=====================================================================
                                   CERT-Renater

                        Note d'Information No. 2010/VULN484
_____________________________________________________________________

DATE                      : 23/11/2010

HARDWARE PLATFORM(S)      : Apple TV.

OPERATING SYSTEM(S)       : Apple TV versions prior to 4.1.

======================================================================
http://support.apple.com/kb/HT4457
______________________________________________________________________

APPLE-SA-2010-11-22-2 Apple TV 4.1

Apple TV 4.1 is now available and addresses the following:

Apple TV
CVE-ID:  CVE-2010-2805, CVE-2010-2806, CVE-2010-2807, CVE-2010-2808,
CVE-2010-3053, CVE-2010-3054
Available for:  Apple TV 4.0
Impact:  Multiple vulnerabilities in FreeType
Description:  Multiple vulnerabilities exist in FreeType, the most
serious of which may lead to arbitrary code execution when processing
a maliciously crafted font. These issues are addressed by updating
FreeType to version 2.4.2. Further information is available via the
FreeType site at http://www.freetype.org/

Apple TV
CVE-ID:  CVE-2010-2249, CVE-2010-1205
Available for:  Apple TV 4.0
Impact:  Multiple vulnerabilities in libpng
Description:  libpng is updated to version 1.4.3 to address multiple
vulnerabilities, the most serious of which may lead to arbitrary code
execution. Further information is available via the libpng website at
http://www.libpng.org/pub/png/libpng.html

Installation note:

Apple TV will periodically check for software updates. Alternatively,
you may manually check for software updates by selecting
"Settings -> General -> Update Software".

To check the current version of software, select
"Settings -> General -> About".

Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

======================================================================

          =========================================================
          Les serveurs de référence du CERT-Renater
          http://www.urec.fr/securite
          http://www.cru.fr/securite
          http://www.renater.fr
          =========================================================
          + CERT-RENATER          | tel : 01-53-94-20-44          +
          + 23 - 25 Rue Daviel    | fax : 01-53-94-20-41          +
          + 75013 Paris           | email: certsvp@renater.fr     +
          =========================================================