site_archiver@lists.apple.com Delivered-To: security-announce@lists.apple.com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2008-02-11 Mac OS X v10.5.2 and Security Update 2008-001 Mac OS X v10.5.2 and Security Update 2008-001 are now available and address the following issues: Directory Services CVE-ID: CVE-2007-0355 Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11 Impact: A local user may be able to execute arbitrary code with system privileges Description: A stack buffer overflow exists in the Service Location Protocol (SLP) daemon, which may allow a local user to execute arbitrary code with system privileges. This update addresses the issue through improved bounds checking. This has been described on the Month of Apple Bugs web site (MOAB-17-01-2007). This issue does not affect systems running Mac OS X v10.5 or later. Credit to Kevin Finisterre of Netragard for reporting this issue. Foundation CVE-ID: CVE-2008-0035 Available for: Mac OS X v10.5 - v10.5.1, Mac OS X Server v10.5 - v10.5.1 Impact: Accessing a maliciously crafted URL may lead to an application termination or arbitrary code execution Description: A memory corruption issue exists in Safari's handling of URLs. By enticing a user to access a maliciously crafted URL, an attacker may cause an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of URLs. This issue does not affect systems prior to Mac OS X v10.5. Launch Services CVE-ID: CVE-2008-0038 Available for: Mac OS X v10.5 - v10.5.1, Mac OS X Server v10.5 - v10.5.1 Impact: An application removed from the system may still be launched via the Time Machine backup Description: Launch Services is an API to open applications or their document files or URLs in a way similar to the Finder or the Dock. Users expect that uninstalling an application from their system will prevent it from being launched. However, when an application has been uninstalled from the system, Launch Services may allow it to be launched if it is present in a Time Machine backup. This update addresses the issue by not allowing applications to be launched directly from a Time Machine backup. This issue does not affect systems prior to Mac OS X v10.5. Credit to Steven Fisher of Discovery Software Ltd. and Ian Coutier for reporting this issue. Mail CVE-ID: CVE-2008-0039 Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11 Impact: Accessing a URL in a message may lead to arbitrary code execution Description: An implementation issue exists in Mail's handling of file:// URLs, which may allow arbitrary applications to be launched without warning when a user clicks a URL in a message. This update addresses the issue by displaying the location of the file in Finder rather than launching it. This issue does not affect systems running Mac OS X v10.5 or later. NFS CVE-ID: CVE-2008-0040 Available for: Mac OS X v10.5 - v10.5.1, Mac OS X Server v10.5 - v10.5.1 Impact: If the system is being used as an NFS client or server, a remote attacker may cause an unexpected system shutdown or arbitrary code execution Description: A memory corruption issue exists in NFS's handling of mbuf chains. If the system is being used as an NFS client or server, a malicious NFS server or client may be able to cause an unexpected system shutdown or arbitrary code execution. This update addresses the issue through improved handling of mbuf chains. This issue does not affect systems prior to Mac OS X v10.5. Credit to Oleg Drokin of Sun Microsystems for reporting this issue. Open Directory Available for: Mac OS X v10.4.11, Mac OS X v10.4.11 Server Impact: NTLM authentication requests may always fail Description: This update addresses a non-security issue introduced in Mac OS X v10.4.11. An race condition in Open Directory's Active Directory plug-in may terminate the operation of winbindd, causing NTLM authentications to fail. This update addresses the issue by correcting the race condition that could terminate winbindd. This issue only affects Mac OS X v10.4.11 systems configured for use with Active Directory. Parental Controls CVE-ID: CVE-2008-0041 Available for: Mac OS X v10.5 - v10.5.1, Mac OS X Server v10.5 - v10.5.1 Impact: Requesting to unblock a website leads to information disclosure Description: When set to manage web content, Parental Controls will inadvertently contact www.apple.com when a website is unblocked. This allows a remote user to detect the machines running Parental Controls. This update addresses the issue by removing the outgoing network traffic when a website is unblocked. This issue does not affect systems prior to Mac OS X v10.5. Credit to Jesse Pearson for reporting this issue. Samba CVE-ID: CVE-2007-6015 Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 - v10.5.1, Mac OS X Server v10.5 - v10.5.1 Impact: A remote attacker may cause an unexpected application termination or arbitrary code execution Description: A stack buffer overflow may occur in Samba when processing certain NetBIOS Name Service requests. If a system is explicitly configured to allow "domain logons", an unexpected application termination or arbitrary code execution could occur when processing a request. Mac OS X Server systems configured as domain controllers are also affected. This update addresses the issue by applying the Samba patch. Further information is available via the Samba web site at http://www.samba.org/samba/history/security.html Credit to Alin Rad Pop of Secunia Research for reporting this issue. Terminal CVE-ID: CVE-2008-0042 Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 - v10.5.1, Mac OS X Server v10.5 - v10.5.1 Impact: Viewing a maliciously crafted web page may lead to arbitrary code execution Description: An input validation issue exists in the processing of URL schemes handled by Terminal.app. By enticing a user to visit a maliciously crafted web page, an attacker may cause an application to be launched with controlled command line arguments, which may lead to arbitrary code execution. This update addresses the issue through improved validation of URLs. Credit to Olli Leppanen of Digital Film Finland and Brian Mastenbrook for reporting this issue. X11 CVE-ID: CVE-2007-4568 Available for: Mac OS X v10.5 - v10.5.1, Mac OS X Server v10.5 - v10.5.1 Impact: Multiple Vulnerabilities in X11 X Font Server (XFS) 1.0.4 Description: Multiple vulnerabilities exist in X11 X Font Server (XFS), the most serious of which may lead to arbitrary code execution. This update addresses the issues by updating to version 1.0.5. Further information is available via the X.Org website at http://www.x.org/wiki/Development/Security X11 CVE-ID: CVE-2008-0037 Available for: Mac OS X v10.5 - v10.5.1, Mac OS X Server v10.5 - v10.5.1 Impact: Changing the settings in the Security Preferences Panel has no effect Description: The X11 server is not correctly reading its "Allow connections from network client" preference. This can cause the X11 server to allow connections from network clients, even when the preference is turned off. This update addresses the issue by ensuring that the X11 server correctly reads this preference. This issue does not affect systems prior to Mac OS X v10.5. Mac OS X v10.5.2 and Security Update 2008-001 may be obtained from the Software Update pane in System Preferences, or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ The Software Update utility will present the update that applies to your system configuration. Only one is needed, either Mac OS X v10.5.2 or Security Update 2008-001. For Mac OS X v10.5 - v10.5.1 The download file is named: "MacOSXUpdCombo10.5.2.dmg" Its SHA-1 digest is: 524e0a707afbdeff798cdd9464d62f672136ab5a For Mac OS X Server v10.5 - v10.5.1 The download file is named: "MacOSXServerUpdCombo10.5.2.dmg" Its SHA-1 digest is: 1a98a5ce84795c1352e04e4ff4ef448b563a35db For Mac OS X v10.4.11 (Universal) The download file is named: "SecUpd2008-001Univ.dmg" Its SHA-1 digest is: f572a0e29df4b44e124a92d5601ba45772818e02 For Mac OS X Server v10.4.11 (PowerPC) The download file is named: "SecUpd2008-001PPC.dmg" Its SHA-1 digest is: bf3ebc69e094000d48d94e997a4d51f25c4824e0 Information will also be posted to the Apple Security Updates web site: http://docs.info.apple.com/article.html?artnum=61798 This message is signed with Apple's Product Security PGP key, and details are available at: http://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: 9.7.0.1012 wsBVAwUBR7DAH8gAoqu4Rp5tAQhpdAgAsY04gUhxrs0GypbuyGnwIjc8lte++kJm sOsdIUuXQz3Jg3CoHl3aVaPhslTcaa3I535W1HAj5XXkJR4OhZD+xQjZCPt+mGHM pLHr+SOT24hShkcFPUsxpdA1qO1zuTntCyQMVeRBPpF0EzmHdf2lkOpKC3Ki55u7 qArgHueo/hE95BVKuzhllcMU6fdZtWSAg01ktcrsYXtHM2kOieUoWbIBRT1OXps2 XPafJ0GqwXSF1CIJOt/fsX1z8TIJtTaAE62ZgmLFI24qqm4hjpROMPz2hN9VUoP5 6Knudzhvg0pQUdlvTOTBHejR2liUCxugybsQwv1WAM3lO5OdAB4k2Q== =/Cut -----END PGP SIGNATURE----- _______________________________________________ Do not post admin requests to the list. They will be ignored. Security-announce mailing list (Security-announce@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/security-announce/site_archiver%40lis... This email sent to site_archiver@lists.apple.com