site_archiver@lists.apple.com Delivered-To: security-announce@lists.apple.com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2007-11-15 Mac OS X v10.5.1 Update Mac OS X v10.5.1 Update is now available and addresses the following issues: Application Firewall CVE-ID: CVE-2007-4702 Available for: Mac OS X v10.5, Mac OS X Server v10.5 Impact: The "Block all incoming connections" setting for the firewall is misleading Description: The "Block all incoming connections" setting for the Application Firewall allows any process running as user "root" (UID 0) to receive incoming connections, and also allows mDNSResponder to receive connections. This could result in the unexpected exposure of network services. This update addresses the issue by more accurately describing the option as "Allow only essential services", and by limiting the processes permitted to receive incoming connections under this setting to a small fixed set of system services: configd (for DHCP and other network configuration protocols), mDNSResponder (for Bonjour), and racoon (for IPSec). The "Help" content for the Application Firewall is also updated to provide further information. This issue does not affect systems prior to Mac OS X v10.5. Application Firewall CVE-ID: CVE-2007-4703 Available for: Mac OS X v10.5, Mac OS X Server v10.5 Impact: Processes running as user "root" (UID 0) cannot be blocked when the firewall is set to "Set access for specific services and applications" Description: The "Set access for specific services and applications" setting for the Application Firewall allows any process running as user "root" (UID 0) to receive incoming connections, even if its executable is specifically added to the list of programs and its entry in the list is marked as "Block incoming connections". This could result in the unexpected exposure of network services. This update corrects the issue so that any executable so marked is blocked. This issue does not affect systems prior to Mac OS X v10.5. Application Firewall CVE-ID: CVE-2007-4704 Available for: Mac OS X v10.5, Mac OS X Server v10.5 Impact: Changes to Application Firewall settings do not affect processes started by launchd until they are restarted Description: When the Application Firewall settings are changed, a running process started by launchd will not be affected until it is restarted. A user might expect changes to take effect immediately and so leave their system exposed to network access. This update corrects the issue so that changes take effect immediately. This issue does not affect systems prior to Mac OS X v10.5. Mac OS X v10.5.1 may be obtained from the Software Update pane in System Preferences, or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ For Mac OS X v10.5 The download file is named: "MacOSXUpd10.5.1.dmg" Its SHA-1 digest is: fb4ba4e5a0a7db7e04b3c93bb10115017cbea986 For Mac OS X Server v10.5 The download file is named: "MacOSXServerUpd10.5.1.dmg" Its SHA-1 digest is: 9ccfe856eae029b70b7f465d85041a96738eaeab Information will also be posted to the Apple Security Updates web site: http://docs.info.apple.com/article.html?artnum=61798 This message is signed with Apple's Product Security PGP key, and details are available at: http://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: 9.7.0.867 wsBVAwUBRzyVBcgAoqu4Rp5tAQjJGwf+JPqv9+zTyyvX5WmeLHocPXxwkZBupkT/ XnaeVJsckZchxKHahwFQPSMInx1mK4sG0rI00nXDQx3m1qpa5zrwQyIwgweg7gh8 SwnGDJdoZyUOuf+Yx7m2b/u426T0De7lqFNbBGnMdmtWKoZGfphUgPcTD6Svh2PB 3/EjmGqXzWrN5dgESI23c9YQvobRSTTye+uzT1Z5Hx7E1KPyuuGBsFhDCfxZ/fms ifLRZiXBOw2uzxVPQVHLtBnksO0MSgTfozQTfYNfcWugTE3N5TS6b6ck5Tv7bBpn RmKeqlmsdVQTLgxj47jnBQV8Wunl7Qwtzxfyj57jYqx3X7GPH+LGmw== =fq+k -----END PGP SIGNATURE----- _______________________________________________ Do not post admin requests to the list. They will be ignored. Security-announce mailing list (Security-announce@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/security-announce/site_archiver%40lis... This email sent to site_archiver@lists.apple.com