Twenty Year Anniversary

Apple Security Advisory 2015-09-16-2

Apple Security Advisory 2015-09-16-2
Posted Sep 19, 2015
Authored by Apple | Site apple.com

Apple Security Advisory 2015-09-16-2 - Xcode 7.0 is now available and addresses traffic inspection, access bypass, and various other vulnerabilities.

tags | advisory, vulnerability
systems | apple
advisories | CVE-2014-3513, CVE-2014-3566, CVE-2014-3567, CVE-2014-3568, CVE-2014-6394, CVE-2015-0248, CVE-2015-0251, CVE-2015-3185, CVE-2015-5909, CVE-2015-5910
MD5 | ade5a7d6d0447cb57a4dc91a1fdf8ddd

Apple Security Advisory 2015-09-16-2

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2015-09-16-2 Xcode 7.0

Xcode 7.0 is now available and addresses the following:

DevTools
Available for: OS X Yosemite v10.10.4 or later
Impact: An attacker may be able to bypass access restrictions
Description: An API issue existed in the apache configuration. This
issue was addressed by updating header files to use the latest
version.
CVE-ID
CVE-2015-3185 : Branko Aibej of the Apache Software Foundation

IDE Xcode Server
Available for: OS X Yosemite 10.10 or later
Impact: An attacker may be able to access restricted parts of the
filesystem
Description: A comparison issue existed in the node.js send module
prior to version 0.8.4. This issue was addressed by upgrading to
version 0.12.3.
CVE-ID
CVE-2014-6394 : Ilya Kantor

IDE Xcode Server
Available for: OS X Yosemite v10.10.4 or later
Impact: Multiple vulnerabilties in OpenSSL
Description: Multiple vulnerabilties existed in the node.js OpenSSL
module prior to version 1.0.1j. These issues were addressed by
updating openssl to version 1.0.1j.
CVE-ID
CVE-2014-3513
CVE-2014-3566
CVE-2014-3567
CVE-2014-3568

IDE Xcode Server
Available for: OS X Yosemite v10.10.4 or later
Impact: An attacker with a privileged network position may be able
to inspect traffic to Xcode Server
Description: Connections to Xcode Server may have been made without
encryption. This issue was addressed through improved network
connection logic.
CVE-ID
CVE-2015-5910 : an anonymous researcher

IDE Xcode Server
Available for: OS X Yosemite v10.10.4 or later
Impact: Build notifications may be sent to unintended recipients
Description: An access issue existed in the handling of repository
email lists. This issue was addressed through improved validation.
CVE-ID
CVE-2015-5909 : Daniel Tomlinson of Rocket Apps, David Gatwood of
Anchorfree

subversion
Available for: OS X Yosemite v10.10.4 or later
Impact: Multiple vulnerabilities existed in svn versions prior to
1.7.19
Description: Multiple vulnerabilities existed in svn versions prior
to 1.7.19. These issues were addressed by updating svn to version
1.7.20.
CVE-ID
CVE-2015-0248
CVE-2015-0251


Xcode 7.0 may be obtained from:
https://developer.apple.com/xcode/downloads/

To check that the Xcode has been updated:

* Select Xcode in the menu bar
* Select About Xcode
* The version after applying this update will be "7.0".

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJV+axlAAoJEBcWfLTuOo7tzuMQAJhCQaeClT0rDozh+WlKgM6f
X86xFeXLJ1gjlPKH183Bvm2gTW0m5kQuoNK1grarMB+rEeb8mPsOczwrIJisxVlr
5zkW/7JktHcsBU5vUa4j4T/CEJjp92VPZ4ub3k3eQOrhinn4E86uKcMxrYoQOAE0
YFMSDaPBFy+LIJ08ROB/AH8fkGJMLRCRAp43IGgzNuxCDx9jzW97m1dh86mR1CxP
GdhWRvN7T5YqXyJTw6pZbEHtVXjty8appe2ScvHByCRxa4gZq+/JinHInLjaB4p7
3o58rAWh7lDhcEi3HqkIu0YW6fLslPydCHTI4cH1PCHTuevNjjvK34IqMbD0jG/t
tO+vQFhwXpD5chsSB2oP2zLOWAJ7BA5uwvArkJhGKKzQ5DEI0soLBWG7Koe3RitO
HokIMyx0r+sf4YD+OP4RVPU9bU4FpayXZnECmHzWmK2vguihbIzjxq+Knvx7aiF9
js1Qn0DxT2puVYdhixtkvYKT7r8XRjI8MPLEwS+tX1Yg1Lqhz2G1MR6mO9iBW56L
g5deOuCVc56qeaobuUK0clvdFYtyd5jIXgh0zspZ4ssCbbdCOTZUQaG1mBGkIf3R
JgWTX8ny1Fdk9om3dmZVWUCzzqxJR/tm5M7kjGc425ZGaoBRWLga1VIjNz7MEfKS
YMBNmqt6weEewNqyDMnX
=SGgX
-----END PGP SIGNATURE-----

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

November 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    10 Files
  • 2
    Nov 2nd
    15 Files
  • 3
    Nov 3rd
    2 Files
  • 4
    Nov 4th
    2 Files
  • 5
    Nov 5th
    32 Files
  • 6
    Nov 6th
    27 Files
  • 7
    Nov 7th
    8 Files
  • 8
    Nov 8th
    9 Files
  • 9
    Nov 9th
    17 Files
  • 10
    Nov 10th
    2 Files
  • 11
    Nov 11th
    2 Files
  • 12
    Nov 12th
    33 Files
  • 13
    Nov 13th
    29 Files
  • 14
    Nov 14th
    23 Files
  • 15
    Nov 15th
    45 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close