WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Category Archives: Security
Security
CVE-2012-0626 (iphone_os, itunes, safari)
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
CVE-2012-0622 (iphone_os, itunes, safari)
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
CVE-2012-0632 (iphone_os, itunes, safari)
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
CVE-2012-0635 (iphone_os, itunes, safari)
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
CVE-2012-0633 (iphone_os, itunes, safari)
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
CVE-2012-0628 (iphone_os, itunes, safari)
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
[ANNOUNCEMENT] Apache HTTP Server 2.4.1 Released
Apache HTTP Server 2.4.1 Released
The Apache Software Foundation and the Apache HTTP Server Project are
pleased to announce the GA release of version 2.4.1 of the Apache HTTP
Server. This version of Apache HTTP Server is the first GA release of
the new 2.4.x branch.
Apache HTTP Server 2.4 provides a number of improvements and
enhancements over the 2.2 version. A listing and description of these
features is available via:
http://httpd.apache.org/docs/2.4/new_features_2_4.html
Please see the CHANGES_2.4 file, linked from the download page, for a
full list of changes.
We consider this release to be the best version of Apache HTTP Server
available, and encourage users of all prior versions to upgrade.
Apache HTTP Server 2.4.1 is available for download from:
http://httpd.apache.org/download.cgi
This release requires the Apache Portable Runtime (APR) version 1.4.x
and APR-Util version 1.4.x. The APR libraries must be upgraded for all
features of httpd to operate correctly.
This release builds on and extends the Apache 2.2 API. Modules written
for Apache 2.2 will need to be recompiled in order to run with Apache
2.4, and may require minimal source code changes.
http://httpd.apache.org/docs/2.4/developer/new_api_2_4.html
A summary of all of the security vulnerabilities addressed in this and
earlier releases is available:
http://httpd.apache.org/security/vulnerabilities_24.html
Important:
Windows users: AcceptFilter None has replaced Win32DisableAcceptEx
and the feature appears to have interoperability issues with mod_ssl.
Apache 2.4.1 may not yet be suitable for all Windows servers. There
is not yet a Windows binary distribution of httpd 2.4, but this is
expected to be remedied soon as various dependencies graduate from
beta to GA.
CVE-2012-0206 (authoritative_server)
common_startup.cc in PowerDNS (aka pdns) Authoritative Server before 2.9.22.5 and 3.x before 3.0.1 allows remote attackers to cause a denial of service (packet loop) via a crafted UDP DNS response.
CVE-2011-3025 (chrome)
Google Chrome before 17.0.963.56 does not properly parse H.264 data, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.