Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2008.1049 -- [Win][Mac][OSX]
Safari 3.2 released fixing several vulnerabilities
14 November 2008
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Safari
Publisher: Apple
Operating System: Mac OS X
Windows Vista
Windows XP
Impact: Execute Arbitrary Code/Commands
Denial of Service
Read-only Data Access
Access: Remote/Unauthenticated
CVE Names: CVE-2008-4216 CVE-2008-3644 CVE-2008-3642
CVE-2008-3623 CVE-2008-3608 CVE-2008-2332
CVE-2008-2327 CVE-2008-2317 CVE-2008-2303
CVE-2008-1767 CVE-2005-2096
Ref: ESB-2008.0691
ESB-2008.0830
ESB-2008.0876
ESB-2008.0959
ESB-2008.1033
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2008-11-13 Safari 3.2
Safari 3.2 is now available and addresses the following issues:
Safari
CVE-ID: CVE-2005-2096
Available for: Windows XP or Vista
Impact: Multiple vulnerabilities in zlib 1.2.2
Description: Multiple vulnerabilities exist in zlib 1.2.2, the most
serious of which may lead to a denial of service. This update
addresses the issues by updating to zlib 1.2.3. These issues do not
affect Mac OS X systems. Credit to Robbie Joosten of
bioinformatics@school, and David Gunnells of the University of
Alabama at Birmingham for reporting these issues.
Safari
CVE-ID: CVE-2008-1767
Available for: Windows XP or Vista
Impact: Processing an XML document may lead to an unexpected
application termination or arbitrary code execution
Description: A heap buffer overflow issue exists in the libxslt
library. Viewing a maliciously crafted HTML page may lead to an
unexpected application termination or arbitrary code execution.
Further information on the patch applied is available via
http://xmlsoft.org/XSLT/ This issue does not affect Mac OS X systems
that have applied Security Update 2008-007. Credit to Anthony de
Almeida Lopes of Outpost24 AB, and Chris Evans of the Google Security
Team for reporting this issue.
Safari
CVE-ID: CVE-2008-3623
Available for: Windows XP or Vista
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: A heap buffer overflow exists in CoreGraphics' handling
of color spaces. Viewing a maliciously crafted image may lead to an
unexpected application termination or arbitrary code execution. This
update addresses the issue through improved bounds checking. Credit:
Apple.
Safari
CVE-ID: CVE-2008-2327
Available for: Windows XP or Vista
Impact: Viewing a maliciously crafted TIFF image may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple uninitialized memory access issues exist in
libTIFF's handling of LZW-encoded TIFF images. Viewing a maliciously
crafted TIFF image may lead to an unexpected application termination
or arbitrary code execution. This update addresses the issue through
proper memory initialization and additional validation of TIFF
images. This issue is addressed in systems running Mac OS X v10.5.5
or later, and in Mac OS X v10.4.11 systems that have applied Security
Update 2008-006. Credit: Apple.
Safari
CVE-ID: CVE-2008-2332
Available for: Windows XP or Vista
Impact: Viewing a maliciously crafted TIFF image may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue exits in ImageIO's handling
of TIFF images. Viewing a maliciously crafted TIFF image may lead to
an unexpected application termination or arbitrary code execution.
This update addresses the issue through improved processing of TIFF
images. This issue is addressed in systems running Mac OS X v10.5.5
or later, and in Mac OS X v10.4.11 systems that have applied Security
Update 2008-006. Credit to Robert Swiecki of the Google Security Team
for reporting this issue.
Safari
CVE-ID: CVE-2008-3608
Available for: Windows XP or Vista
Impact: Viewing a large maliciously crafted JPEG image may lead to
an unexpected application termination or arbitrary code execution
Description: A memory corruption issue exists in ImageIO's handling
of embedded ICC profiles in JPEG images. Viewing a large maliciously
crafted JPEG image may lead to an unexpected application termination
or arbitrary code execution. This update addresses the issue through
improved processing of ICC profiles. This issue is addressed in
systems running Mac OS X v10.5.5 or later, and in Mac OS X v10.4.11
systems that have applied Security Update 2008-006. Credit: Apple.
Safari
CVE-ID: CVE-2008-3642
Available for: Windows XP or Vista
Impact: Viewing a maliciously crafted image may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow exists in the handling of images with
an embedded ICC profile. Opening a maliciously crafted image with an
embedded ICC profile may lead to an unexpected application
termination or arbitrary code execution. This update addresses the
issue by performing additional validation of ICC profiles in images.
This issue does not affect Mac OS X systems that have applied
Security Update 2008-007. Credit: Apple.
Safari
CVE-ID: CVE-2008-3644
Available for: Mac OS X v10.4.11, Mac OS X v10.5.5,
Windows XP or Vista
Impact: Sensitive information may be disclosed to a local console
user
Description: Disabling autocomplete on a form field may not prevent
the data in the field from being stored in the browser page cache.
This may lead to the disclosure of sensitive information to a local
user. This update addresses the issue by properly clearing the form
data. Credit to an anonymous researcher for reporting this issue.
WebKit
CVE-ID: CVE-2008-2303
Available for: Mac OS X v10.4.11, Mac OS X v10.5.5,
Windows XP or Vista
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: A signedness issue in Safari's handling of JavaScript
array indices may result in an out-of-bounds memory access. Visiting
a maliciously crafted website may lead to an unexpected application
termination or arbitrary code execution. This update addresses the
issue by performing additional validation of JavaScript array
indices. Credit to SkyLined of Google for reporting this issue.
WebKit
CVE-ID: CVE-2008-2317
Available for: Mac OS X v10.4.11, Mac OS X v10.5.5,
Windows XP or Vista
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue exists in WebCore's handling
of style sheet elements. Visiting a maliciously crafted website may
lead to an unexpected application termination or arbitrary code
execution. This update addresses the issue through improved garbage
collection. Credit to an anonymous researcher working with the
TippingPoint Zero Day Initiative for reporting this issue.
WebKit
CVE-ID: CVE-2008-4216
Available for: Mac OS X v10.4.11, Mac OS X v10.5.5,
Windows XP or Vista
Impact: Visiting a maliciously crafted website may lead to the
disclosure of sensitive information
Description: WebKit's plug-in interface does not block plug-ins from
launching local URLs. Visiting a maliciously crafted website may
allow a remote attacker to launch local files in Safari, which may
lead to the disclosure of sensitive information. This update
addresses the issue by restricting the types of URLs that may be
launched via the plug-in interface. Credit to Billy Rios of
Microsoft, and Nitesh Dhanjani of Ernst & Young for reporting this
issue.
Safari 3.2 is available via the Apple Software Update application,
or Apple's Safari download site at:
http://www.apple.com/safari/download/
Safari for Mac OS X v10.5.5
The download file is named: "Safari3.2Leo.dmg"
Its SHA-1 digest is: 540668ffd5e3a4727720b8687e05f7c43908424a
Safari for Mac OS X v10.4.11
The download file is named: "Safari3.2Ti.dmg"
Its SHA-1 digest is: 463619e89f421eceaed32ea5e9a48891ad8fdb4e
Safari for Windows XP or Vista
The download file is named: "SafariSetup.exe"
Its SHA-1 digest is: 38be6fb56f20de8c312956cd0df40d39584bce53
Safari+QuickTime for Windows XP or Vista
The file is named: "SafariQuickTimeSetup.exe"
Its SHA-1 digest is: 6da9ca61479ce287cea476617253f6a93cbc6aa8
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
http://www.apple.com/support/security/pgp/
- -----BEGIN PGP SIGNATURE-----
iQEcBAEBAgAGBQJJHGGCAAoJEHkodeiKZIkBe7EH/iPYgXS6L/Lz614W00Zo5f8O
CuyUiK7HZYoXaFjSvB/aYBkjHtrVKYZFGF2WLmgxFig65TchCCw5PoenU5rqUaWd
pzytc1dyLxBOkqisky49SdzTsTkNT3jQWjJf9WJwMoD+s4btMVgHLDLI3WGfw3ct
RcVIVrjDdgMsJ2ERnZ/R6Dxx9SB3RC3DBWCHaAgZawR8CeZdnj60M81BaDZ6Oma5
o6aNr7rUg0MfnEuqypxGVLwEHGHe9dUfs07sS/pTXvkk/7+CKNoTxe/8cOK3kuFZ
RFV7rSJOWfUiG608FBvvbRO1z+4z215HGXBSPIZ5/wWThRczD3kcjWN8wv8FA/I=
=klZG
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
If you believe that your computer system has been compromised or attacked in
any way, we encourage you to let us know by completing the secure National IT
Incident Reporting Form at:
http://www.auscert.org.au/render.html?it=3192
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQCVAwUBSRzZSCh9+71yA2DNAQLT+AP/YM0TRdAzuPBdTfbzcrYjvD9Pnu0/xZbf
TG0LZyIWSpl6upRSxwQ1CfLPgUs/N7Ae2QeHXhBKWyPta8pxOLAtlAiT5hpM5+ex
MsJsOM8CmpZBn+SFulqQd18EqkHvZefNlVH+QEMD4mBy+gc40Ze38cPWqpoZLFDd
zu6VV7Wuy0E=
=iFnZ
-----END PGP SIGNATURE-----