[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

APPLE-SA-2005-07-12 Mac OS X v10.4.2

Subject: APPLE-SA-2005-07-12 Mac OS X v10.4.2
From: Apple Product Security <email@hidden>
Date: Tue, 12 Jul 2005 14:33:05 -0700
Delivered-to: email@hidden
Delivered-to: email@hidden

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2005-07-12 Mac OS X v10.4.2

Mac OS X v10.4.2 is now available and delivers the following security
enhancements:

Dashboard
CVE-ID: CAN-2005-1333
Available for: Mac OS X v10.4, Mac OS X Server v10.4
Impact: Users may install widgets that override Apple supplied
widgets
Description: Dashboard is distributed with Apple-supplied widgets,
and users have the ability to add new ones.  It is possible for a
user to install a new widget with the same internal identifier as an
Apple-supplied widget.  If this occurs, the newly-installed widget
will run in the place of the system widget.  It may not be clear to
users that they are running a widget that they installed as opposed
to the Apple-supplied one.  This update addresses the problem by
alerting users if they try to install widgets that would cause this
sort of conflict.  This issue does not affect previous releases of
Mac OS X.

TCP/IP
CVE-ID: CAN-2005-2194
Available for: Mac OS X v10.4, Mac OS X Server v10.4
Impact: A specifically crafted TCP/IP packet can cause a denial of
service
Description: A specifically crafted TCP/IP packet can cause the
kernel to panic due to a null pointer dereference and require a
reboot.  Multiple conditions are required to trigger this problem.
The common practice of filtering source-routed and loose
source-routed packets on network infrastructure, ingress routers and
firewalls can prevent systems from being affected.  This issue does
not affect previous releases of Mac OS X.  Credit to Julian Y. Koh
and colleagues of Northwestern University for reporting this issue.

Mac OS X v10.4.2 may be obtained from the Software Update pane in
System Preferences, or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/

For Mac OS X v10.4.1
The download file is named:  "MacOSXUpdate10.4.2.dmg"
Its SHA-1 digest is:  5a11375c29f1f656061189b9467cf9291153de46

For Mac OS X v10.4
The download file is named:  "MacOSXUpdateCombo10.4.2.dmg"
Its SHA-1 digest is:  5149def0b79f030bdb2763283c376e4d87d085e9

For Mac OS X Server v10.4.1
The download file is named:  "MacOSXServerUpdate10.4.2.dmg"
Its SHA-1 digest is:  c8fc07538b1ed558fc1daf221803c47ab6b1b56a

For Mac OS X Server v10.4
The download file is named:  "MacOSXSrvrUpdCombo10.4.2.dmg"
Its SHA-1 digest is:  4eaf9dedb18e21ac6282d5af8419a5ca7a562e5e

Information will also be posted to the Apple Product Security
web site:
http://docs.info.apple.com/article.html?artnum=61798

This message is signed with Apple's Product Security PGP key,
and details are available at:
http://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQEVAwUBQtQ1ZYHaV5ucd/HdAQLOfAgAhE0YDld/7Ku/pHkNiHe7WWUJ8L5vdy7m
Af17RLbA44s3Ei75OsyobPYadItRCv9DUla6VWMo65r5qCjk0AYL5c3kB+q+nd5O
VYONW6tFxwgu18e5ectbzR3yYZKnkyY7OMIt1XAq1u1hdujZ0m2/EoCpRX0cv43C
Tqdklhtbt18G8VbuCfP/niB6TtMh5x2yEDoAn3m4P9vh9dR2aNfIZFpsM8MXKiwM
IdM4exoPfrJdS78NQMmPHAqtacw/sEGoRB7Won47qVPQNKkRS7dSOc3aYIjOO/os
WjVKtRYKidKmFaHRybpuGmMb2WOTvHrjLggCuO90i06OatDKRh17IA==
=p0Xk
-----END PGP SIGNATURE-----

_______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/security-announce/email@hidden

This email sent to email@hidden

Next by Date: APPLE-SA-2005-07-12 Darwin Streaming Server 5.5.1
Next by thread: APPLE-SA-2005-07-12 Darwin Streaming Server 5.5.1
Index(es):
- Date
- Thread

Home