[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

APPLE-SA-2007-03-08 AirPort Extreme Update 2007-002

Subject: APPLE-SA-2007-03-08 AirPort Extreme Update 2007-002
From: Apple Product Security <email@hidden>
Date: Thu, 8 Mar 2007 17:11:02 -0800
Delivered-to: email@hidden
Delivered-to: email@hidden

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2007-03-08 AirPort Extreme Update 2007-002

AirPort Extreme Update 2007-002 is now available.  It contains the
content of AirPort Extreme Update 2007-001 plus an additional
non-security fix for a compatibility issue when using certain
third-party access points configured to use WEP.  AirPort Extreme
Update 2007-001 contained a fix for the following security issue:

AirPort
CVE-ID:  CVE-2006-6292
Available for:  Mac OS X v10.4.8, Mac OS X Server v10.4.8
Impact:  Attackers on the wireless network may cause system
crashes
Description:  An out-of-bounds memory read may occur while
handling wireless frames. An attacker in local proximity may be
able to trigger a system crash by sending a maliciously-crafted
frame to an affected system. This issue affects the Core Duo
version of Mac mini, MacBook, and MacBook Pro computers equipped
with wireless. Other systems, including the Core 2 Duo versions
are not affected. This update addresses the issue by performing
additional validation of wireless frames. Credit to LMH for
reporting this issue.

Systems which installed AirPort Extreme Update 2007-001 are correctly
patched for CVE-2006-6292.  Installing AirPort Extreme Update
2007-002 is recommended to obtain the compatibility fix.  Affected
systems that have not yet applied AirPort Extreme Update 2007-001
should apply AirPort Extreme Update 2007-002.

AirPort Extreme Update 2007-002 may be obtained from the Software
Update pane in System Preferences, or Apple's Software Downloads web
site: http://www.apple.com/support/downloads/

The download file is named:  "AirPortExtremeUpdate2007002.dmg"
Its SHA-1 digest is:  ba20b5807dd99308ca2431c2e9a2b4e1b93bcbd1

Information will also be posted to the Apple Security Updates
web site:
http://docs.info.apple.com/article.html?artnum=61798

This message is signed with Apple's Product Security PGP key,
and details are available at:
http://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.3 (Build 2932)

iQEVAwUBRfCzl4mzP5/bU5rtAQibHQgAmPz1cdUTmzyYUlcIEipvyJDoveNBAxet
ku8rgN1kpBA2/YqcQYBZIDqMlr2aW2OBQOP+M6x18MgY0Cfyt9MNKQHph//2WWf8
fEnAdI7J04FsEhz3XnvdaudU9mJQTqTGxbH5ITZ9HaHuwSwNbbfsEdmaPzMEjTuW
gb15us+iDmjTt6G74ZtEbt8lTQe6qaTlncPbGx5vxpCnHSP/T73j7AzOn4Pg0mYl
6qnTXFI/NT2HCnzTdqkthyM40LhDsNoxQufWUi7eqq17kly5/o9owPSI0TTUaOHi
yRNjIct6ztKjMxb5Xywzp5sWh+r0i/xvFKp2223nYAIXjIQJvY6GKA==
=4/xe
-----END PGP SIGNATURE-----

_______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/security-announce/email@hidden

This email sent to email@hidden

Prev by Date: APPLE-SA-2007-03-05 QuickTime 7.1.5
Next by Date: APPLE-SA-2007-03-13 Mac OS X v10.4.9 and Security Update 2007-003
Previous by thread: APPLE-SA-2007-03-05 QuickTime 7.1.5
Next by thread: APPLE-SA-2007-03-13 Mac OS X v10.4.9 and Security Update 2007-003
Index(es):
- Date
- Thread

Home