-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2003-12-19 Security Update 2003-12-19 for Jaguar Security Update 2003-12-19 for Jaguar is available for Mac OS X 10.2.8 and Mac OS X Server 10.2.8. It contains security enhancements for the following: AppleFileServer: Fixes CAN-2003-1007 to improve the handling of malformed requests. cd9660.util: Fixes CAN-2003-1006, a buffer overflow vulnerability in the filesystem utility cd9660.util. Credit to KF of Secure Network Operations for reporting this issue. Directory Services: Fixes CAN-2003-1009. The default settings are changed to prevent an inadvertent connection in the event of a malicious DHCP server on the computer's local subnet. Further information is provided in Apple's Knowledge Base article: http://docs.info.apple.com/article.html?artnum=32478 Credit to William A. Carrel for reporting this issue. fetchmail: Fixes CAN-2003-0792. Updates are provided to fetchmail that improve its stability when receiving malformed messages. fs_usage: Fixes CAN-2003-1010. The fs_usage tool has been improved to prevent a local privilege escalation vulnerability. This tool is used to collect system performance information and requires admin privileges to run. Credit to Dave G. of @stake for reporting this issue. rsync: Fixes CAN-2003-0962 by improving the security of the rsync server. System initialization: Fixes CAN-2003-1011. The system initialization process has been improved to restrict root access on a system that uses a USB keyboard. Note: The following fixes which appear in "Security Update 2003-12-19 for Panther" are not included in "Security Update 2003-12-19 for Jaguar" since the Jaguar versions of Mac OS X and Mac OS X Server are not vulnerable to these issues: - CAN-2003-1005: ASN.1 Decoding for PKI - CAN-2003-1008: Screen Saver text clippings ================================================ Security Update 2003-12-19 for Jaguar may be obtained from: * Software Update pane in System Preferences * Apple's Software Downloads web site: http://www.info.apple.com/kbnum/n120291 The download file is named: "SecurityUpd2003-12-19Jag.dmg" Its SHA-1 digest is: b0c5d1ef54020db7580798fddd7a1e132e653896 Information will also be posted to the Apple Product Security web site: http://www.apple.com/support/security/security_updates.html This message is signed with Apple's Product Security PGP key, and details are available at: http://www.apple.com/support/security/security_pgp.html -----BEGIN PGP SIGNATURE----- Version: PGP 8.0.2 iQEVAwUBP+RshHeI0z6bzFr0AQJJhAgAtSkJrSfWVR/AxPsJ1CXOpKNoZuOvdems 6elRfBkuSLK9ETauqKKvJcZa/Wf2D+Mzusz+BYpmDHKAXWIhqcjPjSFJjeHzri8/ /ienm69poqa7Miu+ow6KKsvVsniO8DeAjw7FkFnD8SmvKrkKvbvQVLh0WEHPPB9Y 5lepyEuzsaB8DWOl2DwuDN+0HWgGWrSPSV1hY/VX4HJQPD0ibqqkEcs6tf82kglN E3s/vFWNkDzkCt2awf3l7vtgV4EZV4Xnaylkzq5b0rLSc3q0gXfHjlB1Ujubx06w NrecGLBggzYvl9CPisDADXjt/gJhmi76OktRytg6QRDlEZf/OuPMkA== =kTh7 -----END PGP SIGNATURE----- _______________________________________________ security-announce mailing list | security-announce@lists.apple.com Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/security-announce Do not post admin requests to the list. They will be ignored.