Mailing Lists: Apple Mailing Lists
Image of Mac OS face in stamp
APPLE-SA-2011-01-06-1 Mac OS X v10.6.6
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

APPLE-SA-2011-01-06-1 Mac OS X v10.6.6



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2011-01-06-1 Mac OS X v10.6.6

Mac OS X v10.6.6 is now available and addresses the following:

PackageKit
CVE-ID:  CVE-2010-4013
Available for:  Mac OS X v10.6 through v10.6.5,
Mac OS X Server v10.6 through v10.6.5
Impact:  A man-in-the-middle attacker may be able to cause an
unexpected application termination or arbitrary code execution
Description:  A format string issue exists in PackageKit's handling
of distribution scripts. A man-in-the-middle attacker may be able to
cause an unexpected application termination or arbitrary code
execution when Software Update checks for new updates. This issue is
addressed through improved validation of distribution scripts. This
issue does not affect systems prior to Mac OS X v10.6. Credit to
Aaron Sigel of vtty.com for reporting this issue.


Mac OS X Server v10.6.6 may be obtained from the Software Update
pane in System Preferences, or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/


For Mac OS X v10.6.5
The download file is named: MacOSXUpd10.6.6.dmg
Its SHA-1 digest is: 299d22132bebdab229be531e169d65a88f4736c9

For Mac OS X v10.6 - v10.6.4
The download file is named: MacOSXUpdCombo10.6.6.dmg
Its SHA-1 digest is: 868768cbc88db1895161f74030e98e8ce2303151

For Mac OS X Server v10.6.5
The download file is named: MacOSXServerUpd10.6.6.dmg
Its SHA-1 digest is: 2f202fcbe27fa54ddd2fb8aaa5b4aa9b055301e2

For Mac OS X Server v10.6 - v10.6.4
The download file is named: MacOSXServUpdCombo10.6.6.dmg
Its SHA-1 digest is: 3d051d91a8ffe4d25b95378eb7385e94a64fc71c


Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (Darwin)

iQEcBAEBAgAGBQJNJeeXAAoJEGnF2JsdZQeeV7UIAJTPFZz+mQMIdlrS7TlRpsdv
Hvz3O/9sj/czbpBs/EcAIk75vRNcGqI/NYCAbf+5VNHt8ALuJkXuRidIjIPvy8sV
Sq7tiNRySzD2kzjCvFXxqcWRewsfD1JWtPoV6HgL6PAHZF7KEQfCH54UI/Ka8h3U
XAoRRXWhKdDuBsO0W2mJFrZEwgihb3aetY1SHYX2yX9K1ccVy29vznAfWTKNeS3w
z4MBJV9OdufqpJEEe6sWC4zpZgiCBkDvNgxYujRoJYPujOajvb94HeBkl3hnSsLV
9X02Y/VQ0VRWPxtCCnIwbvXyv7A5AR/BeDX56fxNIyrJHNE65vIOjM+um5EmVPo=
=eHtZ
-----END PGP SIGNATURE-----
 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden



Visit the Apple Store online or at retail locations.
1-800-MY-APPLE

Contact Apple | Terms of Use | Privacy Policy

Copyright © 2011 Apple Inc. All rights reserved.