Vous êtes ici: index » cert » avis

Avis du CERT RENATER

Par défaut, cette page vous affichera les derniers messages envoyés par le CERT RENATER à la communauté. Vous pouvez affiner par année ou par type de message. Si aucun critère n'est précisé, seuls les derniers messages sont affichés

Date : Thu, 13 Sep 2012 16:24:01 +0200
Type : VULN
Sujet : CERT-Renater : 2012/VULN356 (APPLE : iTunes 10.7 fixes multiple vulnerabilities in WebKit)
===================================================================
                             CERT-Renater

                  Note d'Information No. 2012/VULN356
____________________________________________________________________

DATE                : 13/09/2012

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S) : Windows version 7, Vista, XP
                         running APPLE iTunes versions prior to 10.7.

======================================================================
http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html
______________________________________________________________________


APPLE-SA-2012-09-12-1 iTunes 10.7

iTunes 10.7 is now available and addresses the following:

WebKit
Available for:  Windows 7, Vista, XP SP2 or later
Impact:  Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description:  Multiple memory corruption issues existed in WebKit.
These issues are addressed through improved memory handling.
CVE-ID
CVE-2011-3016 : miaubiz
CVE-2011-3021 : Arthur Gerkis
CVE-2011-3027 : miaubiz
CVE-2011-3032 : Arthur Gerkis
CVE-2011-3034 : Arthur Gerkis
CVE-2011-3035 : wushi of team509 working with iDefense VCP, Arthur
Gerkis
CVE-2011-3036 : miaubiz
CVE-2011-3037 : miaubiz
CVE-2011-3038 : miaubiz
CVE-2011-3039 : miaubiz
CVE-2011-3040 : miaubiz
CVE-2011-3041 : miaubiz
CVE-2011-3042 : miaubiz
CVE-2011-3043 : miaubiz
CVE-2011-3044 : Arthur Gerkis
CVE-2011-3050 : miaubiz
CVE-2011-3053 : miaubiz
CVE-2011-3059 : Arthur Gerkis
CVE-2011-3060 : miaubiz
CVE-2011-3064 : Atte Kettunen of OUSPG
CVE-2011-3068 : miaubiz
CVE-2011-3069 : miaubiz
CVE-2011-3071 : pa_kt working with HP's Zero Day Initiative
CVE-2011-3073 : Arthur Gerkis
CVE-2011-3074 : Slawomir Blazek
CVE-2011-3075 : miaubiz
CVE-2011-3076 : miaubiz
CVE-2011-3078 : Martin Barbella of the Google Chrome Security Team
CVE-2011-3081 : miaubiz
CVE-2011-3086 : Arthur Gerkis
CVE-2011-3089 : Skylined of the Google Chrome Security Team, miaubiz
CVE-2011-3090 : Arthur Gerkis
CVE-2011-3105 : miaubiz
CVE-2011-3913 : Arthur Gerkis
CVE-2011-3924 : Arthur Gerkis
CVE-2011-3926 : Arthur Gerkis
CVE-2011-3958 : miaubiz
CVE-2011-3966 : Aki Helin of OUSPG
CVE-2011-3968 : Arthur Gerkis
CVE-2011-3969 : Arthur Gerkis
CVE-2011-3971 : Arthur Gerkis
CVE-2012-0682 : Apple Product Security
CVE-2012-0683 : Dave Mandelin of Mozilla
CVE-2012-1520 : Martin Barbella of the Google Chrome Security Team
using AddressSanitizer, Jose A. Vazquez of spa-s3c.blogspot.com
working with iDefense VCP
CVE-2012-1521 : Skylined of the Google Chrome Security Team, Jose A.
Vazquez of spa-s3c.blogspot.com working with iDefense VCP
CVE-2012-2817 : miaubiz
CVE-2012-2818 : miaubiz
CVE-2012-2829 : miaubiz
CVE-2012-2831 : miaubiz
CVE-2012-2842 : miaubiz
CVE-2012-2843 : miaubiz
CVE-2012-3589 : Dave Mandelin of Mozilla
CVE-2012-3590 : Apple Product Security
CVE-2012-3591 : Apple Product Security
CVE-2012-3592 : Apple Product Security
CVE-2012-3593 : Apple Product Security
CVE-2012-3594 : miaubiz
CVE-2012-3595 : Martin Barbella of Google Chrome Security
CVE-2012-3596 : Skylined of the Google Chrome Security Team
CVE-2012-3597 : Abhishek Arya of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3598 : Apple Product Security
CVE-2012-3599 : Abhishek Arya of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3600 : David Levin of the Chromium development community
CVE-2012-3601 : Martin Barbella of the Google Chrome Security Team
using AddressSanitizer
CVE-2012-3602 : miaubiz
CVE-2012-3603 : Apple Product Security
CVE-2012-3604 : Skylined of the Google Chrome Security Team
CVE-2012-3605 : Cris Neckar of the Google Chrome Security team
CVE-2012-3606 : Abhishek Arya of the Google Chrome Security Team
using AddressSanitizer
CVE-2012-3607 : Abhishek Arya of the Google Chrome Security Team
using AddressSanitizer
CVE-2012-3608 : Skylined of the Google Chrome Security Team
CVE-2012-3609 : Skylined of the Google Chrome Security Team
CVE-2012-3610 : Skylined of the Google Chrome Security Team
CVE-2012-3611 : Apple Product Security
CVE-2012-3612 : Skylined of the Google Chrome Security Team
CVE-2012-3613 : Abhishek Arya of the Google Chrome Security Team
using AddressSanitizer
CVE-2012-3614 : Yong Li of Research In Motion, Inc.
CVE-2012-3615 : Stephen Chenney of the Chromium development community
CVE-2012-3616 : Abhishek Arya of the Google Chrome Security Team
using AddressSanitizer
CVE-2012-3617 : Apple Product Security
CVE-2012-3618 : Abhishek Arya of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3620 : Abhishek Arya of Google Chrome Security Team
CVE-2012-3621 : Skylined of the Google Chrome Security Team
CVE-2012-3622 : Abhishek Arya of the Google Chrome Security Team
using AddressSanitizer
CVE-2012-3623 : Skylined of the Google Chrome Security Team
CVE-2012-3624 : Skylined of the Google Chrome Security Team
CVE-2012-3625 : Skylined of Google Chrome Security Team
CVE-2012-3626 : Apple Product Security
CVE-2012-3627 : Skylined and Abhishek Arya of Google Chrome Security
team
CVE-2012-3628 : Apple Product Security
CVE-2012-3629 : Abhishek Arya of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3630 : Abhishek Arya of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3631 : Abhishek Arya of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3632 : Abhishek Arya of the Google Chrome Security Team
using AddressSanitizer
CVE-2012-3633 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3634 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3635 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3636 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3637 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3638 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3639 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3640 : miaubiz
CVE-2012-3641 : Slawomir Blazek
CVE-2012-3642 : miaubiz
CVE-2012-3643 : Skylined of the Google Chrome Security Team
CVE-2012-3644 : miaubiz
CVE-2012-3645 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3646 : Julien Chaffraix of the Chromium development
community, Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3647 : Skylined of the Google Chrome Security Team
CVE-2012-3648 : Abhishek Arya of the Google Chrome Security Team
using AddressSanitizer
CVE-2012-3649 : Dominic Cooney of Google and Martin Barbella of the
Google Chrome Security Team
CVE-2012-3651 : Abhishek Arya and Martin Barbella of the Google
Chrome Security Team
CVE-2012-3652 : Martin Barbella of Google Chrome Security Team
CVE-2012-3653 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3654 : Skylined of the Google Chrome Security Team
CVE-2012-3655 : Skylined of the Google Chrome Security Team
CVE-2012-3656 : Abhishek Arya of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3657 : Abhishek Arya of the Google Chrome Security Team
using AddressSanitizer
CVE-2012-3658 : Apple
CVE-2012-3659 : Mario Gomes of netfuzzer.blogspot.com, Abhishek Arya
of the Google Chrome Security Team using AddressSanitizer
CVE-2012-3660 : Abhishek Arya of the Google Chrome Security Team
using AddressSanitizer
CVE-2012-3661 : Apple Product Security
CVE-2012-3663 : Skylined of Google Chrome Security Team
CVE-2012-3664 : Thomas Sepez of the Chromium development community
CVE-2012-3665 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3666 : Apple
CVE-2012-3667 : Trevor Squires of propaneapp.com
CVE-2012-3668 : Apple Product Security
CVE-2012-3669 : Apple Product Security
CVE-2012-3670 : Abhishek Arya of Google Chrome Security Team using
AddressSanitizer, Arthur Gerkis
CVE-2012-3671 : Skylined and Martin Barbella of the Google Chrome
Security Team
CVE-2012-3672 : Abhishek Arya of the Google Chrome Security Team
using AddressSanitizer
CVE-2012-3673 : Abhishek Arya of the Google Chrome Security Team
using AddressSanitizer
CVE-2012-3674 : Skylined of Google Chrome Security Team
CVE-2012-3675 : Abhishek Arya of the Google Chrome Security Team
using AddressSanitizer
CVE-2012-3676 : Julien Chaffraix of the Chromium development
community
CVE-2012-3677 : Apple
CVE-2012-3678 : Apple Product Security
CVE-2012-3679 : Chris Leary of Mozilla
CVE-2012-3680 : Skylined of Google Chrome Security Team
CVE-2012-3681 : Apple
CVE-2012-3682 : Adam Barth of the Google Chrome Security Team
CVE-2012-3683 : wushi of team509 working with iDefense VCP
CVE-2012-3684 : kuzzcc
CVE-2012-3685 : Apple Product Security
CVE-2012-3686 : Robin Cao of Torch Mobile (Beijing)
CVE-2012-3687 : kuzzcc
CVE-2012-3688 : Abhishek Arya of the Google Chrome Security Team
using AddressSanitizer
CVE-2012-3692 : Skylined of the Google Chrome Security Team, Apple
Product Security
CVE-2012-3699 : Abhishek Arya of the Google Chrome Security Team
using AddressSanitizer
CVE-2012-3700 : Apple Product Security
CVE-2012-3701 : Abhishek Arya of the Google Chrome Security Team
using AddressSanitizer
CVE-2012-3702 : Abhishek Arya of the Google Chrome Security Team
using AddressSanitizer
CVE-2012-3703 : Apple Product Security
CVE-2012-3704 : Skylined of the Google Chrome Security Team
CVE-2012-3705 : Abhishek Arya of the Google Chrome Security Team
using AddressSanitizer
CVE-2012-3706 : Apple Product Security
CVE-2012-3707 : Abhishek Arya of the Google Chrome Security Team
using AddressSanitizer
CVE-2012-3708 : Apple
CVE-2012-3709 : Apple Product Security
CVE-2012-3710 : James Robinson of Google
CVE-2012-3711 : Skylined of the Google Chrome Security Team
CVE-2012-3712 : Abhishek Arya of the Google Chrome Security Team
using AddressSanitizer

iTunes 10.7 may be obtained from:
http://www.apple.com/itunes/download/

For Windows XP / Vista / Windows 7:
The download file is named: "iTunesSetup.exe"
Its SHA-1 digest is: 499c39aad4a05c76286e3159f4e1e081dab8fe86

For 64-bit Windows XP / Vista / Windows 7:
The download file is named: "iTunes64Setup.exe"
Its SHA-1 digest is: c632854371097edbf3d831f7f2d449297d9f988e

Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

======================================================================

=========================================================
Serveur de référence du CERT-Renater
https://services.renater.fr/ssi/
=========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44          +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41          +
+ 75013 Paris           | email: certsvp@renater.fr     +
=========================================================

[An attachment of type application/pkcs7-signature was included here]