-----BEGIN PGP SIGNED MESSAGE----- CVE IDs: CAN-2002-1219, CAN-2002-1220, CAN-2002-1221, CAN-2002-0029 Further information is available at: http://www.cert.org/advisories/CA-2002-31.html http://www.kb.cert.org/vuls/id/457875 Affected systems: Systems that have enabled BIND and are using BIND versions 8.1, 8.2 to 8.2.6, and 8.3.0 to 8.3.3. System requirements: Mac OS X 10.2.2 Security Update 2002-11-21 may be obtained from: * Software Update pane in System Preferences (for 10.2.2 or later) * Apple's Software Downloads web site: http://www.info.apple.com/kbnum/n120169 To help verify the integrity of Security Update 2002-11-21 from the Software Downloads web site, the download file is titled: SecurityUpd2002-11-21.dmg Its SHA-1 digest is: 9137fc5c1b8922475939ec93ab638494ff6e69be Information will also be posted to the Apple Support website: http://docs.info.apple.com/article.html?artnum=61798 This message is signed with Apple's Product Security PGP key, and details are available at: http://www.apple.com/support/security/security_pgp.html -----BEGIN PGP SIGNATURE----- Version: PGP 7.0.3 iQEVAwUBPd62ayFlYNdE6F9oAQH3DQf+PJNRB5NlLZim8i7hr0ef/obrjGrQ/PNL mpQ0bdgB7huFpUYw52YJcjIIFeI6XSgyP/QEEFfApy98y5CuEDXnC+raMniokD6D L4A25nhRByyxOC5lziKjQKLDWIEktQGXSHYr9cq7oIuo66gAxdQbZrT/brubu9sI p/4g7sO1CuD5P/31RZUdHizG5lbN8dRGNgeh59FYQhpdYMbflrSolFL0FyxVc6aQ UwYbdnlt+wPiDqqWGL+YKv7GXV/XBk29mty6sLHqExx2bL8CH8ttUpZcFa8H+8VM yBXHJ0pnsCPrX+Q32o93ibm3HASXG+JcOrIC1kzvqlldSUvni1w6Kw== =/AHs -----END PGP SIGNATURE----- _______________________________________________ security-announce mailing list | security-announce@lists.apple.com Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/security-announce Do not post admin requests to the list. They will be ignored. Security Update 2002-11-21 is now available. It contains BIND version 8.3.4 to address multiple potential vulnerabilities. Description: Several of these vulnerabilities may allow remote attackers to execute arbitrary code with elevated privileges. The other vulnerabilities could allow remote attackers to disrupt the normal operation of DNS name service running on servers. Mitigating Factors: BIND is not enabled by default on Mac OS X or Mac OS X Server If BIND is enabled on Mac OS X systems prior to 10.2.2, the recommendation is to either upgrade to Mac OS X 10.2 Jaguar then apply this Security Update, or to update BIND to version 8.3.4 from the ISC site at: http://www.isc.org/products/BIND/bind8.html