APPLE-SA-2002-12-19 Mac OS X 10.2.3
APPLE-SA-2002-12-19 Mac OS X 10.2.3
- Subject: APPLE-SA-2002-12-19 Mac OS X 10.2.3
- From: Apple Product Security <email@hidden>
- Date: Thu, 19 Dec 2002 19:25:54 -0800
-----BEGIN PGP SIGNED MESSAGE-----
APPLE-SA-2002-12-19 Mac OS X 10.2.3
Mac OS X 10.2.3 Software Update is now available. It contains fixes for
the
following potential security issues:
* fetchmail: Fixes CAN-2002-1174 and CAN-2002-1175 which could lead
to a potential denial of service when using the fetchmail command-line
tool.
fetchmail is updated to version 6.1.2+IMAP-GSS+SSL+INET6
* CUPS: Provides fixes for the following potential issues that could be
exploited remotely when Printer Sharing is enabled. Printer Sharing is
not enabled by default on Mac OS X or Mac OS X Server.
CAN-2002-1383: Multiple Integer Overflows
CAN-2002-1366: /etc/cups/certs/ Race Condition
CAN-2002-1367: Adding Printers with UDP Packets
CAN-2002-1368: Negative Length Memcpy() Calls
CAN-2002-1384: Integer Overflows in pdftops Filter and Xpdf
CAN-2002-1369: Unsafe Strncat Function Call in jobs.c
CAN-2002-1370: Root Certificate Design Flaw
CAN-2002-1371: Zero Width Images in filters/image-gif.c
CAN-2002-1372: File Descriptor Resource Leaks
In addition, Mac OS X 10.2.3 provides the following enhanced security
features:
* Random initialization of TCP Timestamp: This enhancement was submitted
by
Aaron Linville through the Darwin open source program. It prevents a
remote entity
from discovering how long a machine has been up based on the ID in the TCP
packets.
* Disk Utility now provides the option to zero data on the disk,
providing an
additional method for securing information.
Mac OS X 10.2.3 Software Update may be obtained from:
* Software Update pane in System Preferences
- OR -
* Apple's Software Downloads web site:
Updating from Mac OS X 10.2:
http://www.info.apple.com/kbnum/n120164
The download file is named: "MacOSXUpdateCombo10.2.3.dmg"
Its SHA-1 digest is: 46df611279b9981425be2cff23c3b3ed868d1809
Updating from Mac OS X 10.2.2:
http://www.info.apple.com/kbnum/n120165
The download file is named: "MacOSXUpdate10.2.3.dmg"
Its SHA-1 digest is: a51ed65311ad59879db7e728779e9cd4084057b5
Information will also be posted to the Apple Support web site:
http://docs.info.apple.com/article.html?artnum=61798
This message is signed with Apple's Product Security PGP key, and
details are available at:
http://www.apple.com/support/security/security_pgp.html
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.3
iQEVAwUBPgKNaiFlYNdE6F9oAQGQ9wf/TWvpmqlOCATC1VAe4hURvK+9sYyQW/el
0w1NK1u36QGUlEEmQmrlSzKDqFl7/RushaK2FTvWmk2WEunmQ0ar3ujVmzWshS+N
fSQ+/ARxf2TOiZQzOt8pqS46wb5ATt7TrQbIKA5ehUtrtzCScgGou/csPlMhQ6Pv
8DWLNJA5RWFexjM0p71XMcbqybyUJvHlgygB7YsLy5gcYFr6Qvi3NyIFXKQMw6Ap
woi5qQNmqlp7hJfCpvFY+tPjJ/0wE/oHk3v/APu6jrw69RH/blzNdlRtsT//gAZF
TfwkOvYIxd4tET0Orp2jhvoIR2s3SNsaTr0iEzohym/e7saW6+m+QQ==
=Yd67
-----END PGP SIGNATURE-----
_______________________________________________
security-announce mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/security-announce
Do not post admin requests to the list. They will be ignored.