APPLE-SA-2006-08-17 Xsan Filesystem 1.4

• Subject: APPLE-SA-2006-08-17 Xsan Filesystem 1.4
• From: Apple Product Security <email@hidden>
• Date: Thu, 17 Aug 2006 13:59:11 -0700
• Delivered-to: email@hidden
• Delivered-to: email@hidden

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2006-08-17 Xsan Filesystem 1.4

Xsan Filesystem 1.4 is now available.  Along with functionality
improvements (see release notes), it also fixes the following
security issue:

CVE-ID:  CVE-2006-3506
Available for:  Mac OS X v10.4.7, Mac OS X Server v10.4.7
Impact:  Malicious users may be able to cause systems using Xsan
to crash or execute arbitrary code
Description:  A buffer overflow may occur in the Xsan Filesystem
driver when processing a path name. A malicious user with write
access to an Xsan volume may be able to trigger the overflow on
systems directly attached to Xsan. This could lead to a system
crash or arbitrary code execution with system privileges. This
update addresses the issue by performing additional validation
of path names. Credit to Andrew Wellington of The Australian
National University for reporting this issue.

Xsan Filesystem 1.4 may be obtained from:
http://www.apple.com/support/downloads/

The download file is named:  "XsanFilesystemUpdate1.4.dmg"
Its SHA-1 digest is:  504c111b9b8a350363bf1c13910d499faff0b9f8

Information will also be posted to the Apple Product Security
web site:  http://docs.info.apple.com/article.html?artnum=61798

This message is signed with Apple's Product Security PGP key,
and details are available at:
http://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.3 (Build 2932)

iQEVAwUBROTX74mzP5/bU5rtAQh6ZAgA2HlHIO8dGKi0OGlRACp0umPSBdUR1UZm
2zX19BeSkY3ZKiStkYzZvtm2KCcsu6jhidekfnSIjrBdj39oUXgrL8DIjuI2skWV
3onc0p6VDuEAKAlGWxayi3aOTWGniU9wCvX1Tv0nQPH6oCqMVWQPrKTkZIRo2Yew
MiY02WAyyKlnnsar89Fpy6kE4I47U5rA/kWkjGa/exxIEmVohoLdlhR9i35o322Z
X7WDjxRPMFSVk1uSjYnoyTBOET5VqL0D/7TMMbpa4lXTDzqyOsvZoXZbU99+ECZQ
tomsBdfMnl9ca7ybHjfXHKLNWFucuQkBEr/oLf+xVjfowd88O0dg9w==
=P4Ho
-----END PGP SIGNATURE-----

_______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden



Prev by Date:
APPLE-SA-2006-08-09 Security Update 2006-004 for Mac Pro

Previous by thread:
APPLE-SA-2006-08-09 Security Update 2006-004 for Mac Pro

Index(es):

Date
Thread













  

   
Home
   
Archives
   
Terms/Conditions
   
Contact
   
RSS
   
Lists
   
About
 






Visit the Apple Store online or at retail locations.

1-800-MY-APPLE
Contact Apple | Terms of Use | Privacy Policy
Copyright © 2011 Apple Inc. All rights reserved.