You are here
Home > Preporuke > Sigurnosni propust programskog paketa Xcode

Sigurnosni propust programskog paketa Xcode

by ncert - 0
  • Detalji os-a: MAC
  • Važnost: IMP
  • Operativni sustavi: M
  • Kategorije: APL

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

APPLE-SA-2014-12-18-1 Xcode 6.2 beta 3

Xcode 6.2 beta 3 is now available and addresses the following:

Git
Available for: OS X Mavericks v10.9.4 or later
Impact: Synching with a malicious git repository may allow
unexpected files to be added to the .git folder
Description: The checks involved in disallowed paths did not account
for case insensitivity or unicode characters. This issue was
addressed by adding additional checks.
CVE-ID
CVE-2014-9390 : Matt Mackall of Mercurial and Augie Fackler of
Mercurial

Xcode 6.2 beta 3 may be obtained from:
https://developer.apple.com/xcode/downloads/

To check that the Xcode has been updated:

* Select Xcode in the menu bar
* Select About Xcode
* The version after applying this update will be “6.2 (6C101)”.

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT1222

This message is signed with Apple’s Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

—–BEGIN PGP SIGNATURE—–
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools – http://gpgtools.org

iQIcBAEBAgAGBQJUk1PKAAoJEBcWfLTuOo7t268P/2z353ePUi8rj8332xbzgYsz
Jc4kMXnGe1jM2Gx12RuT/v/QIIjfguCSzExXimQriFTIbnkFz8rYDPqSFI0fM2T9
8dbtpED3VnsvGQmAUVCfd9GvtqDvx6ZPW2AKih6ly7XtGtqBZLxssGbZFvXNU4X3
fDbmF0jm8nLQoAcpFvarERmhQQOeMDw2Grf3ynPpMxe2iznAkAR8Asves8sUFh36
ALdDyQtW2WhWSUhHN8o31VTD2DgV57VwJ2rL6F9UMHmOu7x5SBAATLaNRD1fQOrR
aMmFypeUQR1/6CyTT8E9ReUy5iG4X+Sy52LPB7sovPTLIweaOW1Ru12XEbjhBzR6
ZNUMcujQEAWwzaHPBIzDKCcG74QY/JpZzrnwvgvgVZ+nrM2tDtSUbfHmGJGzLDNw
xmE+fn1Ik1p1pSShOUO1/2uU9fM9x/P86Kyp07QG7sOZoJN6Wbn+CM/TGwpLBRRs
4Rj+NxlNph5IWzfLIJqCTu4v8hpM/jIMYjQG69BewXOisZVKw1FVHWIzbxHVIApH
n+Kk4Wc2qhLaLLiPzMaDrwe4i5in8ImDhTUW0WH6Un7xuojvRFvTWLchc/Z7QJ6l
+ExN2msjPf73iHY4c9E4eWNOeIyzrpyyHqrxswnlp844fpDHF9Qc8jVScywMtcc0
qOvKkbiVCkNdEtNdAq0d
=Umq9
—–END PGP SIGNATURE—–

_______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list (Security-announce@lists.apple.com)

AutorTomislav Protega
Cert idNCERT-REF-2014-12-0018-ADV
CveCVE-2014-9390
ID izvornikaAPPLE-SA-2014-12-18-1
ProizvodXcode
Izvorhttp://www.apple.com
ncert
Top
More in Preporuke
Ranjivost programske biblioteke glibc

Otkrivena je ranjivost programske biblioteke glibc za RHEL 7. Ustanovljeno je da funkcija wordexp nije primjenjivala WRDE_NOCMD flag, što je...

Close