安全研究

安全漏洞
Safari 3.2.3版本修复多个安全漏洞

发布日期:2009-05-12
更新日期:2009-05-14

受影响系统:
Apple Safari < 3.2.3
Apple Safari 4 Beta
不受影响系统:
Apple Safari 3.2.3
描述:
BUGTRAQ  ID: 34924,34925
CVE(CAN) ID: CVE-2009-0945,CVE-2009-0162

Safari是苹果操作系统中所默认捆绑的WEB浏览器。

Safari中WebKit处理SVGList对象时存在内存破坏漏洞,访问恶意网站就会导致执行任意代码。

Safari处理feed: URL中存在多个输入验证错误,访问恶意的feed: URL就会导致执行任意JavaScript。

<*来源:Nils
        Billy Rios
  
  链接:http://secunia.com/advisories/35056/
        http://support.apple.com/kb/HT3550
        http://support.apple.com/kb/HT3551
        http://www.debian.org/security/2009/dsa-1950
*>

建议:
厂商补丁:

Apple
-----
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

http://www.apple.com/safari/download/

Debian
------
Debian已经为此发布了一个安全公告(DSA-1950-1)以及相应补丁:
DSA-1950-1:New webkit packages fix several vulnerabilities
链接:http://www.debian.org/security/2009/dsa-1950

补丁下载:
Source archives:

http://security.debian.org/pool/updates/main/w/webkit/webkit_1.0.1.orig.tar.gz
Size/MD5 checksum: 13418752 4de68a5773998bea14e8939aa341c466

http://security.debian.org/pool/updates/main/w/webkit/webkit_1.0.1-4+lenny2.diff.gz
Size/MD5 checksum:    35369 506c8f2fef73a9fc856264f11a3ad27e
http://security.debian.org/pool/updates/main/w/webkit/webkit_1.0.1-4+lenny2.dsc
Size/MD5 checksum:     1447 b5f01d6428f01d79bfe18338064452ab

Architecture independent packages:


http://security.debian.org/pool/updates/main/w/webkit/libwebkit-dev_1.0.1-4+lenny2_all.deb
Size/MD5 checksum:    35164 df682bbcd13389c2f50002c2aaf7347b

alpha architecture (DEC Alpha)


http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_alpha.deb
Size/MD5 checksum: 65193740 fc8b613c9c41ef0f0d3856e7ee3deeae

http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_alpha.deb
Size/MD5 checksum:  4254938 252b95b962bda11c000f9c0543673c1b

amd64 architecture (AMD x86_64 (AMD64))


http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_amd64.deb
Size/MD5 checksum:  3502994 4a96cad1e302e7303d41d6f866215da4

http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_amd64.deb
Size/MD5 checksum: 62518476 d723a8c76b373026752b6f68e5fc4950

arm architecture (ARM)


http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_arm.deb
Size/MD5 checksum:  2721324 1fac2f59ffa9e3d7b8697aae262f09e4

http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_arm.deb
Size/MD5 checksum: 61478724 260faea7d5ba766268faad888b3e61ff

armel architecture (ARM EABI)


http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_armel.deb
Size/MD5 checksum:  2770654 5b88754e9804d9290537afdf6127643a

http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_armel.deb
Size/MD5 checksum: 59892062 99c8f13257a054f42686ab9c6329d490

hppa architecture (HP PA RISC)


http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_hppa.deb
Size/MD5 checksum:  3869020 c61be734b6511788e8cc235a5d672eab

http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_hppa.deb
Size/MD5 checksum: 63935342 f1db2bd7b5c22e257c74100798017f30

i386 architecture (Intel ia32)


http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_i386.deb
Size/MD5 checksum: 62161744 f89fc6ac6d1110cabe47dd9184c9a9ca

http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_i386.deb
Size/MD5 checksum:  3016584 b854f5294527adac80e9776efed37cd7

ia64 architecture (Intel ia64)


http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_ia64.deb
Size/MD5 checksum:  5547624 2bd2100a345089282117317a9ab2e7d1

http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_ia64.deb
Size/MD5 checksum: 62685224 5eaff5d431cf4a85beeaa0b66c91958c

mips architecture (MIPS (Big Endian))


http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_mips.deb
Size/MD5 checksum:  3109134 a680a8f105a19bf1b21a5034c14c4822

http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_mips.deb
Size/MD5 checksum: 64547832 dd440891a1861262bc92deb0a1ead013

mipsel architecture (MIPS (Little Endian))


http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_mipsel.deb
Size/MD5 checksum:  2992848 952d643be475c35e253a8757075cd41b

http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_mipsel.deb
Size/MD5 checksum: 62135970 7cd635047e3f9bd000ff4547a47eaaec

s390 architecture (IBM S/390)


http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_s390.deb
Size/MD5 checksum:  3456914 6fc856a50b3f899c36381ed8d51af44e

http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_s390.deb
Size/MD5 checksum: 64385860 98ded86952a2c6714ceba76a4a98c35b

sparc architecture (Sun SPARC/UltraSPARC)


http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_sparc.deb
Size/MD5 checksum: 63621854 f0dd17453bc09fdc05c119faf2212d70

http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_sparc.deb
Size/MD5 checksum:  3499170 3f2084d6416459ce1416bd6f6f2845e3

补丁安装方法:

1. 手工安装补丁包:

  首先,使用下面的命令来下载补丁软件:
  # wget url  (url是补丁下载链接地址)

  然后,使用下面的命令来安装补丁:  
  # dpkg -i file.deb (file是相应的补丁名)

2. 使用apt-get自动安装补丁包:

   首先,使用下面的命令更新内部数据库:
   # apt-get update
  
   然后,使用下面的命令安装更新软件包:
   # apt-get upgrade

浏览次数:3097
严重程度:0(网友投票)
本安全漏洞由绿盟科技翻译整理,版权所有,未经许可,不得转载
绿盟科技给您安全的保障
关于我们
公司介绍
公司荣誉
公司新闻
联系我们
公司总部
分支机构
海外机构
快速链接
绿盟云
绿盟威胁情报中心NTI
技术博客