|[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2006-08-17 Xsan Filesystem 1.4
Xsan Filesystem 1.4 is now available. Along with functionality improvements (see release notes), it also fixes the following security issue:
CVE-ID: CVE-2006-3506 Available for: Mac OS X v10.4.7, Mac OS X Server v10.4.7 Impact: Malicious users may be able to cause systems using Xsan to crash or execute arbitrary code Description: A buffer overflow may occur in the Xsan Filesystem driver when processing a path name. A malicious user with write access to an Xsan volume may be able to trigger the overflow on systems directly attached to Xsan. This could lead to a system crash or arbitrary code execution with system privileges. This update addresses the issue by performing additional validation of path names. Credit to Andrew Wellington of The Australian National University for reporting this issue.
Xsan Filesystem 1.4 may be obtained from: http://www.apple.com/support/downloads/
The download file is named: "XsanFilesystemUpdate1.4.dmg" Its SHA-1 digest is: 504c111b9b8a350363bf1c13910d499faff0b9f8
Information will also be posted to the Apple Product Security web site: http://docs.info.apple.com/article.html?artnum=61798
This message is signed with Apple's Product Security PGP key, and details are available at: http://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.3 (Build 2932)
iQEVAwUBROTX74mzP5/bU5rtAQh6ZAgA2HlHIO8dGKi0OGlRACp0umPSBdUR1UZm 2zX19BeSkY3ZKiStkYzZvtm2KCcsu6jhidekfnSIjrBdj39oUXgrL8DIjuI2skWV 3onc0p6VDuEAKAlGWxayi3aOTWGniU9wCvX1Tv0nQPH6oCqMVWQPrKTkZIRo2Yew MiY02WAyyKlnnsar89Fpy6kE4I47U5rA/kWkjGa/exxIEmVohoLdlhR9i35o322Z X7WDjxRPMFSVk1uSjYnoyTBOET5VqL0D/7TMMbpa4lXTDzqyOsvZoXZbU99+ECZQ tomsBdfMnl9ca7ybHjfXHKLNWFucuQkBEr/oLf+xVjfowd88O0dg9w== =P4Ho -----END PGP SIGNATURE-----
_______________________________________________ Do not post admin requests to the list. They will be ignored. Security-announce mailing list (email@hidden) Help/Unsubscribe/Update your Subscription: This email sent to email@hidden
Visit the Apple Store online or at retail locations.
Copyright © 2011 Apple Inc. All rights reserved.