Home / vulnerabilitiesPDF  

Apple Security Advisory 2015-12-08-6

Posted on 11 December 2015
Source : packetstormsecurity.org Link

 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2015-12-08-6 Xcode 7.2

Xcode 7.2 is now available and addresses the following:

Git
Available for: OS X Yosemite v10.10.5 or later
Impact: Multiple vulnerabilities existed in Git
Description: Multiple vulnerabilities existed in Git versions prior
to 2.5.4. These were addressed by updating Git to version 2.5.4.
CVE-ID
CVE-2015-7082

IDE SCM
Available for: OS X Yosemite v10.10.5 or later
Impact: Intentionally untracked files may be uploaded to
repositories
Description: Xcode did not honor the .gitignore directive. This
issue was addressed by adding support to honor .gitignore file.
CVE-ID
CVE-2015-7056 : Stephen Lardieri

otools
Available for: OS X Yosemite v10.10.5 or later
Impact: A local attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: Multiple memory corruption issues existed in the
processing of mach-o files. These issues were addressed through
improved memory handling.
CVE-ID
CVE-2015-7049 : Proteas of Qihoo 360 Nirvan Team
CVE-2015-7057 : Proteas of Qihoo 360 Nirvan Team

Installation note:

Xcode 7.2 may be obtained from:
https://developer.apple.com/xcode/downloads/

To check that the Xcode has been updated:

* Select Xcode in the menu bar
* Select About Xcode
* The version after applying this update will be "7.2".

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJWZzRaAAoJEBcWfLTuOo7td2kP/Ag61Qpz8uA8MgClf9SbFJau
FNMDPV7ZOLPPc+DA37rQIwQemSe8dkt4Jnc6TOcTQdR7+f+Mt0QgscDW9xlOlYT4
Ofg5h5XnrKQ02DBkptD4ms5RH8JAHDKCYj8WttlBnBVsJMb6H3s5Om6vfubXkb7t
6bdUMe7iCgRsGuRrBuzPfxjMzh2ilnWML1B6VJkRi6rMnWTW2a66BWvfqLL1Cv2h
1ybIaJi1wsw0lTxGIb+bNM8lg+EL4JLEV+DSJ6mFtDpF6dQBqndbxjopbO5l6LzT
rnWtFTQQ1/6SAM11n9bbDOQj8w8QW3v0CAyad4HN+5Ayk/qnuJZ8o1ycSGAIrQgr
HCzG8RELjK9ipgkdu5daXUc75SGVPuuwobQM6SNzrg5M6SVzIvVdSibTwfgnDvgu
PQO6mBZXLewSBoWqJAQnoDJXExSJ67IE5RzXwvg5KQcF+81Toj48HUxxd98PKrnI
gPbhf8QT9/asGupN4wh3JjN73/qm2BwpJsbPvVj42Ew1OnsBgldpEL1Ssl/2qX0O
pPi1pfF6PIFQUrbloWyYC+lIJuydb3FZUYKLR6HSn7v7RrZu5n8Uvj+5VX3TyVOi
5WzXvbHd9L3exphb8SnITTUdZX6LzkUgRrQRvGWTzT/AfIHQRAyliyk7BgYRqzHH
ObtqW74YB0YXaiw1ckGl
=FxUB
-----END PGP SIGNATURE-----

 

TOP