Vous êtes ici: index » cert » avis

Avis du CERT RENATER

Par défaut, cette page vous affichera les derniers messages envoyés par le CERT RENATER à la communauté. Vous pouvez affiner par année ou par type de message. Si aucun critère n'est précisé, seuls les derniers messages sont affichés

Date : Thu, 20 Sep 2012 10:38:08 +0200
Type : VULN
Sujet : CERT-Renater : 2012/VULN371 (APPLE : APPLE-SA-2012-09-19-3 Safari 6.0.1)
===================================================================
                             CERT-Renater

                  Note d'Information No. 2012/VULN371
____________________________________________________________________

DATE                : 20/09/2012

HARDWARE PLATFORM(S): /


OPERATING SYSTEM(S) : Mac OS X running Safari versions prior to 6.0.1.

======================================================================
http://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html
______________________________________________________________________


APPLE-SA-2012-09-19-3 Safari 6.0.1

Safari 6.0.1 is now available and addresses the following:

Safari
Available for:  OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8 and v10.8.1
Impact:  Opening a maliciously crafted downloaded HTML document may
lead to the disclosure of local file content
Description:  In OS X Mountain Lion HTML files were removed from the
unsafe type list. Quarantined HTML documents are opened in a safe
mode that prevents accessing other local or remote resources. A logic
error in Safari's handling of the Quarantine attribute caused the
safe mode not to be triggered on Quarantined files. This issue was
addressed by properly detecting the existence of the Quarantine
attribute.
CVE-ID
CVE-2012-3713 : Aaron Sigel of vtty.com, Masahiro Yamada

Safari
Available for:  OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8 and v10.8.1
Impact:  Using Autofill on a maliciously crafted website may lead to
the disclosure of contact information
Description:  A rare condition existed in the handling of Form
Autofill. Using Form Autofill on a maliciously crafted website may
have led to disclosure of information from the Address Book "Me" card
that was not included in the Autofill popover. This issue was
addressed by limiting Autofill to the fields contained in the
popover.
CVE-ID
CVE-2012-3714 : Jonathan Hogervorst of Buzzera

Safari
Available for:  OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8 and v10.8.1
Impact:  After editing a HTTPS URL in the address bar, a request may
be unexpectedly sent over HTTP
Description:  A logic issue existed in the handling of HTTPS URLs in
the address bar. If a portion of the address was edited by pasting
text, the request may be unexpectedly sent over HTTP. This issue was
addressed by improved handling of HTTPS URLs.
CVE-ID
CVE-2012-3715 : Aaron Rhoads of East Watch Services LLC, Pepi
Zawodsky

WebKit
Available for:  OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8 and v10.8.1
Impact:  Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description:  Multiple memory corruption issues existed in WebKit.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2011-3105 : miaubiz
CVE-2012-2817 : miaubiz
CVE-2012-2818 : miaubiz
CVE-2012-2829 : miaubiz
CVE-2012-2831 : miaubiz
CVE-2012-2842 : miaubiz
CVE-2012-2843 : miaubiz
CVE-2012-3598 : Apple Product Security
CVE-2012-3601 : Martin Barbella of the Google Chrome Security Team
using AddressSanitizer
CVE-2012-3602 : miaubiz
CVE-2012-3606 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3607 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3612 : Skylined of the Google Chrome Security Team
CVE-2012-3613 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3614 : Yong Li of Research In Motion, Inc.
CVE-2012-3616 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3617 : Apple Product Security
CVE-2012-3621 : Skylined of the Google Chrome Security Team
CVE-2012-3622 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3623 : Skylined of the Google Chrome Security Team
CVE-2012-3624 : Skylined of the Google Chrome Security Team
CVE-2012-3632 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3643 : Skylined of the Google Chrome Security Team
CVE-2012-3647 : Skylined of the Google Chrome Security Team
CVE-2012-3648 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3649 : Dominic Cooney of Google and Martin Barbella of the
Google Chrome Security Team
CVE-2012-3651 : Abhishek Arya and Martin Barbella of the Google
Chrome Security Team
CVE-2012-3652 : Martin Barbella of Google Chrome Security Team
CVE-2012-3654 : Skylined of the Google Chrome Security Team
CVE-2012-3657 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3658 : Apple
CVE-2012-3659 : Mario Gomes of netfuzzer.blogspot.com, Abhishek Arya
(Inferno) of the Google Chrome Security Team
CVE-2012-3660 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3671 : Skylined and Martin Barbella of the Google Chrome
Security Team
CVE-2012-3672 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3673 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3675 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3676 : Julien Chaffraix of the Chromium development
community
CVE-2012-3677 : Apple
CVE-2012-3684 : kuzzcc
CVE-2012-3685 : Apple Product Security
CVE-2012-3687 : kuzzcc
CVE-2012-3688 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3692 : Skylined of the Google Chrome Security Team, Apple
Product Security
CVE-2012-3699 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3700 : Apple Product Security
CVE-2012-3701 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3702 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3703 : Apple Product Security
CVE-2012-3704 : Skylined of the Google Chrome Security Team
CVE-2012-3705 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3706 : Apple Product Security
CVE-2012-3707 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3708 : Apple
CVE-2012-3709 : Apple Product Security
CVE-2012-3710 : James Robinson of Google
CVE-2012-3711 : Skylined of the Google Chrome Security Team
CVE-2012-3712 : Abhishek Arya (Inferno) of the Google Chrome Security
Team


For OS X Lion systems Safari 6.0.1 is available via the Apple
Software Update application.

For OS X Mountain Lion systems, Safari 6.0.1 is included with
OS X v10.8.2.

Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

======================================================================

=========================================================
Serveur de référence du CERT-Renater
https://services.renater.fr/ssi/
=========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44          +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41          +
+ 75013 Paris           | email: certsvp@renater.fr     +
=========================================================

[An attachment of type application/pkcs7-signature was included here]