site_archiver@lists.apple.com Delivered-To: security-announce@lists.apple.com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2005-07-12 Darwin Streaming Server 5.5.1 The open source Darwin Streaming Server project has been updated to provide the following security enhancement: Darwin Streaming Server 5.5.1 Available for: Microsoft Windows 2000/2003 Server CVE-ID: CAN-2005-2195 Impact: Remote attackers can hang the Web Admin application in Darwin Streaming Server for Windows 2000/2003 Server Description: Darwin Streaming Server is distributed with a web-based admin application that allows it to be configured through a web browser. Version 5.5 of the Windows 2000/2003 Server distribution of this package is vulnerable to a denial of service attack when handling certain web requests. Version 5.5.1 addresses the problem by adding extra checks before opening files. Other distributions of this package, including Mac OS X and Linux, are not vulnerable to the attack. Credit to Sowhat of ITS Security Team for reporting this issue. Information on Darwin Streaming Server is available at: http://developer.apple.com/darwin/projects/streaming/ This message is signed with Apple's Product Security PGP key, and details are available at: http://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: PGP 8.1 iQEVAwUBQtRdzoHaV5ucd/HdAQJyugf+PpXLWzzoaaRsepjk3S9TlLjrRYRW3PyS E0PnAUb69zeIS0DtKFAKMyvu2JHckvQUg0pbSQdCpcNihtrwFjq/DyphWWlOYeZ9 Und1Gw+TTDXNJ7OqEL2URj1lSGG2ZCFmy6SlXdiufERLTBsLQc7whoHM+AcscWCk Hj21ysMkyejkG+mMRN3cHiWngNdNvXigyH0pE8WARYRBxdIB6COo4C14CwO2ukso hOF0DsoLiArMYAFliWdDSwkvMpQggE9olhdLvYlba+gnobhXroT1dU88G/DQ+Hsk KmHgWerTYJ9B2uB3dC290LQUWuiInuAP448aW7odfgYEPkFcJAsccQ== =K8RY -----END PGP SIGNATURE----- _______________________________________________ Do not post admin requests to the list. They will be ignored. Security-announce mailing list (Security-announce@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/security-announce/site_archiver%40lis... This email sent to site_archiver@lists.apple.com