site_archiver@lists.apple.com Delivered-To: security-announce@lists.apple.com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2007-05-01 Security Update 2007-004 v1.1 Security Update 2007-004 v1.1 is now available. It includes the contents of Security Update 2007-004, plus the following fixes: AirPort Available for: Mac OS X v10.3.9 This update corrects an issue where the AirPort connection may be lost after waking from sleep. This issue only affects Mac OS X v10.3.9 (client) with Security Update 2007-004. FTPServer CVE-ID: CVE-2007-0745 Available for: Mac OS X Server v10.4.9 Impact: Users with ftp access may be able to navigate to directories outside the normal scope Description: Security Update 2007-004 applied an incorrect ftp configuration file for Mac OS X Server v10.4.9 systems. Users with ftp access, who would normally be restricted to certain directories, may be able to access directories outside the normal scope. This update addresses the issue by restoring the correct version of the ftp configuration file. This issue only affects Mac OS X Server v10.4.9 with Security Update 2007-004. Note: Mac OS X v10.4.9 (client) and Mac OS X Server v10.3.9 systems that have installed Security Update 2007-004 do not require Security Update 2007-004 v1.1. If the security update has not yet been installed on these systems, then they should be updated using Security Update 2007-004 v1.1. Since Mac OS X v10.4.9 (client) and Mac OS X Server v10.3.9 systems that have already installed Security Update 2007-004 are not affected, the Software Update utility will not display Security Update 2007-004 v1.1 for these systems. Security Update 2007-004 v1.1 may be obtained from the Software Update pane in System Preferences, or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ For Mac OS X v10.4.9 (PowerPC) and Mac OS X Server v10.4.9 (PowerPC) The download file is named: "SecUpd2007-004Ti.dmg" Its SHA-1 digest is: 60319316b3eba0de37f7ea747e59decfafe1ea81 For Mac OS X v10.4.9 (Universal) and Mac OS X Server v10.4.9 (Universal) The download file is named: "SecUpd2007-004Univ.dmg" Its SHA-1 digest is: fb6ec6a7d8729bd21d1431192ecb7665e9fd2b80 For Mac OS X v10.3.9 The download file is named: "SecUpd2007-004Pan.dmg" Its SHA-1 digest is: 39b9be13a82ea546f18ff4958cfd69b0d37947e8 Information will also be posted to the Apple Product Security web site: http://docs.info.apple.com/article.html?artnum=61798 This message is signed with Apple's Product Security PGP key, and details are available at: http://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQEVAwUBRjd3OImzP5/bU5rtAQiNoQgAuOdAF0Mf1S0TsVH7d4Fg6fgKq34HMQ3w Unmd1dGx1PxXahSRcDoCfhxFlE+Eh5VLgC3lgrWhQ2WW5wXPA8xFbP6YjFelfwOo ZDuykcEtDoTEPPUcrVVfh/cyGoYP7x7uGDzzvjH9qwFie6PtKjKcAf640aFBchfn A7UXkQEGm6mZwvZ14lGbVxWHZ09vjbM5otZv60vy8u6p6l3XjntjSrKSK2d7aWqF gHH/H8bxLbXhNL9kveXBsZTCK3TG3uJFJ90i+v63odTS6THHnl3mjm31Sx5DUF7g im7OTXT94mCfWDVK8YEcNf/NH3GQmVnE7+oXlHbQ+f86PWOgvaEQ9g== =hOXJ -----END PGP SIGNATURE----- _______________________________________________ Do not post admin requests to the list. They will be ignored. Security-announce mailing list (Security-announce@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/security-announce/site_archiver%40lis... This email sent to site_archiver@lists.apple.com