-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.3157
                      APPLE-SA-2021-09-20-4 Xcode 13
                             21 September 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Xcode
Publisher:         Apple
Operating System:  Mac OS
Impact/Access:     Denial of Service        -- Remote/Unauthenticated
                   Access Confidential Data -- Remote/Unauthenticated
                   Reduced Security         -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2019-20372 CVE-2018-16845 CVE-2018-16844
                   CVE-2018-16843 CVE-2017-7529 CVE-2016-0747
                   CVE-2016-0746 CVE-2016-0742 

Reference:         ESB-2021.0845
                   ESB-2020.4433
                   ESB-2020.2285
                   ESB-2020.1701

Original Bulletin: 
   https://support.apple.com/HT212818

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2021-09-20-4 Xcode 13

Xcode 13 addresses the following issues. Information about the
security content is also available at
https://support.apple.com/HT212818.

IDE Xcode Server
Available for: macOS Big Sur 11.3 and later
Impact: Multiple issues in nginx
Description: Multiple issues were addressed by updating nginx to
version 1.21.0.
CVE-2016-0742
CVE-2016-0746
CVE-2016-0747
CVE-2017-7529
CVE-2018-16843
CVE-2018-16844
CVE-2018-16845
CVE-2019-20372

Installation note:

Xcode 13 may be obtained from:

https://developer.apple.com/xcode/downloads/

To check that the Xcode has been updated:

* Select Xcode in the menu bar
* Select About Xcode
* The version after applying this update will be "Xcode 13".

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

- -----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmFI880ACgkQeC9qKD1p
rhi5rxAAqgkRqhCrjfyYk3/mXQHkhqnIFVq0TH8wZgKheA2SrEeOHJJrtGTJkfeq
u8oIhXNfKdp7Og62PfAkN4NFVvrZHsg2r5b0a6sJzZvHLYkXEw78zVaHEjLI+lyt
+cO2D24ZhPXigJWe+v8eRwhmIajJ75n17adcyHgzMB8Q+bEHlVugK5fETZFXrkFA
PsBDBE5bOJf1fVjr59i+SWV5xG/nKJIl9J0mV/1pQDbPhpWhhMIgTckn1RExH2xZ
NArhNeSYkEQ2xDI8ZLb9v17+VMTeOQj3+1QPhjDzRizepL8sWLRD9Zxd74QohovY
KDOvAgmt3hbD8XF3ZsQKtcJnIIIL+wCC9RWRtLt8V5kkAwdmSLiCbd3kej6CrXSK
333jEmnQIEO3wm7yYTZflOKXyrT74wPxCKtxV/FnWr/rL+gqSJgej0mnxcnuL875
p1nhbXFUOjJJsPhA38BNjFrxRG8ajGguhqVWEbrkoU4X+Zvj6IQpDPMsXvAq6GxW
a/+oWGWtFQQ3MZN5++4QI14TPp8TK/RJQ64eg6hfICQ/OQnhhBHasWwaII7IH4OY
LRVpruY42boHJoqR+mvouByjPQ61ybYdgoasuhnMvp5RhovXyor1tXQ0yqy9yz7a
/YZ2sUStCuSNLK3MXBhGSXwGtLS02yDwBckTl9CmHvDU+T0YHrA=
=4uM6
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYUlDaONLKJtyKPYoAQgIjg/+PpLnobFfxB9EdFjo11jP+zzHjnmLcq3p
bbywnodnP8KFGVVnwPVMprCOKbdaCqZbZl4qGJx+t9Y0+OJKGMSVMm6vRUulPx8x
6iSzKyJlLPRq8jfNOGGRdi6DfS4gRB6Um097WJFCdKU9NqqjEf4+aJ6WBvY9qvhl
r0inNGFAbjOtokw01mJqoJ59fhGCJTnQsBbvt8X0XSmQ1cfw5Q/W3rvnSJkbgEQy
7EolcW1T2JioHz0ZdKqk55wX1u9mXwzxLz3VwoLAxuwXqvM8Bp88rPXwuQc1+ijr
LtS2YHmZI6M6JvRr8oNBPC8NFiu9jy+xKombf23OjyCehK67QJEbBrXmbJca9wEy
zqz1Dv1Ly1UznUjqCu+8iCib2Q4ME3xZlHUcJvISIHKErb9Eu//BkAzDhtohpMH9
vpnXneCwftEN1/fAmuDZCj8aATztWvo8woM+cXCp3bKpH2uPLMtNluXfSaaDP9vT
WssNLIe332/BOgkFvx1niQKphk1jycur0Rb8a35t1QwS69YDHCJFPJrapCy/S/+1
AfyBkD1vdrg2qe5WGDh3YVV3Y8cw/q/TPYddk1IODb/yMy0fzcgV8qjlx5H0KFTB
ZoDXWT7HzT96yt59HVsnu4gDiXTm7LHpS5TCdQJZl6o4dF7FeFxaGoEVtnS7tykd
O1fj56z7ndE=
=LcY3
-----END PGP SIGNATURE-----