-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Security Update - April 2002 is now available and includes the following security enhancements for your system: Apache - updated to version 1.3.23 in order to incorporate the mod_ssl security fix Apache Mod_SSL - updated to version 2.8.7-1.3.23 to address a buffer overflow vulnerability which could potentially be used to run arbitrary code. groff -- updated to version 1.17.2 to address the vulnerability CVE ID: CAN-2002-0003, where an attacker could gain rights as the 'lp' user remotely. mail_cmds - updated to fix a vulnerability where users could be added to the mail group OpenSSH - updated to version 3.1p1 to address the vulnerability reported in FreeBSD Security Advisory FreeBSD-SA-02:13, where an attacker could influence the contents of the memory. PHP - updated to version 4.1.2 to address the vulnerability reported in CERT CA-2002-05, which could allow an intruder to execute arbitrary code with the privileges of the web server. rsync - updated to version 2.5.2 to address a vulnerability which could lead to corruption of the stack and possibly to execution of arbitrary code as the root user, as reported in FreeBSD Security Advisory FreeBSD-SA-02:10 sudo - updated to version 1.6.5p2 to address the vulnerability reported in FreeBSD Security Advisory FreeBSD-SA-02:06, where a local user may obtain superuser privileges. How to obtain the update - ------------------------ Security Update - April 2002 may be obtained either via: - the Software Update pane in System Preferences or - Apple's Software Downloads web page: http://www.info.apple.com/support/downloads.html Security web site - ----------------- Further details are available via the Apple Product Security web site at: http://www.apple.com/support/security/security_updates.html This message is signed with Apple's Product Security PGP key, and details are available at: http://www.apple.com/support/security/security_pgp.html -----BEGIN PGP SIGNATURE----- Version: PGP 7.0.3 iQA/AwUBPK3TRQ57Cn4JaxpHEQI7+QCfbrNad+DjiQa0CLC1vgF2h7vOsZwAn0ti PYOYzXYHgkV8NUEYIrHnlGbP =sgh+ -----END PGP SIGNATURE----- _______________________________________________ security-announce mailing list | security-announce@lists.apple.com Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/security-announce Do not post admin requests to the list. They will be ignored. We've received several request to have the Security Update message re-sent since the PGP signature was bad due to line breaks and the mail system.