Vous êtes ici: index » cert » avis

Avis du CERT RENATER

Par défaut, cette page vous affichera les derniers messages envoyés par le CERT RENATER à la communauté. Vous pouvez affiner par année ou par type de message. Si aucun critère n'est précisé, seuls les derniers messages sont affichés

Date : Thu, 17 Sep 2015 12:20:37 +0200
Type : VULN
Sujet : CERT-Renater : 2015/VULN190 (APPLE : APPLE-SA-2015-09-16-3 iTunes 12.3)
===================================================================
                                    CERT-Renater

                        Note d'Information No. 2015/VULN190
_____________________________________________________________________

DATE                : 17/09/2015

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running iTunes versions prior to 12.3.

======================================================================
http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html
_____________________________________________________________________

APPLE-SA-2015-09-16-3 iTunes 12.3

iTunes 12.3 is now available and addresses the following:

iTunes
Available for: Windows 7 and later
Impact: Applications that use CoreText may be vulnerable to
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in the
processing of text files. These issues were addressed through
improved memory handling.
CVE-ID
CVE-2015-1157 : Apple
CVE-2015-3686 : John Villamil (@day6reak), Yahoo Pentest Team
CVE-2015-3687 : John Villamil (@day6reak), Yahoo Pentest Team
CVE-2015-3688 : John Villamil (@day6reak), Yahoo Pentest Team
CVE-2015-5755 : John Villamil (@day6reak), Yahoo Pentest Team
CVE-2015-5761 : John Villamil (@day6reak), Yahoo Pentest Team
CVE-2015-5874 : John Villamil (@day6reak), Yahoo Pentest Team

iTunes
Available for: Windows 7 and later
Impact: Applications that use ICU may be vulnerable to unexpected
application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in the
processing of unicode strings. These issues were addressed by
updating ICU to version 55.
CVE-ID
CVE-2014-8146
CVE-2015-1205

iTunes
Available for: Windows 7 and later
Impact: Opening a media file may lead to arbitrary code execution
Description: A security issue existed in Microsoft Foundation
Class's handling of library loading. This issue was addressed by
updating to the latest version of the Microsoft Visual C++
Redistributable Package.
CVE-ID
CVE-2010-3190 : Stefan Kanthak

iTunes
Available for: Windows 7 and later
Impact: A man-in-the-middle attack while browsing the iTunes Store
via iTunes may result in unexpected application termination or
arbitrary code execution
Description: Multiple memory corruption issues existed in WebKit.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2015-1152 : Apple
CVE-2015-1153 : Apple
CVE-2015-3730 : Apple
CVE-2015-3731 : Apple
CVE-2015-3733 : Apple
CVE-2015-3734 : Apple
CVE-2015-3735 : Apple
CVE-2015-3736 : Apple
CVE-2015-3737 : Apple
CVE-2015-3738 : Apple
CVE-2015-3739 : Apple
CVE-2015-3740 : Apple
CVE-2015-3741 : Apple
CVE-2015-3742 : Apple
CVE-2015-3743 : Apple
CVE-2015-3744 : Apple
CVE-2015-3745 : Apple
CVE-2015-3746 : Apple
CVE-2015-3747 : Apple
CVE-2015-3748 : Apple
CVE-2015-3749 : Apple
CVE-2015-5789 : Apple
CVE-2015-5790 : Apple
CVE-2015-5791 : Apple
CVE-2015-5792 : Apple
CVE-2015-5793 : Apple
CVE-2015-5794 : Apple
CVE-2015-5795 : Apple
CVE-2015-5796 : Apple
CVE-2015-5797 : Apple
CVE-2015-5798 : Apple
CVE-2015-5799 : Apple
CVE-2015-5800 : Apple
CVE-2015-5801 : Apple
CVE-2015-5802 : Apple
CVE-2015-5803 : Apple
CVE-2015-5804 : Apple
CVE-2015-5805
CVE-2015-5806 : Apple
CVE-2015-5807 : Apple
CVE-2015-5808 : Joe Vennix
CVE-2015-5809 : Apple
CVE-2015-5810 : Apple
CVE-2015-5811 : Apple
CVE-2015-5812 : Apple
CVE-2015-5813 : Apple
CVE-2015-5814 : Apple
CVE-2015-5815 : Apple
CVE-2015-5816 : Apple
CVE-2015-5817 : Apple
CVE-2015-5818 : Apple
CVE-2015-5819 : Apple
CVE-2015-5821 : Apple
CVE-2015-5822 : Mark S. Miller of Google
CVE-2015-5823 : Apple

Software Update
Impact: An attacker in a privileged network position may be able to
obtain encrypted SMB credentials
Description: A redirection issue existed in the handling of certain
network connections. This issue was addressed through improved
resource validation.
CVE-ID
CVE-2015-5920 : Cylance


iTunes 12.3 may be obtained from:
http://www.apple.com/itunes/download/

You may also update to the latest version of iTunes via Apple
Software Update, which can be found in the Start menu.

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/


=========================================================
Serveur de référence du CERT-Renater
https://services.renater.fr/ssi/
==========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44           +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41           +
+ 75013 Paris           | email: cert@support.renater.fr +
==========================================================

[An attachment of type application/pkcs7-signature was included here]