Информационная безопасность
[RU] switch to English


Дополнительная информация

  Многочисленные уязвимости безопасности в Apple Xcode

  APPLE-SA-2015-10-21-
7 Xcode 7.1

From:APPLE
Date:5 октября 2015 г.
Subject:APPLE-SA-2015-09-16-2 Xcode 7.0



APPLE-SA-2015-09-16-2 Xcode 7.0

Xcode 7.0 is now available and addresses the following:

DevTools
Available for:  OS X Yosemite v10.10.4 or later
Impact:  An attacker may be able to bypass access restrictions
Description:  An API issue existed in the apache configuration. This
issue was addressed by updating header files to use the latest
version.
CVE-ID
CVE-2015-3185 : Branko Aibej of the Apache Software Foundation

IDE Xcode Server
Available for:  OS X Yosemite 10.10 or later
Impact:  An attacker may be able to access restricted parts of the
filesystem
Description:  A comparison issue existed in the node.js send module
prior to version 0.8.4. This issue was addressed by upgrading to
version 0.12.3.
CVE-ID
CVE-2014-6394 : Ilya Kantor

IDE Xcode Server
Available for:  OS X Yosemite v10.10.4 or later
Impact:  Multiple vulnerabilties in OpenSSL
Description:  Multiple vulnerabilties existed in the node.js OpenSSL
module prior to version 1.0.1j. These issues were addressed by
updating openssl to version 1.0.1j.
CVE-ID
CVE-2014-3513
CVE-2014-3566
CVE-2014-3567
CVE-2014-3568

IDE Xcode Server
Available for:  OS X Yosemite v10.10.4 or later
Impact:  An attacker with a privileged network position may be able
to inspect traffic to Xcode Server
Description:  Connections to Xcode Server may have been made without
encryption. This issue was addressed through improved network
connection logic.
CVE-ID
CVE-2015-5910 : an anonymous researcher

IDE Xcode Server
Available for:  OS X Yosemite v10.10.4 or later
Impact:  Build notifications may be sent to unintended recipients
Description:  An access issue existed in the handling of repository
email lists. This issue was addressed through improved validation.
CVE-ID
CVE-2015-5909 : Daniel Tomlinson of Rocket Apps, David Gatwood of
Anchorfree

subversion
Available for:  OS X Yosemite v10.10.4 or later
Impact:  Multiple vulnerabilities existed in svn versions prior to
1.7.19
Description:  Multiple vulnerabilities existed in svn versions prior
to 1.7.19. These issues were addressed by updating svn to version
1.7.20.
CVE-ID
CVE-2015-0248
CVE-2015-0251


Xcode 7.0 may be obtained from:
https://developer.apple.com/xcode/downloads/

To check that the Xcode has been updated:

* Select Xcode in the menu bar
* Select About Xcode
* The version after applying this update will be "7.0".

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород