• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
APPLE-SA-2002-12-19 Mac OS X 10.2.3
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

APPLE-SA-2002-12-19 Mac OS X 10.2.3

  • Subject: APPLE-SA-2002-12-19 Mac OS X 10.2.3
  • From: Apple Product Security <email@hidden>
  • Date: Thu, 19 Dec 2002 19:25:54 -0800
-----BEGIN PGP SIGNED MESSAGE-----

APPLE-SA-2002-12-19 Mac OS X 10.2.3

Mac OS X 10.2.3 Software Update is now available. It contains fixes for the
following potential security issues:

* fetchmail: Fixes CAN-2002-1174 and CAN-2002-1175 which could lead
to a potential denial of service when using the fetchmail command-line tool.
fetchmail is updated to version 6.1.2+IMAP-GSS+SSL+INET6

*  CUPS:  Provides fixes for the following potential issues that could be
exploited remotely when Printer Sharing is enabled.  Printer Sharing is
not enabled by default on Mac OS X or Mac OS X Server.
        CAN-2002-1383:  Multiple Integer Overflows
        CAN-2002-1366:  /etc/cups/certs/ Race Condition
        CAN-2002-1367:  Adding Printers with UDP Packets
        CAN-2002-1368:  Negative Length Memcpy() Calls
        CAN-2002-1384:  Integer Overflows in pdftops Filter and Xpdf
        CAN-2002-1369:  Unsafe Strncat Function Call in jobs.c
        CAN-2002-1370:  Root Certificate Design Flaw
        CAN-2002-1371:  Zero Width Images in filters/image-gif.c
        CAN-2002-1372:  File Descriptor Resource Leaks

In addition, Mac OS X 10.2.3 provides the following enhanced security features:

* Random initialization of TCP Timestamp: This enhancement was submitted by
Aaron Linville through the Darwin open source program. It prevents a remote entity
from discovering how long a machine has been up based on the ID in the TCP packets.

* Disk Utility now provides the option to zero data on the disk, providing an
additional method for securing information.

Mac OS X 10.2.3 Software Update may be obtained from:

  * Software Update pane in System Preferences

     - OR -

  * Apple's Software Downloads web site:
      Updating from Mac OS X 10.2:
        http://www.info.apple.com/kbnum/n120164
        The download file is named:  "MacOSXUpdateCombo10.2.3.dmg"
        Its SHA-1 digest is:  46df611279b9981425be2cff23c3b3ed868d1809

      Updating from Mac OS X 10.2.2:
        http://www.info.apple.com/kbnum/n120165
        The download file is named:  "MacOSXUpdate10.2.3.dmg"
        Its SHA-1 digest is:  a51ed65311ad59879db7e728779e9cd4084057b5

Information will also be posted to the Apple Support web site:
http://docs.info.apple.com/article.html?artnum=61798

This message is signed with Apple's Product Security PGP key, and
details are available at:
http://www.apple.com/support/security/security_pgp.html

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.3

iQEVAwUBPgKNaiFlYNdE6F9oAQGQ9wf/TWvpmqlOCATC1VAe4hURvK+9sYyQW/el
0w1NK1u36QGUlEEmQmrlSzKDqFl7/RushaK2FTvWmk2WEunmQ0ar3ujVmzWshS+N
fSQ+/ARxf2TOiZQzOt8pqS46wb5ATt7TrQbIKA5ehUtrtzCScgGou/csPlMhQ6Pv
8DWLNJA5RWFexjM0p71XMcbqybyUJvHlgygB7YsLy5gcYFr6Qvi3NyIFXKQMw6Ap
woi5qQNmqlp7hJfCpvFY+tPjJ/0wE/oHk3v/APu6jrw69RH/blzNdlRtsT//gAZF
TfwkOvYIxd4tET0Orp2jhvoIR2s3SNsaTr0iEzohym/e7saW6+m+QQ==
=Yd67
-----END PGP SIGNATURE-----
_______________________________________________
security-announce mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/security-announce
Do not post admin requests to the list. They will be ignored.
  • Index(es):
    • Date
    • Thread