site_archiver@lists.apple.com Delivered-To: security-announce@lists.apple.com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2005-04-19 Security Update 2005-004 Security Update 2005-004 is now available and delivers the following security enhancement: iSync Available for: iSync 1.5 CVE-ID: CAN-2005-0193 Impact: A buffer overflow in iSync could lead to local privilege escalation Description: The iSync helper tool mRouter contains a buffer overflow vulnerability. This could result in the execution of arbitrary commands as root by local system users. Security Update 2005-004 fixes this problem by providing a patched version of mRouter. iSync 1.4 is also affected by this vulnerability, and customers are encouraged to update to the freely available iSync 1.5 version, then apply Security Update 2005-004. Credit to Braden Thomas for reporting this issue. Security Update 2005-004 may be obtained from the Software Update pane in System Preferences, or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ The download file is named: "SecUpd2005-004Pan.dmg" Its SHA-1 digest is: 5ef91d98b43ff8d139b2b18782487fc5d13eb21a Information will also be posted to the Apple Product Security web site: http://docs.info.apple.com/article.html?artnum=61798 This message is signed with Apple's Product Security PGP key, and details are available at: http://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: PGP 8.1 iQEVAwUBQmWOkJyw5owIz4TQAQK5yAf+ONkSVIQ+r2h6rCtdQjaRzJq3kBlxyLSK e8SYG+ptqM7u+T5awi1JUnF/yv7Mo1sdr3swcYEagWUmanKAZqeznq1Wzz25y8ci vsVrWcO6Vm2w34eYg3+pjdGekQAL4E7YUtjZHf7S8sTjBwrPPB4tNsyUqv03vN/c EDvPYdn6oBPHaTcvquDXJG/z8poM6jeBrwfMJ5p2lx4nLDKRRSqccSQfp7hMXrMf qX7aFyD5TB+qJaJmv0zo1/cCOgopkhl/N5KOqGyAkyPSFfMqSRhx33UsRtq4JycZ vsdghRIzL6oDbVq+VjFPqUlTOdOgwpLFnYDxHaTs+mvk2GhnmftVlA== =TusL -----END PGP SIGNATURE----- _______________________________________________ Do not post admin requests to the list. They will be ignored. Security-announce mailing list (Security-announce@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/security-announce/site_archiver%40lis... This email sent to site_archiver@lists.apple.com