site_archiver@lists.apple.com Delivered-To: security-announce@lists.apple.com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2006-08-17 Xsan Filesystem 1.4 Xsan Filesystem 1.4 is now available. Along with functionality improvements (see release notes), it also fixes the following security issue: CVE-ID: CVE-2006-3506 Available for: Mac OS X v10.4.7, Mac OS X Server v10.4.7 Impact: Malicious users may be able to cause systems using Xsan to crash or execute arbitrary code Description: A buffer overflow may occur in the Xsan Filesystem driver when processing a path name. A malicious user with write access to an Xsan volume may be able to trigger the overflow on systems directly attached to Xsan. This could lead to a system crash or arbitrary code execution with system privileges. This update addresses the issue by performing additional validation of path names. Credit to Andrew Wellington of The Australian National University for reporting this issue. Xsan Filesystem 1.4 may be obtained from: http://www.apple.com/support/downloads/ The download file is named: "XsanFilesystemUpdate1.4.dmg" Its SHA-1 digest is: 504c111b9b8a350363bf1c13910d499faff0b9f8 Information will also be posted to the Apple Product Security web site: http://docs.info.apple.com/article.html?artnum=61798 This message is signed with Apple's Product Security PGP key, and details are available at: http://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.3 (Build 2932) iQEVAwUBROTX74mzP5/bU5rtAQh6ZAgA2HlHIO8dGKi0OGlRACp0umPSBdUR1UZm 2zX19BeSkY3ZKiStkYzZvtm2KCcsu6jhidekfnSIjrBdj39oUXgrL8DIjuI2skWV 3onc0p6VDuEAKAlGWxayi3aOTWGniU9wCvX1Tv0nQPH6oCqMVWQPrKTkZIRo2Yew MiY02WAyyKlnnsar89Fpy6kE4I47U5rA/kWkjGa/exxIEmVohoLdlhR9i35o322Z X7WDjxRPMFSVk1uSjYnoyTBOET5VqL0D/7TMMbpa4lXTDzqyOsvZoXZbU99+ECZQ tomsBdfMnl9ca7ybHjfXHKLNWFucuQkBEr/oLf+xVjfowd88O0dg9w== =P4Ho -----END PGP SIGNATURE----- _______________________________________________ Do not post admin requests to the list. They will be ignored. Security-announce mailing list (Security-announce@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/security-announce/site_archiver%40lis... This email sent to site_archiver@lists.apple.com