-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2009-03-11 iTunes 8.1
iTunes 8.1 is now available and addresses the following: iTunes CVE-ID: CVE-2009-0016 Available for: Windows XP or Vista Impact: Sending a maliciously crafted DAAP message may lead to a denial of service Description: An infinite loop exists in the handling of iTunes Digital Audio Access Protocol (DAAP) messages. Sending a message containing a maliciously crafted Content-Length parameter in the DAAP header may lead to a denial of service. This update addresses the issue by performing additional validation of DAAP messages. This issue does not affect Mac OS X systems. Credit to Xiaopeng Zhang, Zhenhua Liu, and Junfeng Jia of Fortinet's FortiGuard Global Security Research Team for reporting this issue. iTunes CVE-ID: CVE-2009-0143 Available for: Mac OS X v10.4.10 or later, Mac OS X Server v10.4.10 or later, Windows XP or Vista Impact: Subscribing to a malicious podcast may lead to the disclosure of iTunes username and password Description: A design issue exists in the iTunes podcast feature. A subscription to a malicious podcast may cause an authentication dialog to be presented to the user. This dialog may entice the user to send iTunes credentials to the podcast server. This update addresses the issue by clarifying the origin of the authentication request in the dialog. Credit to Simon Bellwood for reporting this issue. iTunes 8.1 may be obtained from: http://www.apple.com/itunes/download/ For Mac OS X: The download file is named: "iTunes8.1.dmg" Its SHA-1 digest is: 6c9ee64741158c9f45417b965b38b01ea3b51af1 For Windows XP / Vista: The download file is named: "iTunesSetup.exe" Its SHA-1 digest is: 562bcc78760c4055f84d53730089a62dfa9c3fcf For Windows XP / Vista 64 Bit: The download file is named: "iTunes64Setup.exe" Its SHA-1 digest is: fb07309a0196b424ed434be1143f9e8bcd978d62 Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (Darwin) iQEcBAEBAgAGBQJJuFCFAAoJEHkodeiKZIkBkIgIAMbwqybKAWvT3jzL4nfuvYye QmH3rVy6UEhvSBlWZa/mNgiqP0Z3N3Q06lRF+q1fYZBPhUwunKQhZmti78gOPe/z MkO/BdREnd8NGZmtvQvwkgj7se2dP7M6VfheBwCzTWaLQHsW7Bf6Nc8ZRCcA/I33 Zo0hETDS+lNWMBT92ud8CoF0FgpU47+k74j+fICzpkN94TRiAJAnLDRqIBgdZHjG 1itWj7M0kIoduyc4IiRoay5XimGoU/y3/OOFchSpBieprvzq5haCzbLLLdr3D6Wg q2qD9wYjUSZsC9iWIGBd+Lf5eO4J9ks6ylOcXL4gtpnJz3JJP5DkKcUe4WyjEtQ= =DiFE -----END PGP SIGNATURE----- *********************************** * POST TO [email protected] * *********************************** Medianews mailing list [email protected] http://lists.etskywarn.net/mailman/listinfo/medianews
