-----BEGIN PGP SIGNED MESSAGE----- Security Update 2002-08-23 is now available. This applies the fixes already available in Security Update 2002-08-02 to the Mac OS X 10.2 (Jaguar) release. Security Update 2002-08-02 was designed for the Mac OS X 10.1.5 release. It contains fixes for recent vulnerabilities in: OpenSSL: Fixes security vulnerabilities CAN-2002-0656, CAN-2002-0657, CAN-2002-0655, and CAN-2002-0659. Details are available via: http://www.cert.org/advisories/CA-2002-23.html mod_ssl: Fixes CAN-2002-0653, an off-by-one buffer overflow in the mod_ssl Apache module. Details are available via: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0653 Affected systems: Mac OS X client and Mac OS X Server Note: Mac OS X client is configured by default to have these services turned off, and is only vulnerable if the user has enabled network services which rely on the affected components. It is still recommended for Mac OS X client users to apply this security update to their system. System requirements: Mac OS X 10.2 (Jaguar) Security Update 2002-08-23 may be obtained from: * Software Update pane in System Preferences * Apple's Software Downloads web site: http://www.info.apple.com/kbnum/n120142 To help verify the integrity of Security Update 2002-08-23 from the Software Downloads web site: The download file is titled: SecurityUpd2002-08-23.dmg Its SHA-1 digest is: fccb3adb478f90650f4484534a79a80bba5f94f3 Information will also be posted to the Apple Product Security web site: http://www.apple.com/support/security/security_updates.html This message is signed with Apple's Product Security PGP key, and details are available at: http://www.apple.com/support/security/security_pgp.html -----BEGIN PGP SIGNATURE----- Version: PGP 7.0.3 iQEVAwUBPWad3SFlYNdE6F9oAQHuIQf9GdW2n/r7di2U8c4jQU+3JvRtU+HG7Lsl jlKRVNGyaMvUAurxbYB/yHfHcYDtsj26bupzLUpLXbIt54uZxyXo6UTExzpwreaT r+UJm7+q9kG6lcAmrcz2WNzlnD6icXKKuyf/hR8NUo3yBP7MoR6QGjvFqodvTOHR J2YXH8AEPAmWFf511AzbG1yYvlDhocZ+/gBFTlaB3nYt11Edz2yRE4qeumQYEIyf gLFxzp1BVFNDJck66WjPWgHqDuq9QWPBzHl1qhd09ctD84w+Hda972dqxRn08Jo7 jTGs2zmUpyPxLxCHEd5uzRNuMquIoddW2Nsg8LeJNHqRDlklVSJTUA== =CJ2Y -----END PGP SIGNATURE----- _______________________________________________ security-announce mailing list | security-announce@lists.apple.com Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/security-announce Do not post admin requests to the list. They will be ignored. Sun RPC: Fixes CAN-2002-039, a buffer overflow in the Sun RPC XDR decoder. Details are available via: http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=20823