
====================================================================

                                CERT-Renater

                    Note d'Information No. 2016/VULN209
_____________________________________________________________________

DATE                : 17/05/2016

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Safari versions prior to 9.1.1.

======================================================================
http://lists.apple.com/archives/security-announce/2016/May/msg00005.html
____________________________________________________________________

APPLE-SA-2016-05-16-5 Safari 9.1.1

Safari 9.1.1 is now available and addresses the following:

Safari
Available for:  OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
and OS X El Capitan v10.11.5
Impact:  A user may be unable to fully delete browsing history
Description:  "Clear History and Website Data" did not clear the
history. The issue was addressed through improved data deletion.
CVE-ID
CVE-2016-1849 : Adham Ghrayeb

WebKit
Available for:  OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
and OS X El Capitan v10.11.5
Impact:  Visiting a malicious website may disclose data from another
website
Description:  An insufficient taint tracking issue in the parsing of
svg images was addressed through improved taint tracking.
CVE-ID
CVE-2016-1858 : an anonymous researcher

WebKit
Available for:  OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
and OS X El Capitan v10.11.5
Impact:  Visiting a maliciously crafted website may lead to arbitrary
code execution
Description:  Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1854 : Anonymous working with Trend Micro's Zero Day
Initiative
CVE-2016-1855 : Tongbo Luo and Bo Qu of Palo Alto Networks
CVE-2016-1856 : lokihardt working with Trend Micro's Zero Day
Initiative
CVE-2016-1857 : Jeonghoon Shin@A.D.D, Liang Chen, Zhen Feng, wushi of
KeenLab, Tencent working with Trend Micro's Zero Day Initiative

WebKit Canvas
Available for:  OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
and OS X El Capitan v10.11.5
Impact:  Visiting a maliciously crafted website may lead to arbitrary
code execution
Description:  Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1859 : Liang Chen, wushi of KeenLab, Tencent working with
Trend Micro's Zero Day Initiative

Safari 9.1.1 may be obtained from the Mac App Store.

Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/


==========================================================
Serveur de référence du CERT-Renater
https://services.renater.fr/ssi/
==========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44           +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41           +
+ 75013 Paris           | email: cert@support.renater.fr +
==========================================================