You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa Xcode

Sigurnosni nedostaci programskog paketa Xcode

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: M
  • Kategorije: APL

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA512

APPLE-SA-2015-12-08-6 Xcode 7.2

Xcode 7.2 is now available and addresses the following:

Git
Available for: OS X Yosemite v10.10.5 or later
Impact: Multiple vulnerabilities existed in Git
Description: Multiple vulnerabilities existed in Git versions prior
to 2.5.4. These were addressed by updating Git to version 2.5.4.
CVE-ID
CVE-2015-7082

IDE SCM
Available for: OS X Yosemite v10.10.5 or later
Impact: Intentionally untracked files may be uploaded to
repositories
Description: Xcode did not honor the .gitignore directive. This
issue was addressed by adding support to honor .gitignore file.
CVE-ID
CVE-2015-7056 : Stephen Lardieri

otools
Available for: OS X Yosemite v10.10.5 or later
Impact: A local attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: Multiple memory corruption issues existed in the
processing of mach-o files. These issues were addressed through
improved memory handling.
CVE-ID
CVE-2015-7049 : Proteas of Qihoo 360 Nirvan Team
CVE-2015-7057 : Proteas of Qihoo 360 Nirvan Team

Installation note:

Xcode 7.2 may be obtained from:
https://developer.apple.com/xcode/downloads/

To check that the Xcode has been updated:

* Select Xcode in the menu bar
* Select About Xcode
* The version after applying this update will be “7.2”.

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple’s Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
—–BEGIN PGP SIGNATURE—–
Comment: GPGTools – https://gpgtools.org

iQIcBAEBCgAGBQJWZzRaAAoJEBcWfLTuOo7td2kP/Ag61Qpz8uA8MgClf9SbFJau
FNMDPV7ZOLPPc+DA37rQIwQemSe8dkt4Jnc6TOcTQdR7+f+Mt0QgscDW9xlOlYT4
Ofg5h5XnrKQ02DBkptD4ms5RH8JAHDKCYj8WttlBnBVsJMb6H3s5Om6vfubXkb7t
6bdUMe7iCgRsGuRrBuzPfxjMzh2ilnWML1B6VJkRi6rMnWTW2a66BWvfqLL1Cv2h
1ybIaJi1wsw0lTxGIb+bNM8lg+EL4JLEV+DSJ6mFtDpF6dQBqndbxjopbO5l6LzT
rnWtFTQQ1/6SAM11n9bbDOQj8w8QW3v0CAyad4HN+5Ayk/qnuJZ8o1ycSGAIrQgr
HCzG8RELjK9ipgkdu5daXUc75SGVPuuwobQM6SNzrg5M6SVzIvVdSibTwfgnDvgu
PQO6mBZXLewSBoWqJAQnoDJXExSJ67IE5RzXwvg5KQcF+81Toj48HUxxd98PKrnI
gPbhf8QT9/asGupN4wh3JjN73/qm2BwpJsbPvVj42Ew1OnsBgldpEL1Ssl/2qX0O
pPi1pfF6PIFQUrbloWyYC+lIJuydb3FZUYKLR6HSn7v7RrZu5n8Uvj+5VX3TyVOi
5WzXvbHd9L3exphb8SnITTUdZX6LzkUgRrQRvGWTzT/AfIHQRAyliyk7BgYRqzHH
ObtqW74YB0YXaiw1ckGl
=FxUB
—–END PGP SIGNATURE—–

_______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list (Security-announce@lists.apple.com)

AutorMarko Stanec
Cert idNCERT-REF-2015-12-0017-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
Izvorhttp://www.adobe.com/
Top
More in Preporuke
Sigurnosni propust programskog paketa git

Otkiven je sigurnosni propust u načinu kojim je git-remote-ext helper obrađivao određene URL-ove. Potencijalni napadač propust bi mogao iskoristiti za...

Close