site_archiver@lists.apple.com Delivered-To: security-announce@lists.apple.com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2011-01-06-1 Mac OS X v10.6.6 Mac OS X v10.6.6 is now available and addresses the following: PackageKit CVE-ID: CVE-2010-4013 Available for: Mac OS X v10.6 through v10.6.5, Mac OS X Server v10.6 through v10.6.5 Impact: A man-in-the-middle attacker may be able to cause an unexpected application termination or arbitrary code execution Description: A format string issue exists in PackageKit's handling of distribution scripts. A man-in-the-middle attacker may be able to cause an unexpected application termination or arbitrary code execution when Software Update checks for new updates. This issue is addressed through improved validation of distribution scripts. This issue does not affect systems prior to Mac OS X v10.6. Credit to Aaron Sigel of vtty.com for reporting this issue. Mac OS X Server v10.6.6 may be obtained from the Software Update pane in System Preferences, or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ For Mac OS X v10.6.5 The download file is named: MacOSXUpd10.6.6.dmg Its SHA-1 digest is: 299d22132bebdab229be531e169d65a88f4736c9 For Mac OS X v10.6 - v10.6.4 The download file is named: MacOSXUpdCombo10.6.6.dmg Its SHA-1 digest is: 868768cbc88db1895161f74030e98e8ce2303151 For Mac OS X Server v10.6.5 The download file is named: MacOSXServerUpd10.6.6.dmg Its SHA-1 digest is: 2f202fcbe27fa54ddd2fb8aaa5b4aa9b055301e2 For Mac OS X Server v10.6 - v10.6.4 The download file is named: MacOSXServUpdCombo10.6.6.dmg Its SHA-1 digest is: 3d051d91a8ffe4d25b95378eb7385e94a64fc71c Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (Darwin) iQEcBAEBAgAGBQJNJeeXAAoJEGnF2JsdZQeeV7UIAJTPFZz+mQMIdlrS7TlRpsdv Hvz3O/9sj/czbpBs/EcAIk75vRNcGqI/NYCAbf+5VNHt8ALuJkXuRidIjIPvy8sV Sq7tiNRySzD2kzjCvFXxqcWRewsfD1JWtPoV6HgL6PAHZF7KEQfCH54UI/Ka8h3U XAoRRXWhKdDuBsO0W2mJFrZEwgihb3aetY1SHYX2yX9K1ccVy29vznAfWTKNeS3w z4MBJV9OdufqpJEEe6sWC4zpZgiCBkDvNgxYujRoJYPujOajvb94HeBkl3hnSsLV 9X02Y/VQ0VRWPxtCCnIwbvXyv7A5AR/BeDX56fxNIyrJHNE65vIOjM+um5EmVPo= =eHtZ -----END PGP SIGNATURE----- _______________________________________________ Do not post admin requests to the list. They will be ignored. Security-announce mailing list (Security-announce@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/security-announce/site_archiver%40lis... This email sent to site_archiver@lists.apple.com