site_archiver@lists.apple.com Delivered-To: security-announce@lists.apple.com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2005-05-19 Mac OS X v10.4.1 Mac OS X v10.4.1 is now available and delivers the following security enhancements: Bluetooth Available for: Mac OS X v10.4, Mac OS X Server v10.4 CVE-ID: CAN-2005-1333 Impact: Directory traversal via Bluetooth file and object exchange Description: Due to insufficient input checking, the Bluetooth file and object exchange services could be used to access files outside of the default file exchange directory. This update addresses the issue by adding enhanced filtering for path-delimiting characters. Credit to kf_lists[at]digitalmunition[dot]com for reporting this issue. Dashboard CVE-ID: CAN-2005-1474 Available for: Mac OS X v10.4, Mac OS X Server v10.4 Impact: Malicious websites can download and install widgets via Safari without the Safe Download Validation warning Description: This update blocks the automatic installation of Dashboard widgets. Mac OS X's Safe Download Validation warning is enabled, requiring user approval before a Dashboard widget is installed by Safari. This issue does not affect Mac OS X versions prior to 10.4. Further information on removing Dashboard widgets that you have installed is available from this article: http://docs.info.apple.com/article.html?artnum=301629 Kernel CVE-ID: CAN-2005-1472 Available for: Mac OS X v10.4, Mac OS X Server v10.4 Impact: Users can discover the names of files placed in normally unsearchable places Description: Two system calls designed to allow efficient searching of filesystem objects incorrectly checked the permissions on enclosing directories and would reveal the names of files. The incorrect checking only occurred for directories without the POSIX read, but with the POSIX execute bits set for group and other. In practice this issue only affects files stored in users ~/Public/Drop Box. This update addresses the issue by correctly honoring the POSIX permission bits on directories. Credit to John M. Glenn of San Francisco for reporting this issue. Kernel CVE ID: CAN-2005-0974 CERT: VU#713614 Available for: Mac OS X v10.4, Mac OS X Server v10.4 Impact: Local system users can cause a local denial of service Description: A vulnerability in the nfs_mount() call due to insufficient checks on input values could allow unprivileged local users to create a denial of service via a kernel panic. SecurityAgent CVE-ID: CAN-2005-1473 Available for: Mac OS X v10.4, Mac OS X Server v10.4 Impact: Users with physical access to a system with a locked screensaver can start background applications Description: A contextual menu feature in Mac OS X 10.4 allows URLs to be opened from a text input field. This could be used to launch an application behind a locked screensaver window. This update addresses the issue by removing the contextual menu from screensaver text input fields. Mac OS X v10.4.1 may be obtained from the Software Update pane in System Preferences, or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ For Mac OS X v10.4 The download file is named: "MacOSXUpdate10.4.1.dmg" Its SHA-1 digest is: 7f4e0af21fff6cb80d271ccd9278637c660b51ad For Mac OS X Server v10.4 The download file is named: "MacOSXSvrUpdate10.4.1.dmg" Its SHA-1 digest is: bf311da7dd3cc3f039ed9188412f8eaa994a4650 Information will also be posted to the Apple Product Security web site: http://docs.info.apple.com/article.html?artnum=61798 This message is signed with Apple's Product Security PGP key, and details are available at: http://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: PGP 8.1 iQEVAwUBQo0amoHaV5ucd/HdAQLHMAgAjRkX8+OfCJ/qeXzJ+XixNa5c2rYktzCM etI9mBjEU3plouTkA7zP49F9+BSYaYilRZDFLwGrkGNBMrB9evcYUCAQuVQiFFV2 n+aRAgYGgTXv2IGbxf6//DTAeipzOT9WwzmzILXeNM69uRj8TMHl2v7ooDmIDSSK ke28UlZ9RpGPwUDwJ8clkJQZPvsIWllnsdZM2nQfR6PqVs3r8QLIMrcTcTAVMrr0 jUknS3CAUeiWNBnURDslDp5L+tQs9CCYTAhiS+nGIcfhha5dda+J/La7RB1wlNep PatMFO+E7v4/zlV7ALuPrYvT16I78QypdZScahy/4fXTrMKg1DZOWQ== =Dvj/ -----END PGP SIGNATURE----- _______________________________________________ Do not post admin requests to the list. They will be ignored. Security-announce mailing list (Security-announce@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/security-announce/site_archiver%40lis... This email sent to site_archiver@lists.apple.com