Logiciels

Xcode 7.3.1

About the security content of Xcode 7.3.1

 

This document describes the security content of Xcode 7.3.1. For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website. For information about the Apple Product Security PGP Key, see How to use the Apple Product Security PGP Key. Where possible, CVE IDs are used to reference the vulnerabilities for further information. To learn about other security updates, see Apple security updates.

 

Xcode 7.3.1

 

Git

Available for: OS X El Capitan v10.11 and later

Impact: A remote attacker may be able to execute arbitrary code

Description: A heap-based buffer overflow issue existed in the handling of filenames. This issue was addressed by updating git to version 2.7.4.

 

CVE-ID

 

CVE‑2016‑2324

Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, which triggers a heap-based buffer overflow.

Bugfix patches were backported from the ‘master’ front to plug heap corruption holes, to catch integer overflow in the computation of pathname lengths, and to get rid of the name_path API. Both of these would have resulted in writing over an under-allocated buffer when formulating pathnames while tree traversal.

 

CVE‑2016‑2315

revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, leading to a heap-based buffer overflow.

A remote authenticated user can push a specially crafted repository to trigger a heap overflow and execute arbitrary code on the target system [CVE-2016-2315].

Lael Cellier (@ytrezq) reported this vulnerability.

 

Share this post from Rbcafe :
Share on FacebookShare on Google+Share on LinkedInTweet about this on Twitter

Safari 9.1

Désolé, cet article est seulement disponible en Anglais Américain. Pour le confort de l’utilisateur, le contenu est affiché ci-dessous dans une autre langue. Vous pouvez cliquer le lien pour changer de langue active.

Safari 9.1

Safari 9.1

What’s new Version 9.1:

 

  • Picture Element Support
  • iOS gesture events are now supported on Safari for OS X.
  • Fast-Tap on iOS
  • WebGL Rendering
  • Image Smoothing Quality for Canvas Rendering
  • CSS Enhancements

 

Fixes :

 

  • Multiple memory corruption issues were addressed through improved memory handling.
  • An issue existed where the text of a dialog included page-supplied text. This issue was addressed by no longer including that text.
  • An insufficient input validation issue existed in the handling of certain files. This was addressed through additional checks during file expansion.
  • A cookie storage issue existed in the Top Sites page. This issue was addressed through improved state management.
  • An issue existed in the handling of attachment URLs. This issue was addressed through improved URL handling.
  • Multiple memory corruption issues were addressed through improved memory handling.
  • A port redirection issue was addressed through additional port validation.
  • An issue existed in the parsing of geolocation requests. This was addressed through improved validation of the security origin for geolocation requests.

 

Share this post from Rbcafe :
Share on FacebookShare on Google+Share on LinkedInTweet about this on Twitter

Adobe Flash 20.0.0.235

Quoi de nouveau dans Adobe Flash Version 20.0.0.235:

 

Fixed Issues

  • Flash Player fails to load the .SWF files that comprise much of com2Learn.com’s course content
  • Method URLLoader.load fails to load an xml file located within an MHT archive
  • Unloaded SWFs with Dialogs:Flash player hangs on clicking « browse dialog » link
  • usflashmap.com – Flash Player gets hang after clicking on the List tab
  • Embedded Flash objects stop working in SMART Notebook on Windows
  • The candidate window displayed at wrong position when input some CCJK characters on Windows 10 Edge Browser
  • Flash in 16:9 video resolution shows green strip (noise) on right of video window on Mac
Share this post from Rbcafe :
Share on FacebookShare on Google+Share on LinkedInTweet about this on Twitter

Apple Safari 9.0.2

Quoi de nouveau dans Apple Safari Version 9.0.2:

 

WebKit

Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan v10.11 and v10.11.1
Impact: Visiting a maliciously crafted website may lead to arbitrary code execution
Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.

 

WebKit

Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan v10.11 and v10.11.1
Impact: Visiting a maliciously crafted website may reveal a user’s browsing history
Description: An insufficient input validation issue existed in content blocking. This issue was addressed through improved content extension parsing.

Share this post from Rbcafe :
Share on FacebookShare on Google+Share on LinkedInTweet about this on Twitter

Apple iTunes 12.3.2

Quoi de nouveau dans Apple iTunes Version 12.3.2:

 

Apple Music subscribers will now see the works, composers, and performers while browsing the Classical music category in the catalog
Improves overall stability and performance

Share this post from Rbcafe :
Share on FacebookShare on Google+Share on LinkedInTweet about this on Twitter

Tor 5.0.4

Quoi de nouveau dans Tor 5.0.4:

  • Update Firefox to 38.4.0esr
  • Update NoScript to 2.6.9.39
  • Update Torbutton to 1.9.3.5
  • Spoof Referer when leaving a .onion domain
  • about:tor should accommodate different fonts/font sizes
  • Don’t translate the homepage/spellchecker dictionary string
  • Don’t show text-select cursor on circuit display
  • Remove unused code
  • Translation updates
  • Remove the en-US dictionary from non en-US Tor Browser bundles
  • Remove dead ScrambleSuit bridge
  • Update meek-amazon fingerprint
  • Isolate favicon requests caused by the tab list dropdown
  • Don’t crash while opening a second Tor Browser
Share this post from Rbcafe :
Share on FacebookShare on Google+Share on LinkedInTweet about this on Twitter
Rbcafe © 2004- | Rb Cafe 1.3 | Contacter Rbcafe | Rbcafe sur Twitter | Rbcafe sur Facebook | Politique de confidentialité