« iPhone OS 2.1 kommt am Freitag [Update] | Start | Neue Kopfhörer mit Fernbedienung und Mikro für neue iPods (touch, classic, nano) »

9.09.2008

QuickTime 7.5.5 und iTunes 8 stehen bereit [Update: Front Row 2.1.6]

QuickTime 7.5.5 wird aktuell über die Softwareaktualisierung (oder direkt für 10.5, 10.4, Windows) angeboten. Das 67,5 Megabyte große Update soll Zuverlässigkeit, Programmkompatibilität und Sicherheit verbessern. Ein Neustart ist erforderlich.
itunes8.jpg
QuickTime 7.5.5 ist außerdem Voraussetzung für iTunes 8, das inzwischen auf apple.com für Mac OS X oder Windows bezogen werden kann. (Danke an alle Tippgeber!)
Update 21:05 Uhr: Nach dem QT-Update zeigt sich das Front Row-Update 2.1.6 in der Softwareaktualisierung. Es "verbessert die Kompatibilität mit iTunes 8.0 und enthält Fehlerbehebungen". 13,1 Megabyte groß.
Update 21:35 Uhr: Die gestopften Sicherheitslücken betrafen ausschließlich QuickTime unter 10.4 und Windows XP/Vista. Aufgeführt im Detail nach dem Klick.

QuickTime
CVE-ID: CVE-2008-3615
Available for: Windows Vista, XP SP2 and SP3
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: An uninitialized memory access issue exists in the
third-party Indeo v5 codec for QuickTime, which does not ship with
QuickTime. Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution. This
update addresses the issue by not rendering content encoded with any
version of the Indeo codec. This issue does not affect systems
running Mac OS X. Credit to Paul Byrne of NGSSoftware for reporting
this issue.

QuickTime
CVE-ID: CVE-2008-3635
Available for: Windows Vista, XP SP2 and SP3
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A stack buffer overflow exists in the third-party Indeo
v3.2 codec for QuickTime. Viewing a maliciously crafted movie file
may lead to an unexpected application termination or arbitrary code
execution. This update addresses the issue by not rendering content
encoded with any version of the Indeo codec. This issue does not
affect systems running Mac OS X. Credit to an anonymous researcher
working with TippingPoint's Zero Day Initiative for reporting this
issue.

QuickTime
CVE-ID: CVE-2008-3624
Available for: Mac OS X v10.4.9 - v10.4.11,
Mac OS X v10.5 or later, Windows Vista, XP SP2 and SP3
Impact: Viewing a maliciously crafted QTVR movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A heap buffer overflow exists in QuickTime's handling
of panorama atoms in QTVR (QuickTime Virtual Reality) movie files.
Viewing a maliciously crafted QTVR file may lead to an unexpected
application termination or arbitrary code execution. This update
addresses the issue through improved bounds checking of panorama
atoms. Credit to Roee Hay of IBM Rational Application Security
Research Group for reporting this issue.

QuickTime
CVE-ID: CVE-2008-3625
Available for: Mac OS X v10.4.9 - v10.4.11,
Mac OS X v10.5 or later, Windows Vista, XP SP2 and SP3
Impact: Viewing a maliciously crafted QTVR movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A stack buffer overflow exists in QuickTime's handling
of panorama atoms in QTVR (QuickTime Virtual Reality) movie files.
Viewing a maliciously crafted QTVR file may lead to an unexpected
application termination or arbitrary code execution. This update
addresses the issue through improved bounds checking of panorama
atoms. Credit to an anonymous researcher working with TippingPoint's
Zero Day Initiative for reporting this issue.

QuickTime
CVE-ID: CVE-2008-3614
Available for: Windows Vista, XP SP2 and SP3
Impact: Opening a maliciously crafted PICT image may lead to an
unexpected application termination or arbitrary code execution
Description: An integer overflow exists in QuickTime's handling of
PICT images. Opening a maliciously crafted PICT image may lead to an
unexpected application termination or arbitrary code execution. This
update addresses the issue by performing additional validation of
PICT images. Credit to an anonymous researcher working with the
iDefense VCP for reporting this issue.

QuickTime
CVE-ID: CVE-2008-3626
Available for: Mac OS X v10.4.9 - v10.4.11,
Mac OS X v10.5 or later, Windows Vista, XP SP2 and SP3
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue exists in QuickTime's
handling of STSZ atoms in movie files. Viewing a maliciously crafted
movie file may lead to an unexpected application termination or
arbitrary code execution. This update addresses the issue through
improved bounds checking of STSZ atoms. Credit to an anonymous
researcher working with TippingPoint's Zero Day Initiative for
reporting this issue.

QuickTime
CVE-ID: CVE-2008-3627
Available for: Mac OS X v10.4.9 - v10.4.11,
Mac OS X v10.5 or later, Windows Vista, XP SP2 and SP3
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption exist in QuickTime's
handling of H.264 encoded movie files. Viewing a maliciously crafted
movie file may lead to an unexpected application termination or
arbitrary code execution. This update addresses the issue by
performing additional validation of H.264 encoded movie files. Credit
to an anonymous researcher and Subreption LLC working with
TippingPoint's Zero Day Initiative for reporting this issue.

QuickTime
CVE-ID: CVE-2008-3628
Available for: Windows Vista, XP SP2 and SP3
Impact: Opening a maliciously crafted PICT image may lead to an
unexpected application termination or arbitrary code execution
Description: An invalid pointer issue exists in QuickTime's handling
of PICT images. Opening a maliciously crafted PICT image may lead to
an unexpected application termination or arbitrary code execution.
This update addresses the issue by correctly saving and restoring a
global variable. This issue does not affect systems running Mac OS X.
Credit to David Wharton for reporting this issue.

QuickTime
CVE-ID: CVE-2008-3629
Available for: Mac OS X v10.4.9 - v10.4.11,
Mac OS X v10.5 or later, Windows Vista, XP SP2 and SP3
Impact: Opening a maliciously crafted PICT image may lead to an
unexpected application termination
Description: An out-of-bounds read issue exists in QuickTime's
handling of PICT images. Opening a maliciously crafted PICT image may
lead to an unexpected application termination. This update addresses
the issue by performing additional validation of PICT images. Credit
to Sergio 'shadown' Alvarez of n.runs AG for reporting this issue.

Posted by Leo at 20:40 | Permalink

TrackBack

TrackBack-Adresse für diesen Eintrag:
https://www.typepad.com/services/trackback/6a00d83451c7b569e200e555125bb18834

Listed below are links to weblogs that reference QuickTime 7.5.5 und iTunes 8 stehen bereit [Update: Front Row 2.1.6]: