Mailing Lists: Apple Mailing Lists
Image of Mac OS face in stamp
APPLE-SA-2013-10-22-5 OS X Server 3.0
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

APPLE-SA-2013-10-22-5 OS X Server 3.0



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2013-10-22-5 OS X Server 3.0

OS X Server 3.0 is now available and addresses
the following:

Profile Manager
Available for:  OS X Mavericks v10.9 or later
Impact:  A remote attacker may be able to cause a denial of service
Description:  The JSON Ruby Gem permanently allocated memory when
parsing certain constructs in its input. An attacker could exploit
this to use all available memory leading to a denial of service. This
issue was addressed through additional validation of JSON data.
CVE-ID
CVE-2013-0269

Profile Manager
Available for:  OS X Mountain Lion v10.9 or later
Impact:  Multiple issues in Ruby on Rails
Description:  Multiple issues existed in Ruby on Rails, the most
serious of which may lead to cross site scripting. These issues were
addressed by updating the Rails implementation used by Profile
Manager to version 2.3.18.
CVE-ID
CVE-2013-1854
CVE-2013-1855
CVE-2013-1856
CVE-2013-1857

FreeRADIUS
Available for:  OS X Mavericks v10.9 or later
Impact:  A remote attacker may be able to cause a denial of service
or arbitrary code execution
Description:  A buffer overflow existed in FreeRADIUS when parsing
the 'not after' timestamp in a client certificate, when using TLS-
based EAP methods. This issue was addressed by updating FreeRADIUS to
version 2.2.0.
CVE-ID
CVE-2012-3547

Server App
Available for:  OS X Mavericks v10.9 or later
Impact:  Server may use a fallback certificate during authentication
Description:  A logic issue existed whereby the RADIUS service could
choose an incorrect certificate from the list of configured
certificates. The issue was addressed by using the same certificate
as other services.
CVE-ID
CVE-2013-5143 : Arek Dreyer of Dreyer Network Consultants, Inc.


OS X Server 3.0 may be obtained from Mac App Store.

Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQIcBAEBAgAGBQJSZvgDAAoJEPefwLHPlZEw5n0P/RSy2GvJ0DS4hV1UjjKw0pjQ
WQTTRm5mJDiCYOFiLVKULS2a8+LWtSb5stTV5bYr4U3N9STqwcH5So8ZAN+XOkIg
qPYebAYU37jtb/mjch6Eh7r1Wr1/EpJ5dp1mcqJLjRmjKi/YxLPm8HDGCWzMyjHY
WExYyCuHzgi8fsqpSFeqJaNvoiwoHk7KLRrUDGQNnj/tj2ZMZ8ik3qw8GpgwNAFK
q6P9iHTjfcreBUs3Z74XJRQciqZzSBL3Gwzk1g4mOIZ3gyauQStGPmU+nVAiKFRm
cMG4N8+33kml9cdZUvncGrzuvVLvA3sks0eQ9n6zvibiey+1Xrh0ZZaEaVPGfpWL
S7H7oBx7cNcmH945LnPKRzxEmlvDgNtlXAJvQyBM88dW3QS1Dy6H9yDFfzmra8Nl
DaHNTbD8x1RRdYgg+L7ca3AUbEqhTPmNgZWlgEPCDaVorSXElOndUKli6bQq0klg
uNglegmJ4VIlWSmRQOOKZi4v3qcYp9vb2Xf38JlsNBdbEFtXVJkeyixT33A2Lvlm
EC1wr/Rg5Rj4QkQDFw+zLJsFH27GwPV0i/GaNsgof243hONiC81oQI1WPd20u66A
Zn5XBZn6cO0zLL/vaMFuNaBJIxtW/YdcZPRurWele8kDZgPku9yqF/LI/oYowINu
Bk9+Uo1Yl/u27TRmTnDv
=w5wB
-----END PGP SIGNATURE-----

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden




Visit the Apple Store online or at retail locations.
1-800-MY-APPLE

Contact Apple | Terms of Use | Privacy Policy

Copyright © 2011 Apple Inc. All rights reserved.