lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Wed, 09 May 2012 14:51:40 -0700
From: Apple Product Security <product-security-noreply@...ts.apple.com>
To: security-announce@...ts.apple.com
Subject: APPLE-SA-2012-05-09-2 Safari 5.1.7

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2012-05-09-2 Safari 5.1.7

Safari 5.1.7 is now available and addresses the following:

WebKit
Available for:  Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7.4, OS X Lion Server v10.7.4, Windows 7, Vista,
XP SP2 or later
Impact:  Visiting a maliciously crafted website may lead to a cross-
site scripting attack
Description:  Multiple cross-site scripting issues existed in WebKit.
CVE-ID
CVE-2011-3046 : Sergey Glazunov working with Google's Pwnium contest
CVE-2011-3056 : Sergey Glazunov

WebKit
Available for:  Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7.4, OS X Lion Server v10.7.4, Windows 7, Vista,
XP SP2 or later
Impact:  Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description:  A memory corruption issue existed in WebKit.
CVE-ID
CVE-2012-0672 : Adam Barth and Abhishek Arya of the Google Chrome
Security Team

WebKit
Available for:  Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7.4, OS X Lion Server v10.7.4, Windows 7, Vista,
XP SP2 or later
Impact:  A maliciously crafted website may be able to populate form
inputs on another website with arbitrary values
Description:  A state tracking issue existed in WebKit's handling of
forms.
CVE-ID
CVE-2012-0676 : Andreas Akre Solberg of UNINETT AS, Aaron Roots of
Deakin University ITSD, Tyler Goen

Note: In addition, this update disables Adobe Flash Player if it
is older than 10.1.102.64 by moving its files to a new directory.
This update presents the option to install an updated version of
Flash Player from the Adobe website.


Safari 5.1.7 is available via the Apple Software Update
application, or Apple's Safari download site at:
http://www.apple.com/safari/download/

Safari for OS X Lion v10.7.4
The download file is named: Safari5.1.7LionManual.dmg
Its SHA-1 digest is: 5024eb2e358feb6b87d6eff15438bf7ae99619b4

Safari for Mac OS X v10.6.8
The download file is named: Safari5.1.7SnowLeopardManual.dmg
Its SHA-1 digest is: 32d1dca993b455bc5c230caef95ab70c702e6fee

Safari for Windows 7, Vista or XP
The download file is named: SafariSetup.exe
Its SHA-1 digest is: f601df0106987bfffc3f22b046ba835e4f8d29c6

Safari for Windows 7, Vista or XP from the Microsoft Choice Screen
The download file is named: Safari_Setup.exe
Its SHA-1 digest is: 193eaddae1d25dd1b0f8786a810de083fc9280b0

Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.16 (Darwin)

iQEcBAEBAgAGBQJPqtgCAAoJEGnF2JsdZQeeIvQIAIIbdrlsjYRAiMAEK/o4QwkF
M4EIDhqpDPnjDFBcT39vqapEPt4btYp0x+464bNRyU9ex4bY7NGPzaKTS/bdcnXJ
BbpmR8rFluCRZ3AIyFSYPvKImsoyp5IZ91lTIxes1E4j+ed1diXEpLlt8Pp4K3Fc
w2hao+KBKYCUKcjy49whKC0+6jnQWPoP7lPl9gjVyM/fky4K2J/F2c2saXHTDS9l
L3CU4+0jA6INzY2NN2j3jdSZgglLgRcDvF3dAriNhW0Wlyd6ucuTxULbC1cS0mRs
w4stMTnMzdgKsy13kE2tBQAf3rguM1PzlJAlOZMw9Ad/O6lU+8uaJ8AmBygVpq4=
=x2Jz
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ