site_archiver@lists.apple.com Delivered-To: security-announce@lists.apple.com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2007-03-08 AirPort Extreme Update 2007-002 AirPort Extreme Update 2007-002 is now available. It contains the content of AirPort Extreme Update 2007-001 plus an additional non-security fix for a compatibility issue when using certain third-party access points configured to use WEP. AirPort Extreme Update 2007-001 contained a fix for the following security issue: AirPort CVE-ID: CVE-2006-6292 Available for: Mac OS X v10.4.8, Mac OS X Server v10.4.8 Impact: Attackers on the wireless network may cause system crashes Description: An out-of-bounds memory read may occur while handling wireless frames. An attacker in local proximity may be able to trigger a system crash by sending a maliciously-crafted frame to an affected system. This issue affects the Core Duo version of Mac mini, MacBook, and MacBook Pro computers equipped with wireless. Other systems, including the Core 2 Duo versions are not affected. This update addresses the issue by performing additional validation of wireless frames. Credit to LMH for reporting this issue. Systems which installed AirPort Extreme Update 2007-001 are correctly patched for CVE-2006-6292. Installing AirPort Extreme Update 2007-002 is recommended to obtain the compatibility fix. Affected systems that have not yet applied AirPort Extreme Update 2007-001 should apply AirPort Extreme Update 2007-002. AirPort Extreme Update 2007-002 may be obtained from the Software Update pane in System Preferences, or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ The download file is named: "AirPortExtremeUpdate2007002.dmg" Its SHA-1 digest is: ba20b5807dd99308ca2431c2e9a2b4e1b93bcbd1 Information will also be posted to the Apple Security Updates web site: http://docs.info.apple.com/article.html?artnum=61798 This message is signed with Apple's Product Security PGP key, and details are available at: http://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.3 (Build 2932) iQEVAwUBRfCzl4mzP5/bU5rtAQibHQgAmPz1cdUTmzyYUlcIEipvyJDoveNBAxet ku8rgN1kpBA2/YqcQYBZIDqMlr2aW2OBQOP+M6x18MgY0Cfyt9MNKQHph//2WWf8 fEnAdI7J04FsEhz3XnvdaudU9mJQTqTGxbH5ITZ9HaHuwSwNbbfsEdmaPzMEjTuW gb15us+iDmjTt6G74ZtEbt8lTQe6qaTlncPbGx5vxpCnHSP/T73j7AzOn4Pg0mYl 6qnTXFI/NT2HCnzTdqkthyM40LhDsNoxQufWUi7eqq17kly5/o9owPSI0TTUaOHi yRNjIct6ztKjMxb5Xywzp5sWh+r0i/xvFKp2223nYAIXjIQJvY6GKA== =4/xe -----END PGP SIGNATURE----- _______________________________________________ Do not post admin requests to the list. They will be ignored. Security-announce mailing list (Security-announce@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/security-announce/site_archiver%40lis... This email sent to site_archiver@lists.apple.com