1072
Versions affected: WebKitGTK+ before 2.8.0.
Credit to unknown.
CVE-2015-1073
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1074
Versions affected: WebKitGTK+ before 2.6.4.
CVE-2015-1075
Versions affected: WebKitGTK+ before 2.8.0.
Credit to Google Chrome Security Team.
CVE-2015-1076
Versions affected: WebKitGTK+ before 2.8.0.
Credit to unknown.
CVE-2015-1077
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1080
Versions affected: WebKitGTK+ before 2.6.0.
CVE-2015-1081
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1082
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1083
Versions affected: WebKitGTK+ before 2.6.4.
CVE-2015-1084
Versions affected: WebKitGTK+ before 2.6.1.
CVE-2015-1119
Versions affected: WebKitGTK+ before 2.8.0.
Credit to Renata Hodovan of University of Szeged / Samsung
Electronics.
CVE-2015-1120
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1121
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1122
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-1124
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1126
Versions affected: WebKitGTK+ before 2.8.0.
Credit to Jouko Pynnonen of Klikki Oy.
CVE-2015-1127
Versions affected: WebKitGTK+ before 2.8.0.
Credit to Tyler C (2.6.5).
The private-browsing implementation in WebKit in Apple Safari before
6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 places browsing
history into an index, which might allow local users to obtain
sensitive information by reading index entries.
CVE-2015-1152
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-1153
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1154
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1155
Versions affected: WebKitGTK+ before 2.10.0.
Credit to Joe Vennix of Rapid7 Inc. working with HP's Zero Day
Initiative.
CVE-2015-1156
Versions affected: WebKitGTK+ before 2.8.0.
Credit to Zachary Durber of Moodle.
CVE-2015-2330
Versions affected: WebKitGTK+ before 2.6.6.
Credit to Ross Lagerwall.
Late TLS certificate verification in WebKitGTK+ prior to 2.6.6
allows remote attackers to view a secure HTTP request, including,
for example, secure cookies.
CVE-2015-3658
Versions affected: WebKitGTK+ before 2.8.1.
Credit to Brad Hill of Facebook.
CVE-2015-3659
Versions affected: WebKitGTK+ before 2.8.3.
Credit to Peter Rutenbar working with HP's Zero Day Initiative.
CVE-2015-3660
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-3727
Versions affected: WebKitGTK+ before 2.8.1.
Credit to Peter Rutenbar working with HP's Zero Day Initiative.
CVE-2015-3730
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-3731
Versions affected: WebKitGTK+ before 2.8.3.
CVE-2015-3732
Versions affected: WebKitGTK+ before 2.8.3.
CVE-2015-3733
Versions affected: WebKitGTK+ before 2.8.3.
CVE-2015-3734
Versions affected: WebKitGTK+ before 2.8.3.
CVE-2015-3735
Versions affected: WebKitGTK+ before 2.8.3.
CVE-2015-3736
Versions affected: WebKitGTK+ before 2.8.3.
CVE-2015-3737
Versions affected: WebKitGTK+ before 2.8.3.
CVE-2015-3738
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-3739
Versions affected: WebKitGTK+ before 2.8.1.
CVE-2015-3740
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-3741
Versions affected: WebKitGTK+ before 2.8.1.
CVE-2015-3742
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-3743
Versions affected: WebKitGTK+ before 2.8.3.
CVE-2015-3744
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-3745
Versions affected: WebKitGTK+ before 2.8.1.
CVE-2015-3746
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-3747
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-3748
Versions affected: WebKitGTK+ before 2.8.3.
CVE-2015-3749
Versions affected: WebKitGTK+ before 2.8.3.
CVE-2015-3750
Versions affected: WebKitGTK+ before 2.10.0.
Credit to Muneaki Nishimura (nishimunea).
WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x
before 8.0.8, as used in iOS before 8.4.1 and other products, does
not enforce the HTTP Strict Transport Security (HSTS) protection
mechanism for Content Security Policy (CSP) report requests, which
allows man-in-the-middle attackers to obtain sensitive information
by sniffing the network or spoof a report by modifying the client-
server data stream.
CVE-2015-3751
Versions affected: WebKitGTK+ before 2.10.0.
Credit to Muneaki Nishimura (nishimunea).
CVE-2015-3752
Versions affected: WebKitGTK+ before 2.8.4.
Credit to Muneaki Nishimura (nishimunea).
CVE-2015-3753
Versions affected: WebKitGTK+ before 2.8.3.
Credit to Antonio Sanso and Damien Antipa of Adobe.
CVE-2015-3754
Versions affected: WebKitGTK+ before 2.10.0.
Credit to Dongsung Kim (@kid1ng).
CVE-2015-3755
Versions affected: WebKitGTK+ before 2.10.0.
Credit to xisigr of Tencent's Xuanwu Lab.
CVE-2015-5788
Versions affected: WebKitGTK+ before 2.8.0.
The WebKit Canvas implementation in Apple iOS before 9 allows remote
attackers to bypass the Same Origin Policy and obtain sensitive
image information via vectors involving a CANVAS element.
CVE-2015-5789
Versions affected: WebKitGTK+ before 2.6.1.
CVE-2015-5790
Versions affected: WebKitGTK+ before 2.6.2.
CVE-2015-5791
Versions affected: WebKitGTK+ before 2.6.0.
CVE-2015-5792
Versions affected: WebKitGTK+ before 2.4.0.
CVE-2015-5793
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-5794
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-5795
Versions affected: WebKitGTK+ before 2.8.3.
CVE-2015-5797
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-5798
Versions affected: WebKitGTK+ before 2.6.0.
CVE-2015-5799
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-5800
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-5801
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-5802
Versions affected: WebKitGTK+ before 2.6.0.
CVE-2015-5803
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-5804
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-5805
Versions affected: WebKitGTK+ before 2.10.0.
Credit to unknown.
CVE-2015-5806
Versions affected: WebKitGTK+ before 2.8.3.
CVE-2015-5807
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-5809
Versions affected: WebKitGTK+ before 2.8.4.
CVE-2015-5810
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-5811
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-5812
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-5813
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-5814
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-5815
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-5816
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-5817
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-5818
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-5819
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-5822
Versions affected: WebKitGTK+ before 2.8.1.
Credit to Mark S. Miller of Google.
CVE-2015-5823
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-5825
Versions affected: WebKitGTK+ before 2.10.0.
Credit to Yossi Oren et al. of Columbia University's Network
Security Lab.
CVE-2015-5826
Versions affected: WebKitGTK+ before 2.6.5.
Credit to filedescriptior, Chris Evans.
CVE-2015-5827
Versions affected: WebKitGTK+ before 2.10.0.
Credit to Gildas.
WebKit in Apple iOS before 9 allows remote attackers to bypass the
Same Origin Policy and obtain an object reference via vectors
involving a (1) custom event, (2) message event, or (3) pop state
event.
CVE-2015-5828
Versions affected: WebKitGTK+ before 2.10.0.
Credit to Lorenzo Fontana.
CVE-2015-5928
Versions affected: WebKitGTK+ before 2.8.4.
CVE-2015-5929
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-5930
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-5931
Versions affected: WebKitGTK+ before 2.10.0.
Credit to unknown.
CVE-2015-7002
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-7012
Versions affected: WebKitGTK+ before 2.8.4.
CVE-2015-7013
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-7014
Versions affected: WebKitGTK+ before 2.10.0.
Credit to unknown.
CVE-2015-7048
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-7095
Versions affected: WebKitGTK+ before 2.10.2.
CVE-2015-7097
Versions affected: WebKitGTK+ before 2.10.3.
CVE-2015-7099
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-7100
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-7102
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-7103
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-7104
Versions affected: WebKitGTK+ before 2.10.0.
We recommend updating to the last stable version of WebKitGTK+. It is
the best way of ensuring that you are running a safe version of
WebKitGTK+. Please check our website for information about the last
stable releases.
Further information about WebKitGTK+ Security Advisories can be found
at: http://webkitgtk.org/security.html
The WebKitGTK+ team,
December 28, 2015
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2015-01-27-2 iOS 8.1.3
iOS 8.1.3 is now available and addresses the following:
AppleFileConduit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A maliciously crafted afc command may allow access to
protected parts of the filesystem
Description: A vulnerability existed in the symbolic linking
mechanism of afc. This issue was addressed by adding additional path
checks.
CVE-ID
CVE-2014-4480 : TaiG Jailbreak Team
CoreGraphics
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: An integer overflow existed in the handling of PDF
files. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-4481 : Felipe Andres Manzano of the Binamuse VRT, via the
iSIGHT Partners GVP Program
dyld
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A local user may be able to execute unsigned code
Description: A state management issue existed in the handling of
Mach-O executable files with overlapping segments. This issue was
addressed through improved validation of segment sizes.
CVE-ID
CVE-2014-4455 : TaiG Jailbreak Team
FontParser
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in the handling of font
files. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-4483 : Apple
FontParser
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Processing a maliciously crafted .dfont file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue existed in the handling of
.dfont files. This issue was addressed through improved bounds
checking.
CVE-ID
CVE-2014-4484 : Gaurav Baruah working with HP's Zero Day Initiative
Foundation
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Viewing a maliciously crafted XML file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in the XML parser. This issue
was addressed through improved bounds checking.
CVE-ID
CVE-2014-4485 : Apple
IOAcceleratorFamily
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A null pointer dereference existed in
IOAcceleratorFamily's handling of resource lists. This issue was
addressed by removing unneeded code.
CVE-ID
CVE-2014-4486 : Ian Beer of Google Project Zero
IOHIDFamily
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A buffer overflow existed in IOHIDFamily. This issue
was addressed through improved size validation.
CVE-ID
CVE-2014-4487 : TaiG Jailbreak Team
IOHIDFamily
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A validation issue existed in IOHIDFamily's handling of
resource queue metadata. This issue was addressed through improved
validation of metadata.
CVE-ID
CVE-2014-4488 : Apple
IOHIDFamily
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A null pointer dereference existed in IOHIDFamily's
handling of event queues. This issue was addressed through improved
validation.
CVE-ID
CVE-2014-4489 : @beist
iTunes Store
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A website may be able to bypass sandbox restrictions using
the iTunes Store
Description: An issue existed in the handling of URLs redirected
from Safari to the iTunes Store that could allow a malicious website
to bypass Safari's sandbox restrictions. The issue was addressed with
improved filtering of URLs opened by the iTunes Store.
CVE-ID
CVE-2014-8840 : lokihardt@ASRT working with HP's Zero Day Initiative
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Maliciously crafted or compromised iOS applications may be
able to determine addresses in the kernel
Description: An information disclosure issue existed in the handling
of APIs related to kernel extensions. Responses containing an
OSBundleMachOHeaders key may have included kernel addresses, which
may aid in bypassing address space layout randomization protection.
This issue was addressed by unsliding the addresses before returning
them.
CVE-ID
CVE-2014-4491 : @PanguTeam, Stefan Esser
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: An issue existed in the kernel shared memory subsystem
that allowed an attacker to write to memory that was intended to be
read-only. This issue was addressed with stricter checking of shared
memory permissions.
CVE-ID
CVE-2014-4495 : Ian Beer of Google Project Zero
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Maliciously crafted or compromised iOS applications may be
able to determine addresses in the kernel
Description: The mach_port_kobject kernel interface leaked kernel
addresses and heap permutation value, which may aid in bypassing
address space layout randomization protection. This was addressed by
disabling the mach_port_kobject interface in production
configurations.
CVE-ID
CVE-2014-4496 : TaiG Jailbreak Team
libnetcore
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious, sandboxed app can compromise the networkd
daemon
Description: Multiple type confusion issues existed in networkd's
handling of interprocess communication. The issue is addressed
through additional type checking.
CVE-ID
CVE-2014-4492 : Ian Beer of Google Project Zero
MobileInstallation
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious enterprise-signed application may be able to
take control of the local container for applications already on a
device
Description: A vulnerability existed in the application installation
process. This was addressed by preventing enterprise applications
from overriding existing applications in specific scenarios.
CVE-ID
CVE-2014-4493 : Hui Xue and Tao Wei of FireEye, Inc.
Springboard
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Enterprise-signed applications may be launched without
prompting for trust
Description: An issue existed in determining when to prompt for
trust when first opening an enterprise-signed application. This issue
was addressed through improved code signature validation.
CVE-ID
CVE-2014-4494 : Song Jin, Hui Xue, and Tao Wei of FireEye, Inc.
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a website that frames malicious content may lead to
UI spoofing
Description: A UI spoofing issue existed in the handling of
scrollbar boundaries. This issue was addressed through improved
bounds checking.
CVE-ID
CVE-2014-4467 : Jordan Milne
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Style sheets are loaded cross-origin which may allow for
data exfiltration
Description: An SVG loaded in an img element could load a CSS file
cross-origin. This issue was addressed through enhanced blocking of
external CSS references in SVGs.
CVE-ID
CVE-2014-4465 : Rennie deGraaf of iSEC Partners
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in WebKit.
These issues were addressed through improved memory handling. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About.
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
iQIcBAEBAgAGBQJUx8umAAoJEBcWfLTuOo7tTskQAI5o4uXj16m90mQhSqUYG35F
pCbUBiLJj4IWcgLsNDKgnhcmX6YOA+q7LnyCuU91K4DLybFZr5/OrxDU4/qCsKQb
8o6uRHdtfq6zrOrUgv+hKXP36Rf5v/zl/P9JViuJoKZXMQow6DYoTpCaUAUwp23z
mrF3EwzZyxfT2ICWwPS7r8A9annIprGBZLJz1Yr7Ek90WILTg9RbgnI60IBfpLzn
Bi4ej9FqV2HAy4S9Fad6jyB9E0rAsl6PRMPGKVvOa2o1/mLqiFGR06qyHwJ+ynj8
tTGcnVhiZVaiur807DY1hb6uB2oLFQXxHFYe3T17l3igM/iminMpWfcq/PmnIIwR
IASrhc24qgUywOGK6FfVKdoh5KNgb3xK4X7U9YL9/eMwgT48a2qO6lLTfYdFfBCh
wEzMAFEDpnkwOSw/s5Ry0eCY+p+DU0Kxr3Ter3zkNO0abf2yXjAtu4nHBk3I1t4P
y8fM8vcWhPDTdfhIWp5Vwcs6sxCGXO1/w6Okuv4LlEDkSJ0Vm2AdhnE0TmhWW0BB
w7XMGRYdUCYRbGIta1wciD8yR1xeAWGIOL9+tYROfK4jgPgFGNjtkhqMWNxLZwnR
IEHZ2hYBhf3bWCtEDP5nZBV7jdUUdMxDzDX9AuPp67SXld2By+iMe8AYgu6EVhfY
CfDJ+b9mxdd8GswiT3OO
=j9pr
-----END PGP SIGNATURE-----
.
CVE-ID
CVE-2014-3192 : cloudfuzzer
CVE-2014-4476 : Apple
CVE-2014-4477 : lokihardt@ASRT working with HP's Zero Day
Initiative
CVE-2014-4479 : Apple
Safari 8.0.3, Safari 7.1.3, and Safari 6.2.3 may be obtained from
the Mac App Store
| VAR-201501-0622 | CVE-2014-4476 | Apple Used in products Webkit Vulnerable to arbitrary code execution |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4477 and CVE-2014-4479. Apple iOS , Apple Safari and Apple TV Used in etc. WebKit Any code that could be executed or service disruption ( Memory corruption and application crash ) There are vulnerabilities that are put into a state. WebKit is prone to an unspecified memory-corruption vulnerability.
Attackers can exploit this issue to execute arbitrary code within the context of the user running the affected application. Failed exploit attempts will likely cause denial-of-service conditions. Apple iOS is an operating system developed for mobile devices; Apple Safari is a web browser that is the default browser included with Mac OS X and iOS operating systems; Apple TV is a high-definition television set-top box product. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. ------------------------------------------------------------------------
WebKitGTK+ Security Advisory WSA-2015-0002
------------------------------------------------------------------------
Date reported : December 28, 2015
Advisory ID : WSA-2015-0002
Advisory URL : http://webkitgtk.org/security/WSA-2015-0002.html
CVE identifiers : CVE-2013-6663, CVE-2014-1748, CVE-2014-3192,
CVE-2014-4409, CVE-2014-4410, CVE-2014-4411,
CVE-2014-4412, CVE-2014-4413, CVE-2014-4414,
CVE-2014-4452, CVE-2014-4459, CVE-2014-4465,
CVE-2014-4466, CVE-2014-4468, CVE-2014-4469,
CVE-2014-4470, CVE-2014-4471, CVE-2014-4472,
CVE-2014-4473, CVE-2014-4474, CVE-2014-4475,
CVE-2014-4476, CVE-2014-4477, CVE-2014-4479,
CVE-2015-1068, CVE-2015-1069, CVE-2015-1070,
CVE-2015-1071, CVE-2015-1072, CVE-2015-1073,
CVE-2015-1074, CVE-2015-1075, CVE-2015-1076,
CVE-2015-1077, CVE-2015-1080, CVE-2015-1081,
CVE-2015-1082, CVE-2015-1083, CVE-2015-1084,
CVE-2015-1119, CVE-2015-1120, CVE-2015-1121,
CVE-2015-1122, CVE-2015-1124, CVE-2015-1126,
CVE-2015-1127, CVE-2015-1152, CVE-2015-1153,
CVE-2015-1154, CVE-2015-1155, CVE-2015-1156,
CVE-2015-2330, CVE-2015-3658, CVE-2015-3659,
CVE-2015-3660, CVE-2015-3727, CVE-2015-3730,
CVE-2015-3731, CVE-2015-3732, CVE-2015-3733,
CVE-2015-3734, CVE-2015-3735, CVE-2015-3736,
CVE-2015-3737, CVE-2015-3738, CVE-2015-3739,
CVE-2015-3740, CVE-2015-3741, CVE-2015-3742,
CVE-2015-3743, CVE-2015-3744, CVE-2015-3745,
CVE-2015-3746, CVE-2015-3747, CVE-2015-3748,
CVE-2015-3749, CVE-2015-3750, CVE-2015-3751,
CVE-2015-3752, CVE-2015-3753, CVE-2015-3754,
CVE-2015-3755, CVE-2015-5788, CVE-2015-5789,
CVE-2015-5790, CVE-2015-5791, CVE-2015-5792,
CVE-2015-5793, CVE-2015-5794, CVE-2015-5795,
CVE-2015-5797, CVE-2015-5798, CVE-2015-5799,
CVE-2015-5800, CVE-2015-5801, CVE-2015-5802,
CVE-2015-5803, CVE-2015-5804, CVE-2015-5805,
CVE-2015-5806, CVE-2015-5807, CVE-2015-5809,
CVE-2015-5810, CVE-2015-5811, CVE-2015-5812,
CVE-2015-5813, CVE-2015-5814, CVE-2015-5815,
CVE-2015-5816, CVE-2015-5817, CVE-2015-5818,
CVE-2015-5819, CVE-2015-5822, CVE-2015-5823,
CVE-2015-5825, CVE-2015-5826, CVE-2015-5827,
CVE-2015-5828, CVE-2015-5928, CVE-2015-5929,
CVE-2015-5930, CVE-2015-5931, CVE-2015-7002,
CVE-2015-7012, CVE-2015-7013, CVE-2015-7014,
CVE-2015-7048, CVE-2015-7095, CVE-2015-7097,
CVE-2015-7099, CVE-2015-7100, CVE-2015-7102,
CVE-2015-7103, CVE-2015-7104.
Several vulnerabilities were discovered on WebKitGTK+.
CVE-2013-6663
Versions affected: WebKitGTK+ before 2.4.0.
Credit to Atte Kettunen of OUSPG.
Use-after-free vulnerability in the SVGImage::setContainerSize
function in core/svg/graphics/SVGImage.cpp in the SVG implementation
in Blink, as used in Google Chrome before 33.0.1750.146, allows
remote attackers to cause a denial of service or possibly have
unspecified other impact via vectors related to the resizing of a
view.
CVE-2014-1748
Versions affected: WebKitGTK+ before 2.6.0.
Credit to Jordan Milne.
The ScrollView::paint function in platform/scroll/ScrollView.cpp in
Blink, as used in Google Chrome before 35.0.1916.114, allows remote
attackers to spoof the UI by extending scrollbar painting into the
parent frame.
CVE-2014-3192
Versions affected: WebKitGTK+ before 2.6.3.
Credit to cloudfuzzer.
Use-after-free vulnerability in the
ProcessingInstruction::setXSLStyleSheet function in
core/dom/ProcessingInstruction.cpp in the DOM implementation in
Blink, as used in Google Chrome before 38.0.2125.101, allows remote
attackers to cause a denial of service or possibly have unspecified
other impact via unknown vectors.
CVE-2014-4409
Versions affected: WebKitGTK+ before 2.6.0.
Credit to Yosuke Hasegawa (NetAgent Co., Led.).
CVE-2014-4410
Versions affected: WebKitGTK+ before 2.6.0.
Credit to Eric Seidel of Google.
CVE-2014-4411
Versions affected: WebKitGTK+ before 2.6.0.
Credit to Google Chrome Security Team.
CVE-2014-4412
Versions affected: WebKitGTK+ before 2.4.0.
CVE-2014-4413
Versions affected: WebKitGTK+ before 2.4.0.
CVE-2014-4414
Versions affected: WebKitGTK+ before 2.4.0.
CVE-2014-4452
Versions affected: WebKitGTK+ before 2.6.0.
Credit to unknown.
CVE-2014-4459
Versions affected: WebKitGTK+ before 2.6.2.
Credit to unknown.
CVE-2014-4465
Versions affected: WebKitGTK+ before 2.6.2.
Credit to Rennie deGraaf of iSEC Partners.
CVE-2014-4466
Versions affected: WebKitGTK+ before 2.6.2.
CVE-2014-4468
Versions affected: WebKitGTK+ before 2.6.0.
CVE-2014-4469
Versions affected: WebKitGTK+ before 2.6.4.
CVE-2014-4470
Versions affected: WebKitGTK+ before 2.6.0.
CVE-2014-4471
Versions affected: WebKitGTK+ before 2.6.0.
CVE-2014-4472
Versions affected: WebKitGTK+ before 2.6.0.
CVE-2014-4473
Versions affected: WebKitGTK+ before 2.6.0.
CVE-2014-4474
Versions affected: WebKitGTK+ before 2.6.2.
CVE-2014-4475
Versions affected: WebKitGTK+ before 2.6.0.
CVE-2014-4476
Versions affected: WebKitGTK+ before 2.6.2.
CVE-2014-4477
Versions affected: WebKitGTK+ before 2.6.4.
Credit to lokihardt@ASRT working with HP’s Zero Day Initiative.
CVE-2014-4479
Versions affected: WebKitGTK+ before 2.6.4.
CVE-2015-1068
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1069
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1070
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1071
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1072
Versions affected: WebKitGTK+ before 2.8.0.
Credit to unknown.
CVE-2015-1073
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1074
Versions affected: WebKitGTK+ before 2.6.4.
CVE-2015-1075
Versions affected: WebKitGTK+ before 2.8.0.
Credit to Google Chrome Security Team.
CVE-2015-1076
Versions affected: WebKitGTK+ before 2.8.0.
Credit to unknown.
CVE-2015-1077
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1080
Versions affected: WebKitGTK+ before 2.6.0.
CVE-2015-1081
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1082
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1083
Versions affected: WebKitGTK+ before 2.6.4.
CVE-2015-1084
Versions affected: WebKitGTK+ before 2.6.1.
CVE-2015-1119
Versions affected: WebKitGTK+ before 2.8.0.
Credit to Renata Hodovan of University of Szeged / Samsung
Electronics.
CVE-2015-1120
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1121
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1122
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-1124
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1126
Versions affected: WebKitGTK+ before 2.8.0.
Credit to Jouko Pynnonen of Klikki Oy.
CVE-2015-1127
Versions affected: WebKitGTK+ before 2.8.0.
Credit to Tyler C (2.6.5).
The private-browsing implementation in WebKit in Apple Safari before
6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 places browsing
history into an index, which might allow local users to obtain
sensitive information by reading index entries.
CVE-2015-1152
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-1153
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1154
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1155
Versions affected: WebKitGTK+ before 2.10.0.
Credit to Joe Vennix of Rapid7 Inc. working with HP's Zero Day
Initiative.
CVE-2015-1156
Versions affected: WebKitGTK+ before 2.8.0.
Credit to Zachary Durber of Moodle.
CVE-2015-2330
Versions affected: WebKitGTK+ before 2.6.6.
Credit to Ross Lagerwall.
Late TLS certificate verification in WebKitGTK+ prior to 2.6.6
allows remote attackers to view a secure HTTP request, including,
for example, secure cookies.
CVE-2015-3658
Versions affected: WebKitGTK+ before 2.8.1.
Credit to Brad Hill of Facebook.
CVE-2015-3659
Versions affected: WebKitGTK+ before 2.8.3.
Credit to Peter Rutenbar working with HP's Zero Day Initiative.
CVE-2015-3660
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-3727
Versions affected: WebKitGTK+ before 2.8.1.
Credit to Peter Rutenbar working with HP's Zero Day Initiative.
CVE-2015-3730
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-3731
Versions affected: WebKitGTK+ before 2.8.3.
CVE-2015-3732
Versions affected: WebKitGTK+ before 2.8.3.
CVE-2015-3733
Versions affected: WebKitGTK+ before 2.8.3.
CVE-2015-3734
Versions affected: WebKitGTK+ before 2.8.3.
CVE-2015-3735
Versions affected: WebKitGTK+ before 2.8.3.
CVE-2015-3736
Versions affected: WebKitGTK+ before 2.8.3.
CVE-2015-3737
Versions affected: WebKitGTK+ before 2.8.3.
CVE-2015-3738
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-3739
Versions affected: WebKitGTK+ before 2.8.1.
CVE-2015-3740
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-3741
Versions affected: WebKitGTK+ before 2.8.1.
CVE-2015-3742
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-3743
Versions affected: WebKitGTK+ before 2.8.3.
CVE-2015-3744
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-3745
Versions affected: WebKitGTK+ before 2.8.1.
CVE-2015-3746
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-3747
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-3748
Versions affected: WebKitGTK+ before 2.8.3.
CVE-2015-3749
Versions affected: WebKitGTK+ before 2.8.3.
CVE-2015-3750
Versions affected: WebKitGTK+ before 2.10.0.
Credit to Muneaki Nishimura (nishimunea).
WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x
before 8.0.8, as used in iOS before 8.4.1 and other products, does
not enforce the HTTP Strict Transport Security (HSTS) protection
mechanism for Content Security Policy (CSP) report requests, which
allows man-in-the-middle attackers to obtain sensitive information
by sniffing the network or spoof a report by modifying the client-
server data stream.
CVE-2015-3751
Versions affected: WebKitGTK+ before 2.10.0.
Credit to Muneaki Nishimura (nishimunea).
CVE-2015-3752
Versions affected: WebKitGTK+ before 2.8.4.
Credit to Muneaki Nishimura (nishimunea).
CVE-2015-3753
Versions affected: WebKitGTK+ before 2.8.3.
Credit to Antonio Sanso and Damien Antipa of Adobe.
CVE-2015-3754
Versions affected: WebKitGTK+ before 2.10.0.
Credit to Dongsung Kim (@kid1ng).
CVE-2015-3755
Versions affected: WebKitGTK+ before 2.10.0.
Credit to xisigr of Tencent's Xuanwu Lab.
CVE-2015-5788
Versions affected: WebKitGTK+ before 2.8.0.
The WebKit Canvas implementation in Apple iOS before 9 allows remote
attackers to bypass the Same Origin Policy and obtain sensitive
image information via vectors involving a CANVAS element.
CVE-2015-5789
Versions affected: WebKitGTK+ before 2.6.1.
CVE-2015-5790
Versions affected: WebKitGTK+ before 2.6.2.
CVE-2015-5791
Versions affected: WebKitGTK+ before 2.6.0.
CVE-2015-5792
Versions affected: WebKitGTK+ before 2.4.0.
CVE-2015-5793
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-5794
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-5795
Versions affected: WebKitGTK+ before 2.8.3.
CVE-2015-5797
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-5798
Versions affected: WebKitGTK+ before 2.6.0.
CVE-2015-5799
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-5800
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-5801
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-5802
Versions affected: WebKitGTK+ before 2.6.0.
CVE-2015-5803
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-5804
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-5805
Versions affected: WebKitGTK+ before 2.10.0.
Credit to unknown.
CVE-2015-5806
Versions affected: WebKitGTK+ before 2.8.3.
CVE-2015-5807
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-5809
Versions affected: WebKitGTK+ before 2.8.4.
CVE-2015-5810
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-5811
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-5812
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-5813
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-5814
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-5815
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-5816
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-5817
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-5818
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-5819
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-5822
Versions affected: WebKitGTK+ before 2.8.1.
Credit to Mark S. Miller of Google.
CVE-2015-5823
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-5825
Versions affected: WebKitGTK+ before 2.10.0.
Credit to Yossi Oren et al. of Columbia University's Network
Security Lab.
CVE-2015-5826
Versions affected: WebKitGTK+ before 2.6.5.
Credit to filedescriptior, Chris Evans.
CVE-2015-5827
Versions affected: WebKitGTK+ before 2.10.0.
Credit to Gildas.
WebKit in Apple iOS before 9 allows remote attackers to bypass the
Same Origin Policy and obtain an object reference via vectors
involving a (1) custom event, (2) message event, or (3) pop state
event.
CVE-2015-5828
Versions affected: WebKitGTK+ before 2.10.0.
Credit to Lorenzo Fontana.
CVE-2015-5928
Versions affected: WebKitGTK+ before 2.8.4.
CVE-2015-5929
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-5930
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-5931
Versions affected: WebKitGTK+ before 2.10.0.
Credit to unknown.
CVE-2015-7002
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-7012
Versions affected: WebKitGTK+ before 2.8.4.
CVE-2015-7013
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-7014
Versions affected: WebKitGTK+ before 2.10.0.
Credit to unknown.
CVE-2015-7048
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-7095
Versions affected: WebKitGTK+ before 2.10.2.
CVE-2015-7097
Versions affected: WebKitGTK+ before 2.10.3.
CVE-2015-7099
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-7100
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-7102
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-7103
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-7104
Versions affected: WebKitGTK+ before 2.10.0.
We recommend updating to the last stable version of WebKitGTK+. It is
the best way of ensuring that you are running a safe version of
WebKitGTK+. Please check our website for information about the last
stable releases.
Further information about WebKitGTK+ Security Advisories can be found
at: http://webkitgtk.org/security.html
The WebKitGTK+ team,
December 28, 2015
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2015-01-27-2 iOS 8.1.3
iOS 8.1.3 is now available and addresses the following:
AppleFileConduit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A maliciously crafted afc command may allow access to
protected parts of the filesystem
Description: A vulnerability existed in the symbolic linking
mechanism of afc. This issue was addressed by adding additional path
checks.
CVE-ID
CVE-2014-4480 : TaiG Jailbreak Team
CoreGraphics
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: An integer overflow existed in the handling of PDF
files. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-4481 : Felipe Andres Manzano of the Binamuse VRT, via the
iSIGHT Partners GVP Program
dyld
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A local user may be able to execute unsigned code
Description: A state management issue existed in the handling of
Mach-O executable files with overlapping segments. This issue was
addressed through improved validation of segment sizes.
CVE-ID
CVE-2014-4455 : TaiG Jailbreak Team
FontParser
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in the handling of font
files. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-4483 : Apple
FontParser
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Processing a maliciously crafted .dfont file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue existed in the handling of
.dfont files. This issue was addressed through improved bounds
checking.
CVE-ID
CVE-2014-4484 : Gaurav Baruah working with HP's Zero Day Initiative
Foundation
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Viewing a maliciously crafted XML file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in the XML parser. This issue
was addressed through improved bounds checking.
CVE-ID
CVE-2014-4485 : Apple
IOAcceleratorFamily
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A null pointer dereference existed in
IOAcceleratorFamily's handling of resource lists. This issue was
addressed by removing unneeded code.
CVE-ID
CVE-2014-4486 : Ian Beer of Google Project Zero
IOHIDFamily
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A buffer overflow existed in IOHIDFamily. This issue
was addressed through improved size validation.
CVE-ID
CVE-2014-4487 : TaiG Jailbreak Team
IOHIDFamily
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A validation issue existed in IOHIDFamily's handling of
resource queue metadata. This issue was addressed through improved
validation of metadata.
CVE-ID
CVE-2014-4488 : Apple
IOHIDFamily
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A null pointer dereference existed in IOHIDFamily's
handling of event queues. This issue was addressed through improved
validation.
CVE-ID
CVE-2014-4489 : @beist
iTunes Store
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A website may be able to bypass sandbox restrictions using
the iTunes Store
Description: An issue existed in the handling of URLs redirected
from Safari to the iTunes Store that could allow a malicious website
to bypass Safari's sandbox restrictions. The issue was addressed with
improved filtering of URLs opened by the iTunes Store.
CVE-ID
CVE-2014-8840 : lokihardt@ASRT working with HP's Zero Day Initiative
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Maliciously crafted or compromised iOS applications may be
able to determine addresses in the kernel
Description: An information disclosure issue existed in the handling
of APIs related to kernel extensions. Responses containing an
OSBundleMachOHeaders key may have included kernel addresses, which
may aid in bypassing address space layout randomization protection.
This issue was addressed by unsliding the addresses before returning
them.
CVE-ID
CVE-2014-4491 : @PanguTeam, Stefan Esser
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: An issue existed in the kernel shared memory subsystem
that allowed an attacker to write to memory that was intended to be
read-only. This issue was addressed with stricter checking of shared
memory permissions.
CVE-ID
CVE-2014-4495 : Ian Beer of Google Project Zero
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Maliciously crafted or compromised iOS applications may be
able to determine addresses in the kernel
Description: The mach_port_kobject kernel interface leaked kernel
addresses and heap permutation value, which may aid in bypassing
address space layout randomization protection. This was addressed by
disabling the mach_port_kobject interface in production
configurations.
CVE-ID
CVE-2014-4496 : TaiG Jailbreak Team
libnetcore
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious, sandboxed app can compromise the networkd
daemon
Description: Multiple type confusion issues existed in networkd's
handling of interprocess communication. The issue is addressed
through additional type checking.
CVE-ID
CVE-2014-4492 : Ian Beer of Google Project Zero
MobileInstallation
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious enterprise-signed application may be able to
take control of the local container for applications already on a
device
Description: A vulnerability existed in the application installation
process. This was addressed by preventing enterprise applications
from overriding existing applications in specific scenarios.
CVE-ID
CVE-2014-4493 : Hui Xue and Tao Wei of FireEye, Inc.
Springboard
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Enterprise-signed applications may be launched without
prompting for trust
Description: An issue existed in determining when to prompt for
trust when first opening an enterprise-signed application. This issue
was addressed through improved code signature validation.
CVE-ID
CVE-2014-4494 : Song Jin, Hui Xue, and Tao Wei of FireEye, Inc.
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a website that frames malicious content may lead to
UI spoofing
Description: A UI spoofing issue existed in the handling of
scrollbar boundaries. This issue was addressed through improved
bounds checking.
CVE-ID
CVE-2014-4467 : Jordan Milne
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Style sheets are loaded cross-origin which may allow for
data exfiltration
Description: An SVG loaded in an img element could load a CSS file
cross-origin. This issue was addressed through enhanced blocking of
external CSS references in SVGs.
CVE-ID
CVE-2014-4465 : Rennie deGraaf of iSEC Partners
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in WebKit.
These issues were addressed through improved memory handling. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About.
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
iQIcBAEBAgAGBQJUx8umAAoJEBcWfLTuOo7tTskQAI5o4uXj16m90mQhSqUYG35F
pCbUBiLJj4IWcgLsNDKgnhcmX6YOA+q7LnyCuU91K4DLybFZr5/OrxDU4/qCsKQb
8o6uRHdtfq6zrOrUgv+hKXP36Rf5v/zl/P9JViuJoKZXMQow6DYoTpCaUAUwp23z
mrF3EwzZyxfT2ICWwPS7r8A9annIprGBZLJz1Yr7Ek90WILTg9RbgnI60IBfpLzn
Bi4ej9FqV2HAy4S9Fad6jyB9E0rAsl6PRMPGKVvOa2o1/mLqiFGR06qyHwJ+ynj8
tTGcnVhiZVaiur807DY1hb6uB2oLFQXxHFYe3T17l3igM/iminMpWfcq/PmnIIwR
IASrhc24qgUywOGK6FfVKdoh5KNgb3xK4X7U9YL9/eMwgT48a2qO6lLTfYdFfBCh
wEzMAFEDpnkwOSw/s5Ry0eCY+p+DU0Kxr3Ter3zkNO0abf2yXjAtu4nHBk3I1t4P
y8fM8vcWhPDTdfhIWp5Vwcs6sxCGXO1/w6Okuv4LlEDkSJ0Vm2AdhnE0TmhWW0BB
w7XMGRYdUCYRbGIta1wciD8yR1xeAWGIOL9+tYROfK4jgPgFGNjtkhqMWNxLZwnR
IEHZ2hYBhf3bWCtEDP5nZBV7jdUUdMxDzDX9AuPp67SXld2By+iMe8AYgu6EVhfY
CfDJ+b9mxdd8GswiT3OO
=j9pr
-----END PGP SIGNATURE-----
.
CVE-ID
CVE-2014-3192 : cloudfuzzer
CVE-2014-4476 : Apple
CVE-2014-4477 : lokihardt@ASRT working with HP's Zero Day
Initiative
CVE-2014-4479 : Apple
Safari 8.0.3, Safari 7.1.3, and Safari 6.2.3 may be obtained from
the Mac App Store
| VAR-201709-0150 | CVE-2014-0997 |
Used on multiple devices Android Data processing vulnerability
Related entries in the VARIoT exploits database: VAR-E-201501-0033 |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
WiFiMonitor in Android 4.4.4 as used in the Nexus 5 and 4, Android 4.2.2 as used in the LG D806, Android 4.2.2 as used in the Samsung SM-T310, Android 4.1.2 as used in the Motorola RAZR HD, and potentially other unspecified Android releases before 5.0.1 and 5.0.2 does not properly handle exceptions, which allows remote attackers to cause a denial of service (reboot) via a crafted 802.11 probe response frame. Used on multiple devices Android Contains a data processing vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Wi-Fi Direct can support a pair of connected devices, enabling simultaneous connection of multiple devices, and the Wi-Fi Direct standard will support all Wi-Fi devices. Multiple Android Devices have a denial of service vulnerability that allows an attacker to initiate a denial of service attack.
Successfully exploiting this issue will allow attackers to cause denial-of-service conditions
| VAR-201502-0470 | CVE-2015-0869 | I-O DATA DEVICE NP-BBRM Denial of Service Vulnerability |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
I-O DATA DEVICE NP-BBRM routers allow remote attackers to cause a denial of service (SSDP reflection) via UPnP requests. NP-BBRM provided by I-O DATA DEVICE, INC. is a LAN router. NP-BBRM contains a vulnerability in the UPnP functionality.The device may be used in a DDoS attack, as a SSDP reflector. NP-BBRM is prone to multiple unspecified security vulnerabilities
| VAR-201501-0221 | CVE-2015-0586 | Cisco 2900 Series Integrated Services Router Denial of Service Vulnerability |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
The Network-Based Application Recognition (NBAR) protocol implementation in Cisco IOS 15.3(100)M and earlier on Cisco 2900 Integrated Services Router (aka Cisco Internet Router) devices allows remote attackers to cause a denial of service (NBAR process hang) via IPv4 packets, aka Bug ID CSCuo73682. Vendors report this vulnerability Bug ID CSCuo73682 Published as. Supplementary information : CWE Vulnerability types by CWE-19: Data Handling ( Data processing ) Has been identified. http://cwe.mitre.org/data/definitions/19.htmlBy a third party, IPv4 Denial of service via packets (NBAR Process hang ) May be in a state.
Attackers can exploit this issue to cause the affected device to reload, denying service to legitimate users. Cisco IOS is a set of operating systems for Internet interconnection
| VAR-201803-0099 | CVE-2014-8130 | LibTIFF Vulnerable to division by zero |
CVSS V2: 4.3 CVSS V3: 6.5 Severity: MEDIUM |
The _TIFFmalloc function in tif_unix.c in LibTIFF 4.0.3 does not reject a zero size, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image that is mishandled by the TIFFWriteScanline function in tif_write.c, as demonstrated by tiffdither. LibTIFF Contains a vulnerability related to division by zero.Service operation interruption (DoS) There is a possibility of being put into a state. LibTIFF is prone to a denial-of-service vulnerability.
Successful exploits may allow attackers to crash the affected application, denying service to legitimate users. A denial of service vulnerability exists in Silicon Graphics LibTiff prior to 4.0.3. ============================================================================
Ubuntu Security Notice USN-2553-2
April 01, 2015
tiff regression
============================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
- Ubuntu 10.04 LTS
Summary:
USN-2553-1 introduced a regression in LibTIFF. One of the security fixes
caused a regression when saving certain TIFF files with a Predictor tag.
The problematic patch has been temporarily backed out until a more complete
fix is available.
We apologize for the inconvenience.
Original advisory details:
William Robinet discovered that LibTIFF incorrectly handled certain
malformed images. (CVE-2014-8127, CVE-2014-8128, CVE-2014-8129,
CVE-2014-8130)
Paris Zoumpouloglou discovered that LibTIFF incorrectly handled certain
malformed BMP images. (CVE-2014-9655)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.10:
libtiff5 4.0.3-10ubuntu0.2
Ubuntu 14.04 LTS:
libtiff5 4.0.3-7ubuntu0.3
Ubuntu 12.04 LTS:
libtiff4 3.9.5-2ubuntu1.8
Ubuntu 10.04 LTS:
libtiff4 3.9.2-2ubuntu0.16
In general, a standard system update will make all the necessary changes.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Important: libtiff security update
Advisory ID: RHSA-2016:1546-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1546.html
Issue date: 2016-08-02
CVE Names: CVE-2014-8127 CVE-2014-8129 CVE-2014-8130
CVE-2014-9330 CVE-2014-9655 CVE-2015-1547
CVE-2015-7554 CVE-2015-8665 CVE-2015-8668
CVE-2015-8683 CVE-2015-8781 CVE-2015-8782
CVE-2015-8783 CVE-2015-8784 CVE-2016-3632
CVE-2016-3945 CVE-2016-3990 CVE-2016-3991
CVE-2016-5320
=====================================================================
1. Summary:
An update for libtiff is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64
Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
3. Description:
The libtiff packages contain a library of functions for manipulating Tagged
Image File Format (TIFF) files.
Security Fix(es):
* Multiple flaws have been discovered in libtiff. (CVE-2014-9655, CVE-2015-1547,
CVE-2015-8784, CVE-2015-8683, CVE-2015-8665, CVE-2015-8781, CVE-2015-8782,
CVE-2015-8783, CVE-2016-3990, CVE-2016-5320)
* Multiple flaws have been discovered in various libtiff tools (bmp2tiff,
pal2rgb, thumbnail, tiff2bw, tiff2pdf, tiffcrop, tiffdither, tiffsplit,
tiff2rgba). By tricking a user into processing a specially crafted file, a
remote attacker could exploit these flaws to cause a crash or memory
corruption and, possibly, execute arbitrary code with the privileges of the
user running the libtiff tool. (CVE-2014-8127, CVE-2014-8129,
CVE-2014-8130, CVE-2014-9330, CVE-2015-7554, CVE-2015-8668, CVE-2016-3632,
CVE-2016-3945, CVE-2016-3991)
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running applications linked against libtiff must be restarted for this
update to take effect.
5. Bugs fixed (https://bugzilla.redhat.com/):
1177893 - CVE-2014-9330 libtiff: Out-of-bounds reads followed by a crash in bmp2tiff
1185805 - CVE-2014-8127 libtiff: out-of-bounds read with malformed TIFF image in multiple tools
1185815 - CVE-2014-8129 libtiff: out-of-bounds read/write with malformed TIFF image in tiff2pdf
1185817 - CVE-2014-8130 libtiff: divide by zero in the tiffdither tool
1190703 - CVE-2014-9655 libtiff: use of uninitialized memory in putcontig8bitYCbCr21tile and NeXTDecode
1190709 - CVE-2015-1547 libtiff: use of uninitialized memory in NeXTDecode
1294417 - CVE-2015-7554 libtiff: Invalid-write in _TIFFVGetField() when parsing some extension tags
1294425 - CVE-2015-8668 libtiff: OOB read in bmp2tiff
1294427 - CVE-2015-8683 libtiff: Out-of-bounds when reading CIE Lab image format files
1294444 - CVE-2015-8665 libtiff: Out-of-bounds read in tif_getimage.c
1301649 - CVE-2015-8781 CVE-2015-8782 CVE-2015-8783 libtiff: invalid assertion
1301652 - CVE-2015-8784 libtiff: out-of-bound write in NeXTDecode()
1325093 - CVE-2016-3945 libtiff: out-of-bounds write in the tiff2rgba tool
1325095 - CVE-2016-3632 libtiff: out-of-bounds write in _TIFFVGetField function
1326246 - CVE-2016-3990 libtiff: out-of-bounds write in horizontalDifference8()
1326249 - CVE-2016-3991 libtiff: out-of-bounds write in loadImage() function
1346687 - CVE-2016-5320 libtiff: Out-of-bounds write in PixarLogDecode() function in tif_pixarlog.c
6. Package List:
Red Hat Enterprise Linux Client (v. 7):
Source:
libtiff-4.0.3-25.el7_2.src.rpm
x86_64:
libtiff-4.0.3-25.el7_2.i686.rpm
libtiff-4.0.3-25.el7_2.x86_64.rpm
libtiff-debuginfo-4.0.3-25.el7_2.i686.rpm
libtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64:
libtiff-debuginfo-4.0.3-25.el7_2.i686.rpm
libtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm
libtiff-devel-4.0.3-25.el7_2.i686.rpm
libtiff-devel-4.0.3-25.el7_2.x86_64.rpm
libtiff-static-4.0.3-25.el7_2.i686.rpm
libtiff-static-4.0.3-25.el7_2.x86_64.rpm
libtiff-tools-4.0.3-25.el7_2.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source:
libtiff-4.0.3-25.el7_2.src.rpm
x86_64:
libtiff-4.0.3-25.el7_2.i686.rpm
libtiff-4.0.3-25.el7_2.x86_64.rpm
libtiff-debuginfo-4.0.3-25.el7_2.i686.rpm
libtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64:
libtiff-debuginfo-4.0.3-25.el7_2.i686.rpm
libtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm
libtiff-devel-4.0.3-25.el7_2.i686.rpm
libtiff-devel-4.0.3-25.el7_2.x86_64.rpm
libtiff-static-4.0.3-25.el7_2.i686.rpm
libtiff-static-4.0.3-25.el7_2.x86_64.rpm
libtiff-tools-4.0.3-25.el7_2.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source:
libtiff-4.0.3-25.el7_2.src.rpm
ppc64:
libtiff-4.0.3-25.el7_2.ppc.rpm
libtiff-4.0.3-25.el7_2.ppc64.rpm
libtiff-debuginfo-4.0.3-25.el7_2.ppc.rpm
libtiff-debuginfo-4.0.3-25.el7_2.ppc64.rpm
libtiff-devel-4.0.3-25.el7_2.ppc.rpm
libtiff-devel-4.0.3-25.el7_2.ppc64.rpm
ppc64le:
libtiff-4.0.3-25.el7_2.ppc64le.rpm
libtiff-debuginfo-4.0.3-25.el7_2.ppc64le.rpm
libtiff-devel-4.0.3-25.el7_2.ppc64le.rpm
s390x:
libtiff-4.0.3-25.el7_2.s390.rpm
libtiff-4.0.3-25.el7_2.s390x.rpm
libtiff-debuginfo-4.0.3-25.el7_2.s390.rpm
libtiff-debuginfo-4.0.3-25.el7_2.s390x.rpm
libtiff-devel-4.0.3-25.el7_2.s390.rpm
libtiff-devel-4.0.3-25.el7_2.s390x.rpm
x86_64:
libtiff-4.0.3-25.el7_2.i686.rpm
libtiff-4.0.3-25.el7_2.x86_64.rpm
libtiff-debuginfo-4.0.3-25.el7_2.i686.rpm
libtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm
libtiff-devel-4.0.3-25.el7_2.i686.rpm
libtiff-devel-4.0.3-25.el7_2.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64:
libtiff-debuginfo-4.0.3-25.el7_2.ppc.rpm
libtiff-debuginfo-4.0.3-25.el7_2.ppc64.rpm
libtiff-static-4.0.3-25.el7_2.ppc.rpm
libtiff-static-4.0.3-25.el7_2.ppc64.rpm
libtiff-tools-4.0.3-25.el7_2.ppc64.rpm
ppc64le:
libtiff-debuginfo-4.0.3-25.el7_2.ppc64le.rpm
libtiff-static-4.0.3-25.el7_2.ppc64le.rpm
libtiff-tools-4.0.3-25.el7_2.ppc64le.rpm
s390x:
libtiff-debuginfo-4.0.3-25.el7_2.s390.rpm
libtiff-debuginfo-4.0.3-25.el7_2.s390x.rpm
libtiff-static-4.0.3-25.el7_2.s390.rpm
libtiff-static-4.0.3-25.el7_2.s390x.rpm
libtiff-tools-4.0.3-25.el7_2.s390x.rpm
x86_64:
libtiff-debuginfo-4.0.3-25.el7_2.i686.rpm
libtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm
libtiff-static-4.0.3-25.el7_2.i686.rpm
libtiff-static-4.0.3-25.el7_2.x86_64.rpm
libtiff-tools-4.0.3-25.el7_2.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source:
libtiff-4.0.3-25.el7_2.src.rpm
x86_64:
libtiff-4.0.3-25.el7_2.i686.rpm
libtiff-4.0.3-25.el7_2.x86_64.rpm
libtiff-debuginfo-4.0.3-25.el7_2.i686.rpm
libtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm
libtiff-devel-4.0.3-25.el7_2.i686.rpm
libtiff-devel-4.0.3-25.el7_2.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64:
libtiff-debuginfo-4.0.3-25.el7_2.i686.rpm
libtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm
libtiff-static-4.0.3-25.el7_2.i686.rpm
libtiff-static-4.0.3-25.el7_2.x86_64.rpm
libtiff-tools-4.0.3-25.el7_2.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2014-8127
https://access.redhat.com/security/cve/CVE-2014-8129
https://access.redhat.com/security/cve/CVE-2014-8130
https://access.redhat.com/security/cve/CVE-2014-9330
https://access.redhat.com/security/cve/CVE-2014-9655
https://access.redhat.com/security/cve/CVE-2015-1547
https://access.redhat.com/security/cve/CVE-2015-7554
https://access.redhat.com/security/cve/CVE-2015-8665
https://access.redhat.com/security/cve/CVE-2015-8668
https://access.redhat.com/security/cve/CVE-2015-8683
https://access.redhat.com/security/cve/CVE-2015-8781
https://access.redhat.com/security/cve/CVE-2015-8782
https://access.redhat.com/security/cve/CVE-2015-8783
https://access.redhat.com/security/cve/CVE-2015-8784
https://access.redhat.com/security/cve/CVE-2016-3632
https://access.redhat.com/security/cve/CVE-2016-3945
https://access.redhat.com/security/cve/CVE-2016-3990
https://access.redhat.com/security/cve/CVE-2016-3991
https://access.redhat.com/security/cve/CVE-2016-5320
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iD8DBQFXoNKIXlSAg2UNWIIRAn0mAJ49V9uRtJCn4vAWPIfVZ3ptCa4NDQCbBuTb
H5YX3gD3gJu8C4EadiP+wtg=
=Z4gh
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8127
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8128
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8129
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8130
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9655
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1547
http://advisories.mageia.org/MGASA-2015-0112.html
_______________________________________________________________________
Updated Packages:
Mandriva Business Server 2/X86_64:
17de6bd824adefbdae0ff3c563d63269 mbs2/x86_64/lib64tiff5-4.0.4-0.1.mbs2.x86_64.rpm
f54719a7fc450ee6d6f755276d9e2724 mbs2/x86_64/lib64tiff-devel-4.0.4-0.1.mbs2.x86_64.rpm
919f8e9c688aa4341e3e5a0beec9d845 mbs2/x86_64/lib64tiff-static-devel-4.0.4-0.1.mbs2.x86_64.rpm
f144bb33e2e10f9290851a5c8154660c mbs2/x86_64/libtiff-progs-4.0.4-0.1.mbs2.x86_64.rpm
74ddb4270be8dac262dce7cb8e33f2b6 mbs2/SRPMS/libtiff-4.0.4-0.1.mbs2.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iD8DBQFVGACNmqjQ0CJFipgRAqWHAKCMsgmTovS2eO9vgejrPl3VxblviwCfdmYA
gzHy/Xg9PwU1pycCt9bn7Xg=
=Qxp+
-----END PGP SIGNATURE-----
.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201701-16
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: libTIFF: Multiple vulnerabilities
Date: January 09, 2017
Bugs: #484542, #534108, #538318, #561880, #572876, #585274,
#585508, #599746
ID: 201701-16
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in libTIFF, the worst of which
may allow execution of arbitrary code. It is called by numerous programs, including GNOME
and KDE applications, to interpret TIFF images. Please review
the CVE identifier and bug reports referenced for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All libTIFF users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-libs/tiff-4.0.7"
References
==========
[ 1 ] CVE-2013-4243
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4243
[ 2 ] CVE-2014-8127
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8127
[ 3 ] CVE-2014-8128
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8128
[ 4 ] CVE-2014-8129
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8129
[ 5 ] CVE-2014-8130
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8130
[ 6 ] CVE-2014-9330
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9330
[ 7 ] CVE-2014-9655
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9655
[ 8 ] CVE-2015-1547
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1547
[ 9 ] CVE-2015-7313
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7313
[ 10 ] CVE-2015-7554
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7554
[ 11 ] CVE-2015-8665
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8665
[ 12 ] CVE-2015-8668
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8668
[ 13 ] CVE-2015-8683
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8683
[ 14 ] CVE-2015-8781
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8781
[ 15 ] CVE-2015-8782
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8782
[ 16 ] CVE-2015-8783
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8783
[ 17 ] CVE-2015-8784
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8784
[ 18 ] CVE-2016-3186
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3186
[ 19 ] CVE-2016-3619
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3619
[ 20 ] CVE-2016-3620
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3620
[ 21 ] CVE-2016-3621
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3621
[ 22 ] CVE-2016-3622
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3622
[ 23 ] CVE-2016-3623
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3623
[ 24 ] CVE-2016-3624
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3624
[ 25 ] CVE-2016-3625
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3625
[ 26 ] CVE-2016-3631
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3631
[ 27 ] CVE-2016-3632
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3632
[ 28 ] CVE-2016-3633
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3633
[ 29 ] CVE-2016-3634
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3634
[ 30 ] CVE-2016-3658
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3658
[ 31 ] CVE-2016-3945
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3945
[ 32 ] CVE-2016-3990
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3990
[ 33 ] CVE-2016-3991
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3991
[ 34 ] CVE-2016-5102
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5102
[ 35 ] CVE-2016-5314
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5314
[ 36 ] CVE-2016-5315
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5315
[ 37 ] CVE-2016-5316
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5316
[ 38 ] CVE-2016-5317
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5317
[ 39 ] CVE-2016-5318
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5318
[ 40 ] CVE-2016-5319
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5319
[ 41 ] CVE-2016-5320
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5320
[ 42 ] CVE-2016-5321
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5321
[ 43 ] CVE-2016-5322
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5322
[ 44 ] CVE-2016-5323
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5323
[ 45 ] CVE-2016-5652
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5652
[ 46 ] CVE-2016-5875
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5875
[ 47 ] CVE-2016-6223
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6223
[ 48 ] CVE-2016-8331
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8331
[ 49 ] CVE-2016-9273
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9273
[ 50 ] CVE-2016-9297
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9297
[ 51 ] CVE-2016-9318
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9318
[ 52 ] CVE-2016-9448
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9448
[ 53 ] CVE-2016-9453
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9453
[ 54 ] CVE-2016-9532
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9532
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201701-16
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2017 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
--WUa5dgL7FmU1aSF31hCrUKc2JiSevbqka--
. 6) - i386, x86_64
3