• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Security Update - April 2002 available (re-send)
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Security Update - April 2002 available (re-send)

  • Subject: Security Update - April 2002 available (re-send)
  • From: Product Security <email@hidden>
  • Date: Fri, 5 Apr 2002 08:43:09 -0800
We've received several request to have the Security Update message re-sent since the PGP signature was bad due to line breaks and the mail system.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Security Update - April 2002 is now available and includes the
following security enhancements for your system:

Apache - updated to version 1.3.23 in order to incorporate the mod_ssl
security fix

Apache Mod_SSL - updated to version 2.8.7-1.3.23 to address a buffer
overflow vulnerability which could potentially be used to run
arbitrary code.

groff -- updated to version 1.17.2 to address the vulnerability CVE
ID:  CAN-2002-0003, where an attacker could gain rights as the 'lp'
user remotely.

mail_cmds - updated to fix a vulnerability where users could be added
to the mail group

OpenSSH - updated to version 3.1p1 to address the vulnerability
reported in FreeBSD Security Advisory FreeBSD-SA-02:13, where an
attacker could influence the contents of the memory.

PHP - updated to version 4.1.2 to address the vulnerability reported
in CERT CA-2002-05, which could allow an intruder to execute arbitrary
code with the privileges of the web server.

rsync - updated to version 2.5.2 to address a vulnerability which
could lead to corruption of the stack and possibly to execution of
arbitrary code as the root user, as reported in FreeBSD Security
Advisory FreeBSD-SA-02:10

sudo - updated to version 1.6.5p2 to address the vulnerability
reported in FreeBSD Security Advisory FreeBSD-SA-02:06, where a local
user may obtain superuser privileges.


How to obtain the update
- ------------------------
Security Update - April 2002 may be obtained either via:
  - the Software Update pane in System Preferences
or
  - Apple's Software Downloads web page:
     http://www.info.apple.com/support/downloads.html


Security web site
- -----------------
Further details are available via the Apple Product Security
web site at:
http://www.apple.com/support/security/security_updates.html


This message is signed with Apple's Product Security PGP key, and
details are available at:
http://www.apple.com/support/security/security_pgp.html

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.3

iQA/AwUBPK3TRQ57Cn4JaxpHEQI7+QCfbrNad+DjiQa0CLC1vgF2h7vOsZwAn0ti
PYOYzXYHgkV8NUEYIrHnlGbP
=sgh+
-----END PGP SIGNATURE-----
_______________________________________________
security-announce mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/security-announce
Do not post admin requests to the list. They will be ignored.
  • Prev by Date: Security Update - April 2002 available
  • Next by Date: Mac OS X Update 10.1.4 available
  • Previous by thread: Security Update - April 2002 available
  • Next by thread: Mac OS X Update 10.1.4 available
  • Index(es):
    • Date
    • Thread