-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 iQA/AwUBPK0bLg57Cn4JaxpHEQKrUQCg34Uz0udzn1nqa/ocHXKOlL3O2EQAoIe8 qo/vqqwQrH3db7pL/xne84ur =wZ3Y -----END PGP SIGNATURE----- _______________________________________________ security-announce mailing list | security-announce@lists.apple.com Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/security-announce Do not post admin requests to the list. They will be ignored. Security Update - April 2002 is now available and includes the following security enhancements for your system: Apache - updated to version 1.3.23 in order to incorporate the mod_ssl security fix Apache Mod_SSL - updated to version 2.8.7-1.3.23 to address a buffer overflow vulnerability which could potentially be used to run arbitrary code. http://online.securityfocus.com/advisories/3937 groff -- updated to version 1.17.2 to address the vulnerability CVE ID: CAN-2002-0003, where an attacker could gain rights as the 'lp' user remotely. http://online.securityfocus.com/advisories/3859 mail_cmds - updated to fix a vulnerability where users could be added to the mail group OpenSSH - updated to version 3.1p1 to address the vulnerability reported in FreeBSD Security Advisory FreeBSD-SA-02:13, where an attacker could influence the contents of the memory. ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD- SA-02:13.openssh.asc PHP - updated to version 4.1.2 to address the vulnerability reported in CERT CA-2002-05, which could allow an intruder to execute arbitrary code with the privileges of the web server. http://www.cert.org/advisories/CA-2002-05.html rsync - updated to version 2.5.2 to address a vulnerability which could lead to corruption of the stack and possibly to execution of arbitrary code as the root user, as reported in FreeBSD Security Advisory FreeBSD-SA-02:10 ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD- SA-02:10.rsync.asc sudo - updated to version 1.6.5p2 to address the vulnerability reported in FreeBSD Security Advisory FreeBSD-SA-02:06, where a local user may obtain superuser privileges. ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD- SA-02:06.sudo.asc How to obtain the update - - ------------------------ Security Update - April 2002 may be obtained via: - the Software Update pane in System Preferences and it will also be posted to: - Apple's Software Downloads web page: http://www.info.apple.com/support/downloads.html This message is signed with Apple's Product Security PGP key, and details are available via: http://www.apple.com/support/security/security_pgp.html -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>