Operating System:

[Win]

Published:

12 October 2011

Protect yourself against future threats.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2011.1026
                     APPLE-SA-2011-10-11-1 iTunes 10.5
                              12 October 2011

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           iTunes
Publisher:         Apple
Operating System:  Windows XP
                   Windows Vista
                   Windows 7
Impact/Access:     Execute Arbitrary Code/Commands -- Remote with User Interaction
                   Denial of Service               -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2011-3252 CVE-2011-3244 CVE-2011-3241
                   CVE-2011-3239 CVE-2011-3238 CVE-2011-3237
                   CVE-2011-3236 CVE-2011-3235 CVE-2011-3234
                   CVE-2011-3233 CVE-2011-3232 CVE-2011-3219
                   CVE-2011-2831 CVE-2011-2827 CVE-2011-2823
                   CVE-2011-2820 CVE-2011-2818 CVE-2011-2817
                   CVE-2011-2816 CVE-2011-2815 CVE-2011-2814
                   CVE-2011-2813 CVE-2011-2811 CVE-2011-2809
                   CVE-2011-2799 CVE-2011-2797 CVE-2011-2792
                   CVE-2011-2790 CVE-2011-2788 CVE-2011-2359
                   CVE-2011-2356 CVE-2011-2354 CVE-2011-2352
                   CVE-2011-2351 CVE-2011-2341 CVE-2011-2339
                   CVE-2011-2338 CVE-2011-1797 CVE-2011-1774
                   CVE-2011-1462 CVE-2011-1457 CVE-2011-1453
                   CVE-2011-1451 CVE-2011-1449 CVE-2011-1440
                   CVE-2011-1296 CVE-2011-1293 CVE-2011-1288
                   CVE-2011-1204 CVE-2011-1203 CVE-2011-1188
                   CVE-2011-1121 CVE-2011-1117 CVE-2011-1115
                   CVE-2011-1114 CVE-2011-1109 CVE-2011-0983
                   CVE-2011-0981 CVE-2011-0259 CVE-2011-0255
                   CVE-2011-0254 CVE-2011-0253 CVE-2011-0240
                   CVE-2011-0238 CVE-2011-0237 CVE-2011-0235
                   CVE-2011-0234 CVE-2011-0233 CVE-2011-0232
                   CVE-2011-0225 CVE-2011-0223 CVE-2011-0222
                   CVE-2011-0221 CVE-2011-0218 CVE-2011-0215
                   CVE-2011-0204 CVE-2011-0200 CVE-2011-0164
                   CVE-2010-1823  

Reference:         ESB-2011.0749
                   ESB-2011.0667

Original Bulletin: 
   http://support.apple.com/kb/HT4981

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2011-10-11-1 iTunes 10.5

iTunes 10.5 is now available and addresses the following:

CoreFoundation
Available for:  Windows 7, Vista, XP SP2 or later
Impact:  A man-in-the-middle attack may lead to an unexpected
application termination or arbitrary code execution
Description:  A memory corruption issue existed in the handling of
string tokenization. This issue does not affect OS X Lion systems.
For Mac OS X v10.6 systems, this issue is addressed in Security
Update 2011-006.
CVE-ID
CVE-2011-0259 : Apple

ColorSync
Available for:  Windows 7, Vista, XP SP2 or later
Impact:  Viewing a maliciously crafted image with an embedded
ColorSync profile may lead to an unexpected application termination
or arbitrary code execution
Description:  An integer overflow existed in the handling of images
with an embedded ColorSync profile, which may lead to a heap buffer
overflow. Opening a maliciously crafted image with an embedded
ColorSync profile may lead to an unexpected application termination
or arbitrary code execution. This issue does not affect OS X Lion
systems.
CVE-ID
CVE-2011-0200 : binaryproof working with TippingPoint's Zero Day
Initiative

CoreAudio
Available for:  Windows 7, Vista, XP SP2 or later
Impact:  Playing maliciously crafted audio content may lead to an
unexpected application termination or arbitrary code execution
Description:  A buffer overflow existed in the handling of audio
stream encoded with the advanced audio code. This issue does not
affect OS X Lion systems.
CVE-ID
CVE-2011-3252 : Luigi Auriemma working with TippingPoint's Zero Day
Initiative

CoreMedia
Available for:  Windows 7, Vista, XP SP2 or later
Impact:  Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description:  A buffer overflow existed in the handling of H.264
encoded movie files. For OS X Lion systems, this issue is addressed
in OS X Lion v10.7.2. For Mac OS X v10.6 systems, this issue is
addressed in Security Update 2011-006.
CVE-ID
CVE-2011-3219 : Damian Put working with TippingPoint's Zero Day
Initiative

ImageIO
Available for:  Windows 7, Vista, XP SP2 or later
Impact:  Viewing a maliciously crafted TIFF image may lead to an
unexpected application termination or arbitrary code execution
Description:  A heap buffer overflow existed in ImageIO's handling of
TIFF images. This issue does not affect OS X Lion systems. For Mac OS
X v10.6 systems, this issue is addressed in Mac OS X v10.6.8.
CVE-ID
CVE-2011-0204 : Dominic Chell of NGS Secure

ImageIO
Available for:  Windows 7, Vista, XP SP2 or later
Impact:  Viewing a maliciously crafted TIFF image may lead to an
unexpected application termination or arbitrary code execution
Description:  A reentrancy issue existed in ImageIO's handling of
TIFF images. This issue does not affect Mac OS X systems.
CVE-ID
CVE-2011-0215 : Juan Pablo Lopez Yacubian working with iDefense VCP

WebKit
Available for:  Windows 7, Vista, XP SP2 or later
Impact:  A man-in-the-middle attack while browsing the iTunes Store
via iTunes may lead to an unexpected application termination or
arbitrary code execution.
Description:  Multiple memory corruption issues existed in WebKit.
CVE-ID
CVE-2010-1823 : David Weston of Microsoft and Microsoft Vulnerability
Research (MSVR), wushi of team509, and Yong Li of Research In Motion
Ltd
CVE-2011-0164 : Apple
CVE-2011-0218 : SkyLined of Google Chrome Security Team
CVE-2011-0221 : Abhishek Arya (Inferno) of Google Chrome Security
Team
CVE-2011-0222 : Nikita Tarakanov and Alex Bazhanyuk of the CISS
Research Team, and Abhishek Arya (Inferno) of Google Chrome Security
Team
CVE-2011-0223 : Jose A. Vazquez of spa-s3c.blogspot.com working with
iDefense VCP
CVE-2011-0225 : Abhishek Arya (Inferno) of Google Chrome Security
Team
CVE-2011-0232 : J23 working with TippingPoint's Zero Day Initiative
CVE-2011-0233 : wushi of team509 working with TippingPoint's Zero Day
Initiative
CVE-2011-0234 : Rob King working with TippingPoint's Zero Day
Initiative, wushi of team509 working with TippingPoint's Zero Day
Initiative, wushi of team509 working with iDefense VCP
CVE-2011-0235 : Abhishek Arya (Inferno) of Google Chrome Security
Team
CVE-2011-0237 : wushi of team509 working with iDefense VCP
CVE-2011-0238 : Adam Barth of Google Chrome Security Team
CVE-2011-0240 : wushi of team509 working with iDefense VCP
CVE-2011-0253 : Richard Keen
CVE-2011-0254 : An anonymous researcher working with TippingPoint's
Zero Day Initiative
CVE-2011-0255 : An anonymous researcher working with TippingPoint's
Zero Day Initiative
CVE-2011-0981 : Rik Cabanier of Adobe Systems, Inc
CVE-2011-0983 : Martin Barbella
CVE-2011-1109 : Sergey Glazunov
CVE-2011-1114 : Martin Barbella
CVE-2011-1115 : Martin Barbella
CVE-2011-1117 : wushi of team509
CVE-2011-1121 : miaubiz
CVE-2011-1188 : Martin Barbella
CVE-2011-1203 : Sergey Glazunov
CVE-2011-1204 : Sergey Glazunov
CVE-2011-1288 : Andreas Kling of Nokia
CVE-2011-1293 : Sergey Glazunov
CVE-2011-1296 : Sergey Glazunov
CVE-2011-1440 : Jose A. Vazquez of spa-s3c.blogspot.com
CVE-2011-1449 : Marek Majkowski
CVE-2011-1451 : Sergey Glazunov
CVE-2011-1453 : wushi of team509 working with TippingPoint's Zero Day
Initiative
CVE-2011-1457 : John Knottenbelt of Google
CVE-2011-1462 : wushi of team509
CVE-2011-1797 : wushi of team509
CVE-2011-2338 : Abhishek Arya (Inferno) of Google Chrome Security
Team using AddressSanitizer
CVE-2011-2339 : Cris Neckar of the Google Chrome Security Team
CVE-2011-2341 : Apple
CVE-2011-2351 : miaubiz
CVE-2011-2352 : Apple
CVE-2011-2354 : Apple
CVE-2011-2356 : Adam Barth and Abhishek Arya of Google Chrome
Security Team using AddressSanitizer
CVE-2011-2359 : miaubiz
CVE-2011-2788 : Mikolaj Malecki of Samsung
CVE-2011-2790 : miaubiz
CVE-2011-2792 : miaubiz
CVE-2011-2797 : miaubiz
CVE-2011-2799 : miaubiz
CVE-2011-2809 : Abhishek Arya (Inferno) of Google Chrome Security
Team
CVE-2011-2811 : Apple
CVE-2011-2813 : Cris Neckar of Google Chrome Security Team using
AddressSanitizer
CVE-2011-2814 : Abhishek Arya (Inferno) of Google Chrome Security
Team using AddressSanitizer
CVE-2011-2815 : SkyLined of Google Chrome Security Team
CVE-2011-2816 : Apple
CVE-2011-2817 : Abhishek Arya (Inferno) of Google Chrome Security
Team using AddressSanitizer
CVE-2011-2818 : Martin Barbella
CVE-2011-2820 : Raman Tenneti and Philip Rogers of Google
CVE-2011-2823 : SkyLined of Google Chrome Security Team
CVE-2011-2827 : miaubiz
CVE-2011-2831 : Abhishek Arya (Inferno) of Google Chrome Security
Team using AddressSanitizer
CVE-2011-3232 : Aki Helin of OUSPG
CVE-2011-3233 : Sadrul Habib Chowdhury of the Chromium development
community, Cris Neckar and Abhishek Arya (Inferno) of Google Chrome
Security Team
CVE-2011-3234 : miaubiz
CVE-2011-3235 : Dimitri Glazkov, Kent Tamura, Dominic Cooney of the
Chromium development community, and Abhishek Arya (Inferno) of Google
Chrome Security Team
CVE-2011-3236 : Abhishek Arya (Inferno) of Google Chrome Security
Team using AddressSanitizer
CVE-2011-3237 : Dimitri Glazkov, Kent Tamura, Dominic Cooney of the
Chromium development community, and Abhishek Arya (Inferno) of Google
Chrome Security Team
CVE-2011-3238 : Martin Barbella
CVE-2011-3239 : Slawomir Blazek
CVE-2011-3241 : Apple
CVE-2011-3244 : vkouchna

WebKit
Available for:  Windows 7, Vista, XP SP2 or later
Impact:  A man-in-the-middle attack may lead to arbitrary code
execution
Description:  A configuration issue existed in WebKit's use of
libxslt. A man-in-the-middle attack while browsing the iTunes Store
via iTunes may lead to arbitrary files being created with the
privileges of the user, which may lead to arbitrary code execution.
This issue is addressed through improved libxslt security settings.
CVE-ID
CVE-2011-1774 : Nicolas Gregoire of Agarri


iTunes 10.5 may be obtained from:
http://www.apple.com/itunes/download/

For Windows XP / Vista / Windows 7:
The download file is named: "iTunesSetup.exe"
Its SHA-1 digest is: 1205cda4ce9a32db2fe02cf9f2cf2c0bf7d47bdb

For 64-bit Windows XP / Vista / Windows 7:
The download file is named: "iTunes64Setup.exe"
Its SHA-1 digest is: ab400ad27a537613b3b5306ea026763a93d57fdf

Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.16 (Darwin)

iQEcBAEBAgAGBQJOlHiHAAoJEGnF2JsdZQee3qwH/0lwVfV3mYVgDxPYfnJlPVF/
2LNjJjmafyNdzSoOOyL9bn5QZqdDlvHCkjgpsq+yX7//8bF/kN7qj3jNBh2qMFCa
cTqIpRnJP5G1GwCdWCep6ZS9NNcv7pADcuoLrHJAHyFE+BlTSNJPkiD3noJiBBuQ
j6CZl5If05rDY7fhspQ6zTlJ7NzzyTIrGM1aJXur2wawVhEALO56gb7+GzGeORax
zU0Jafu9OL8naPfXOFRCvqGXyGBEW0VeWzGqaudDvui1LA5djp6B5AknuE4Xlotq
fXPtwmylQ3B4OaBkoavqPI/UwKkQe0Bn/EsTHf4Pxeo+11CLwRg+JgLCanXRpqw=
=12aV
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBTpTw1u4yVqjM2NGpAQImtRAAqoeKpoA3VXWy6hCcWCzvGatXZYP+eDiH
b9DUxkJAU7nxN5dn/V4Gw67qgTxxT+AYTo/WgFVgVcR+R3s2X929fGtdXYigDRCL
kON5OUvcWNZZXrZKVjI4ctg9TejVwUzWgC834pE2ZIav1QpM5a3dr6phXE6A9Si+
UkxLSXbr1l4KiZ4i3xN2ax2fw3MGxSyuGFCikk12FL6DPuXCXHrGR1Thc5LygIMp
lDj53Muk0utrod+FDjZ6rAKFcf4FhJjgm0Au5O1t0GUyrUJhLk+AI19DoKIDEkgg
Ab0Y5y9ShT23vYAKNkn2FmBifN5gUzFH+33WVu1GHiUIPyOWsaDv1k41ES09R3Ag
bhRnf3nuxGTa2ASWbAbA2arcp1LRTaf0FgoyGc3RT98jdGZg8fE+BaKMu/YEFjav
POIky0bXiGlRMvTw7mcILBBdAQTw2l6XNUaI7hTe0SWtiJ3eXk7Y8yEa6uSunANU
8XGWtTi3yYrY9mNhE3Km+ZgPRkPp4+L5UBPJTZ+GVcgEI7vguCsivqqIv3g5tEdP
6Gqgq+HxHPMjVEoK9QqDfa+h6A1Q19z/okyB+Xl8MmY0/NnGPUYkc7yqf45Tu8wB
Nv01ulxXwJPDNZwEviFNiKptih1Q3nLBzjG2FspQYO4Dev3zSC1ApgNZCyiChZnh
bgbF72KV09I=
=J9Wy
-----END PGP SIGNATURE-----