You are here
Home > Preporuke > Ranjivost programskog paketa Xcode

Ranjivost programskog paketa Xcode

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA512

APPLE-SA-2015-04-08-5 Xcode 6.3

Xcode 6.3 is now available and addresses the following:

Clang
Available for: OS X Mavericks v10.9.4 or later
Impact: An attacker may be able to bypass stack guards
Description: A register allocation issue existed in clang which
sometimes led to stack cookie pointers being stored on the stack
itself. This issue was addressed with improved register allocation.

Swift
Available for: OS X Mavericks v10.9.4 or later
Impact: Swift programs performing certain type conversions may
receive unexpected values
Description: A integer overflow issue existed in the simulator that
could lead to conversions returning unexpected values. This issue was
addressed by using improved checks.
CVE-ID
CVE-2015-1149

Xcode 6.3 may be obtained from:
https://developer.apple.com/xcode/downloads/

To check that the Xcode has been updated:

* Select Xcode in the menu bar
* Select About Xcode
* The version after applying this update will be “6.3”.

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT1222

This message is signed with Apple’s Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
—–BEGIN PGP SIGNATURE—–
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools – https://gpgtools.org

iQIcBAEBCgAGBQJVJHMkAAoJEBcWfLTuOo7tXiwQAItddyjaYou2YXMjRu3dc1FR
W69zMBR1GHQHqwIG+Cy++dU9+cQMxRgJuMj5GJrcKBdUy36cOXvUEdLGvuikgrmc
jcxMDYVvDpvvjdY7N/PWq63w4zPllM+mJ8/n2vtOyHsSTesYu0JwhFGPkSqkN9jQ
JcJIU4Mk3IuftR3GW7ryUoWPjeL4ZLqRdYpgglSgYOXhpDYJd97Z2p28FPCQ6K6p
ww0uPFXc4RqM1S4EwZWofXfiuUmAR6gCz7sNjXlPsvWFhL4RF+ppnKsW34qA+zrU
rsbm/QcIimdzYUsOhsM993uN/l/EWmjuExZ7tJDjWD5PLJtztM2fAEBSs0+g/JSh
CFDDMOKUV6/jd0l/V1Y5/OaeR+D3/rx/nMXkwBzq5itYxfFBtzi3SfQ6VFHtfdxR
AoKwuijG4y6Ll3joeQ73Ub/UX8suLkKH+WFa1WqDEom6dbmkEuASamwJ45MLHMBV
x6vo2pL0mo/9/rCCEz5+qRncauRIVrOt+YwJSpILGqBYRi/61iwW3nIL1pg8jcdj
ovWYUzLq4tMhLGlg3VegE5AqaiAmruULqYozZ5CtkydJCdnxiSPjpIJYLYOctGF8
cVB9XvB2Z1UYV4GqG7oZxUJiEVOfveZZqmUH/b5tcPQBIKf6E/PAaNRZ3IJ1Tyle
1uiCuBgp/UXGDrxpxIDu
=rNdR
—–END PGP SIGNATURE—–
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list (Security-announce@lists.apple.com)

Top
More in Preporuke
Sigurnosni nedostaci programskog paketa linux-lts-utopic

Otkriveni su sigurnosni nedostaci u programskom paketu linux-lts-utopic za Ubuntu 14.04 LTS. Otkriveni nedostaci potencijalnim napadačima omogućuju zaobilaženje ASLR zaštite...

Close