APPLE-SA-2015-08-13-1

APPLE-SA-2015-08-13-3

openSUSE-SU-2016:0915

76341

1033274

USN-2937-1

https://support.apple.com/kb/HT205030

https://support.apple.com/kb/HT205033

Versions of Apple TV earlier than 7.2.1 are unpatched for vulnerabilities in the following components :

 - bootp
 - CFPreferences
 - CloudKit
 - Code Signing
 - CoreMedia Playback
 - CoreText
 - DiskImages
 - FontParser
 - ImageIO
 - IOHIDFamily
 - IOKit
 - Kernel
 - Libc
 - Libinfo
 - libpthread
 - libxml2
 - libxpc
 - libxslt
 - Location Framework
 - Office Viewer
 - QL Office
 - Sandbox_profiles
 - WebKit

According to its banner, the remote Apple TV device is a version prior to 7.2.1. It is, therefore, affected by multiple vulnerabilities in the following components :

  - bootp
  - CFPreferences
  - CloudKit
  - Code Signing
  - CoreMedia Playback
  - CoreText
  - DiskImages
  - FontParser
  - ImageIO
  - IOHIDFamily
  - IOKit
  - Kernel
  - Libc
  - Libinfo
  - libpthread
  - libxml2
  - libxpc
  - libxslt
  - Location Framework
  - Office Viewer
  - QL Office
  - Sandbox_profiles
  - WebKit

This update addresses the following vulnerabilities: * [CVE-2015-1120](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201 5-1120) * [CVE-2015-1076](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201 5-1076) * [CVE-2015-1071](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201 5-1071) * [CVE-2015-1081](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201 5-1081) * [CVE-2015-1122](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201 5-1122) * [CVE-2015-1155](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201 5-1155) * [CVE-2014-1748](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201 4-1748) * [CVE-2015-3752](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201 5-3752) * [CVE-2015-5809](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201 5-5809) * [CVE-2015-5928](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201 5-5928) * [CVE-2015-3749](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201 5-3749) * [CVE-2015-3659](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201 5-3659) * [CVE-2015-3748](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201 5-3748) * [CVE-2015-3743](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201 5-3743) * [CVE-2015-3731](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201 5-3731) * [CVE-2015-3745](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201 5-3745) * [CVE-2015-5822](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201 5-5822) * [CVE-2015-3658](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201 5-3658) * [CVE-2015-3741](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201 5-3741) * [CVE-2015-3727](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201 5-3727) * [CVE-2015-5801](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201 5-5801) * [CVE-2015-5788](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201 5-5788) * [CVE-2015-3747](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201 5-3747) * [CVE-2015-5794](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201 5-5794) * [CVE-2015-1127](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201 5-1127) * [CVE-2015-1153](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201 5-1153) * [CVE-2015-1083](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201 5-1083) Additional fixes: * Fix crashes on PowerPC 64. * Fix the build on PowerPC 32.

  - Add ARM64 build support. Translation updates * German *     Spanish * French

    - Italian * Korean * Brazilian Portuguese * Russian *       Chinese.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for webkitgtk fixes the following issues :

  - webkitgtk was updated to version 2.4.10 (boo#971460) :

  + Fix rendering of form controls and scrollbars with GTK+     >= 3.19.

  + Fix crashes on PPC64.

  + Fix the build on powerpc 32 bits.

  + Add ARM64 build support.

  + Security fixes: CVE-2015-1120, CVE-2015-1076,     CVE-2015-1071, CVE-2015-1081, CVE-2015-1122,     CVE-2015-1155, CVE-2014-1748, CVE-2015-3752,     CVE-2015-5809, CVE-2015-5928, CVE-2015-3749,     CVE-2015-3659, CVE-2015-3748, CVE-2015-3743,     CVE-2015-3731, CVE-2015-3745, CVE-2015-5822,     CVE-2015-3658, CVE-2015-3741, CVE-2015-3727,     CVE-2015-5801, CVE-2015-5788, CVE-2015-3747,     CVE-2015-5794, CVE-2015-1127, CVE-2015-1153,     CVE-2015-1083.

  + Updated translations.

This update addresses the following vulnerabilities :

  - CVE-2015-1120

(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1120)

  - CVE-2015-1076

(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1076)

  - CVE-2015-1071

(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1071)

  - CVE-2015-1081

(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1081)

  - CVE-2015-1122

(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1122)

  - CVE-2015-1155

(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1155)

  - CVE-2014-1748

(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1748)

  - CVE-2015-3752

(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3752)

  - CVE-2015-5809

(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5809)

  - CVE-2015-5928

(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5928)

  - CVE-2015-3749

(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3749)

  - CVE-2015-3659

(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3659)

  - CVE-2015-3748

(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3748)

  - CVE-2015-3743

(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3743)

  - CVE-2015-3731

(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3731)

  - CVE-2015-3745

(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3745)

  - CVE-2015-5822

(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5822)

  - CVE-2015-3658

(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3658)

  - CVE-2015-3741

(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3741)

  - CVE-2015-3727

(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3727)

  - CVE-2015-5801

(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5801)

  - CVE-2015-5788

(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5788)

  - CVE-2015-3747

(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3747)

  - CVE-2015-5794

(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5794)

  - CVE-2015-1127

(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1127)

  - CVE-2015-1153

(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1153)

  - CVE-2015-1083

(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1083)

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote host is running a version of iOS that is prior to version 8.4.1 and the following components contain vulnerabilities :

 - Air Traffic 
 - AppleFileConduit 
 - Backup 
 - bootp 
 - CFPreferences 
 - Certificate UI 
 - CloudKit 
 - Code Signing 
 - CoreMedia Playback 
 - CoreText 
 - DiskImages 
 - FontParser 
 - IOHIDFamily 
 - IOKit 
 - ImageIO 
 - Kernel 
 - Libc 
 - Libinfo 
 - libpthread 
 - libxml2 
 - libxpc 
 - Location Framework 
 - MSVDX Driver 
 - MobileInstallation 
 - Office Viewer 
 - QL Office 
 - Safari 
 - Sandbox_profiles 
 - UIKit WebView 
 - Web 
 - WebKit

Versions of Safari prior to 6.2.8 / 7.1.8 / 8.0.8 are reportedly affected by the following vulnerabilities :

 - An unspecified flaw exists that allows an attacker to spoof UI elements by using crafted web pages. (CVE-2015-3729)
 - Multiple memory corruption flaws exist in WebKit due to improper validation of user-supplied input. An attacker can exploit these, by using a crafted web page, to execute arbitrary code. (CVE-2015-3730, CVE-2015-3731, CVE-2015-3732, CVE-2015-3733, CVE-2015-3734, CVE-2015-3735, CVE-2015-3736, CVE-2015-3737, CVE-2015-3738, CVE-2015-3739, CVE-2015-3740, CVE-2015-3741, CVE-2015-3742, CVE-2015-3743, CVE-2015-3744, CVE-2015-3745, CVE-2015-3746, CVE-2015-3747, CVE-2015-3748, CVE-2015-3749)
 - A security policy bypass vulnerability exists in WebKit related to handling Content Security Policy report requests. An attacker can exploit this to bypass the HTTP Strict Transport Security policy. (CVE-2015-3750)
 - A security policy bypass vulnerability exists in WebKit that allows websites to use video controls to load images nested in object elements in violation of Content Security Policy directives. (CVE-2015-3751)
 - An information disclosure vulnerability exists in WebKit related to how cookies are added to Content Security Policy report requests, which results in cookies being exposed to cross-origin requests. Also, cookies set during regular browsing are sent during private browsing. (CVE-2015-3752)
 - An information disclosure vulnerability exists in the WebKit Canvas component when images are called using URLs that redirect to a data:image resource. An attacker, using a malicious website, can exploit this to disclose image data cross-origin. (CVE-2015-3753)
 - An information disclosure vulnerability exists in WebKit page loading where the caching of HTTP authentication credentials entered in private browsing mode were carried over into regular browsing, resulting in a user's private browsing history being exposed. (CVE-2015-3754)
 - A flaw in the WebKit process model allows a malicious website to display an arbitrary URL, which can allow user interface spoofing. (CVE-2015-3755)

The version of Apple Safari installed on the remote Mac OS X host is prior to 6.2.8 / 7.1.8 / 8.0.8. It is, therefore, affected by the following vulnerabilities :

  - An unspecified flaw exists that allows an attacker to     spoof UI elements by using crafted web pages.
    (CVE-2015-3729)

  - Multiple memory corruption flaws exist in WebKit due     to improper validation of user-supplied input. An     attacker can exploit these, by using a crafted web page,     to execute arbitrary code. (CVE-2015-3730, CVE-2015-3731     CVE-2015-3732, CVE-2015-3733, CVE-2015-3734,     CVE-2015-3735, CVE-2015-3736, CVE-2015-3737,     CVE-2015-3738, CVE-2015-3739, CVE-2015-3740,     CVE-2015-3741, CVE-2015-3742, CVE-2015-3743,     CVE-2015-3744, CVE-2015-3745, CVE-2015-3746,     CVE-2015-3747, CVE-2015-3748, CVE-2015-3749)

  - A security policy bypass vulnerability exists in WebKit     related to handling Content Security Policy report     requests. An attacker can exploit this to bypass the     HTTP Strict Transport Security policy. (CVE-2015-3750)

  - A security policy bypass vulnerability exists in WebKit     that allows websites to use video controls to load     images nested in object elements in violation of Content     Security Policy directives. (CVE-2015-3751)

  - An information disclosure vulnerability exists in WebKit     related to how cookies are added to Content Security     Policy report requests, which results in cookies being     exposed to cross-origin requests. Also, cookies set     during regular browsing are sent during private     browsing. (CVE-2015-3752)

  - An information disclosure vulnerability exists in the     WebKit Canvas component when images are called using     URLs that redirect to a data:image resource. An     attacker, using a malicious website, can exploit this to     disclose image data cross-origin. (CVE-2015-3753)

  - An information disclosure vulnerability exists in WebKit     page loading where the caching of HTTP authentication     credentials entered in private browsing mode were carried     over into regular browsing, resulting in a user's private     browsing history being exposed. (CVE-2015-3754)

  - A flaw in the WebKit process model allows a malicious     website to display an arbitrary URL, which can allow     user interface spoofing. (CVE-2015-3755)

The remote host is running a version of Mac OS X 10.8.5 or 10.9.5 that is missing Security Update 2015-006. It is, therefore, affected by multiple vulnerabilities in the following components :

  - apache
  - apache_mod_php
  - CoreText
  - FontParser
  - Libinfo
  - libxml2
  - OpenSSL
  - perl
  - PostgreSQL
  - QL Office
  - Quartz Composer Framework
  - QuickTime 7
  - SceneKit

Note that successful exploitation of the most serious issues can result in arbitrary code execution.

The remote host is running a version of Mac OS X 10.10.x that is prior to 10.10.5. It is, therefore, affected by multiple vulnerabilities in the following components :

  - apache
  - apache_mod_php
  - Apple ID OD Plug-in
  - AppleGraphicsControl
  - Bluetooth
  - bootp
  - CloudKit
  - CoreMedia Playback
  - CoreText
  - curl
  - Data Detectors Engine
  - Date & Time pref pane
  - Dictionary Application
  - DiskImages
  - dyld
  - FontParser
  - groff
  - ImageIO
  - Install Framework Legacy
  - IOFireWireFamily
  - IOGraphics
  - IOHIDFamily
  - Kernel
  - Libc
  - Libinfo
  - libpthread
  - libxml2
  - libxpc
  - mail_cmds
  - Notification Center OSX
  - ntfs
  - OpenSSH
  - OpenSSL
  - perl
  - PostgreSQL
  - python
  - QL Office
  - Quartz Composer Framework
  - Quick Look
  - QuickTime 7
  - SceneKit
  - Security
  - SMBClient
  - Speech UI
  - sudo
  - tcpdump
  - Text Formats
  - udf 

Note that successful exploitation of the most serious issues can result in arbitrary code execution.

The mobile device is running a version of iOS prior to version 8.4.1.
It is, therefore, affected by vulnerabilities in the following components :

  - Air Traffic
  - AppleFileConduit
  - Backup
  - bootp
  - CFPreferences
  - Certificate UI
  - CloudKit
  - Code Signing
  - CoreMedia Playback
  - CoreText
  - DiskImages
  - FontParser
  - IOHIDFamily
  - IOKit
  - ImageIO
  - Kernel
  - Libc
  - Libinfo
  - libpthread
  - libxml2
  - libxpc
  - Location Framework
  - MSVDX Driver
  - MobileInstallation
  - Office Viewer
  - QL Office
  - Safari
  - Sandbox_profiles
  - UIKit WebView
  - Web
  - WebKit

ID	Name	Product	Family	Severity
9333	Apple TV < 7.2.1 Multiple Vulnerabilities	Nessus Network Monitor	Internet Services	medium
90315	Apple TV < 7.2.1 Multiple Vulnerabilities	Nessus	Misc.	high
90283	Fedora 22 : webkitgtk-2.4.10-1.fc22 (2016-9ec1850fff)	Nessus	Fedora Local Security Checks	medium
90259	openSUSE Security Update : webkitgtk (openSUSE-2016-412)	Nessus	SuSE Local Security Checks	medium
90232	Fedora 24 : webkitgtk3-2.4.10-1.fc24 (2016-fde7ffcb77)	Nessus	Fedora Local Security Checks	medium
90220	Fedora 24 : webkitgtk-2.4.10-1.fc24 (2016-a4fcb02d6b)	Nessus	Fedora Local Security Checks	medium
90104	Fedora 23 : webkitgtk-2.4.10-1.fc23 (2016-5d6d75dbea)	Nessus	Fedora Local Security Checks	medium
90094	Ubuntu 14.04 LTS / 15.10 : webkitgtk vulnerabilities (USN-2937-1)	Nessus	Ubuntu Local Security Checks	medium
90035	Fedora 23 : webkitgtk3-2.4.10-1.fc23 (2016-1a7f7ffb58)	Nessus	Fedora Local Security Checks	medium
8978	Apple iOS < 8.4.1 Multiple Vulnerabilities	Nessus Network Monitor	Mobile Devices	critical
8949	Safari < 6.2.8 / 7.1.8 / 8.0.8 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	medium
85446	Mac OS X : Apple Safari < 6.2.8 / 7.1.8 / 8.0.8 Multiple Vulnerabilities	Nessus	MacOS X Local Security Checks	medium
85409	Mac OS X Multiple Vulnerabilities (Security Update 2015-006)	Nessus	MacOS X Local Security Checks	high
85408	Mac OS X 10.10.x < 10.10.5 Multiple Vulnerabilities	Nessus	MacOS X Local Security Checks	high
85407	Apple iOS < 8.4.1 Multiple Vulnerabilities	Nessus	Mobile Devices	high

CVE-2015-3752

Description

References

Details

Risk Information

CVSS v2.0

Vulnerable Software

Configuration 1

Configuration 2

Configuration 3

Tenable Plugins