site_archiver@lists.apple.com Delivered-To: security-announce@lists.apple.com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2005-07-12 Mac OS X v10.4.2 Mac OS X v10.4.2 is now available and delivers the following security enhancements: Dashboard CVE-ID: CAN-2005-1333 Available for: Mac OS X v10.4, Mac OS X Server v10.4 Impact: Users may install widgets that override Apple supplied widgets Description: Dashboard is distributed with Apple-supplied widgets, and users have the ability to add new ones. It is possible for a user to install a new widget with the same internal identifier as an Apple-supplied widget. If this occurs, the newly-installed widget will run in the place of the system widget. It may not be clear to users that they are running a widget that they installed as opposed to the Apple-supplied one. This update addresses the problem by alerting users if they try to install widgets that would cause this sort of conflict. This issue does not affect previous releases of Mac OS X. TCP/IP CVE-ID: CAN-2005-2194 Available for: Mac OS X v10.4, Mac OS X Server v10.4 Impact: A specifically crafted TCP/IP packet can cause a denial of service Description: A specifically crafted TCP/IP packet can cause the kernel to panic due to a null pointer dereference and require a reboot. Multiple conditions are required to trigger this problem. The common practice of filtering source-routed and loose source-routed packets on network infrastructure, ingress routers and firewalls can prevent systems from being affected. This issue does not affect previous releases of Mac OS X. Credit to Julian Y. Koh and colleagues of Northwestern University for reporting this issue. Mac OS X v10.4.2 may be obtained from the Software Update pane in System Preferences, or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ For Mac OS X v10.4.1 The download file is named: "MacOSXUpdate10.4.2.dmg" Its SHA-1 digest is: 5a11375c29f1f656061189b9467cf9291153de46 For Mac OS X v10.4 The download file is named: "MacOSXUpdateCombo10.4.2.dmg" Its SHA-1 digest is: 5149def0b79f030bdb2763283c376e4d87d085e9 For Mac OS X Server v10.4.1 The download file is named: "MacOSXServerUpdate10.4.2.dmg" Its SHA-1 digest is: c8fc07538b1ed558fc1daf221803c47ab6b1b56a For Mac OS X Server v10.4 The download file is named: "MacOSXSrvrUpdCombo10.4.2.dmg" Its SHA-1 digest is: 4eaf9dedb18e21ac6282d5af8419a5ca7a562e5e Information will also be posted to the Apple Product Security web site: http://docs.info.apple.com/article.html?artnum=61798 This message is signed with Apple's Product Security PGP key, and details are available at: http://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: PGP 8.1 iQEVAwUBQtQ1ZYHaV5ucd/HdAQLOfAgAhE0YDld/7Ku/pHkNiHe7WWUJ8L5vdy7m Af17RLbA44s3Ei75OsyobPYadItRCv9DUla6VWMo65r5qCjk0AYL5c3kB+q+nd5O VYONW6tFxwgu18e5ectbzR3yYZKnkyY7OMIt1XAq1u1hdujZ0m2/EoCpRX0cv43C Tqdklhtbt18G8VbuCfP/niB6TtMh5x2yEDoAn3m4P9vh9dR2aNfIZFpsM8MXKiwM IdM4exoPfrJdS78NQMmPHAqtacw/sEGoRB7Won47qVPQNKkRS7dSOc3aYIjOO/os WjVKtRYKidKmFaHRybpuGmMb2WOTvHrjLggCuO90i06OatDKRh17IA== =p0Xk -----END PGP SIGNATURE----- _______________________________________________ Do not post admin requests to the list. They will be ignored. Security-announce mailing list (Security-announce@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/security-announce/site_archiver%40lis... This email sent to site_archiver@lists.apple.com