• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Security Update - April 2002 available
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Security Update - April 2002 available

  • Subject: Security Update - April 2002 available
  • From: Apple Security <email@hidden>
  • Date: Thu, 4 Apr 2002 19:35:45 -0800
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Security Update - April 2002 is now available and includes the following security enhancements for your system:

Apache - updated to version 1.3.23 in order to incorporate the mod_ssl security fix

Apache Mod_SSL - updated to version 2.8.7-1.3.23 to address a buffer overflow vulnerability which could potentially be used to run arbitrary code.
http://online.securityfocus.com/advisories/3937

groff -- updated to version 1.17.2 to address the vulnerability CVE ID: CAN-2002-0003, where an attacker could gain rights as the 'lp' user remotely.
http://online.securityfocus.com/advisories/3859

mail_cmds - updated to fix a vulnerability where users could be added to the mail group

OpenSSH - updated to version 3.1p1 to address the vulnerability reported in FreeBSD Security Advisory FreeBSD-SA-02:13, where an attacker could influence the contents of the memory.
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-
SA-02:13.openssh.asc

PHP - updated to version 4.1.2 to address the vulnerability reported in CERT CA-2002-05, which could allow an intruder to execute arbitrary code with the privileges of the web server.
http://www.cert.org/advisories/CA-2002-05.html

rsync - updated to version 2.5.2 to address a vulnerability which could lead to corruption of the stack and possibly to execution of arbitrary code as the root user, as reported in FreeBSD Security Advisory FreeBSD-SA-02:10
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-
SA-02:10.rsync.asc

sudo - updated to version 1.6.5p2 to address the vulnerability reported in FreeBSD Security Advisory FreeBSD-SA-02:06, where a local user may obtain superuser privileges.
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-
SA-02:06.sudo.asc


How to obtain the update
- - ------------------------
Security Update - April 2002 may be obtained via:
- the Software Update pane in System Preferences
and it will also be posted to:
- Apple's Software Downloads web page: http://www.info.apple.com/support/downloads.html


This message is signed with Apple's Product Security PGP key, and details are available via:
http://www.apple.com/support/security/security_pgp.html
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>

iQA/AwUBPK0bLg57Cn4JaxpHEQKrUQCg34Uz0udzn1nqa/ocHXKOlL3O2EQAoIe8
qo/vqqwQrH3db7pL/xne84ur
=wZ3Y
-----END PGP SIGNATURE-----
_______________________________________________
security-announce mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/security-announce
Do not post admin requests to the list. They will be ignored.
  • Next by Date: Security Update - April 2002 available (re-send)
  • Next by thread: Security Update - April 2002 available (re-send)
  • Index(es):
    • Date
    • Thread