APPLE-SA-2003-12-19 Security Update for Panther
APPLE-SA-2003-12-19 Security Update for Panther
- Subject: APPLE-SA-2003-12-19 Security Update for Panther
- From: Apple Product Security <email@hidden>
- Date: Sat, 20 Dec 2003 07:50:25 -0800
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2003-12-19 Security Update 2003-12-19 for Panther
Security Update 2003-12-19 for Panther is available for
Mac OS X 10.3.2 and Mac OS X Server 10.3.2.
It contains security enhancements for the following:
AppleFileServer: Fixes CAN-2003-1007 to improve the handling of
malformed requests.
ASN.1 Decoding for PKI: Fixes CAN-2003-1005 which could cause a
potential denial of service when receiving malformed ASN.1
sequences. This is related but separate from CAN-2003-0851.
cd9660.util: Fixes CAN-2003-1006, a buffer overflow vulnerability in
the filesystem utility cd9660.util.
Credit to KF of Secure Network Operations for reporting this issue.
Directory Services: Fixes CAN-2003-1009. The default settings are
changed to prevent an inadvertent connection in the event of a
malicious DHCP server on the computer's local subnet. Further
information is provided in Apple's Knowledge Base article:
http://docs.info.apple.com/article.html?artnum=32478
Credit to William A. Carrel for reporting this issue.
fetchmail: Fixes CAN-2003-0792. Updates are provided to fetchmail that
improve its stability when receiving malformed messages.
fs_usage: Fixes CAN-2003-1010. The fs_usage tool has been improved to
prevent a local privilege escalation vulnerability. This tool is
used to collect system performance information and requires admin
privileges to run.
Credit to Dave G. of @stake for reporting this issue.
rsync: Fixes CAN-2003-0962 by improving the security of the rsync
server.
Screen Saver: Fixes CAN-2003-1008. When the Screen Saver login
window is present, it is no longer possible to write a text
clipping to the desktop or an application.
Credit to Benjamin Kelly for reporting this issue.
System initialization: Fixes CAN-2003-1011. The system initialization
process has been improved to restrict root access on a system that
uses a USB keyboard.
================================================
Security Update 2003-12-19 for Panther may be obtained from:
* Software Update pane in System Preferences
* Apple's Software Downloads web site:
http://www.info.apple.com/kbnum/n120292
The download file is named: "SecurityUpd2003-12-19.dmg"
Its SHA-1 digest is: 112674677572232f640d03122b25527d84fbbbf8
Information will also be posted to the Apple Product Security web
site:
http://www.apple.com/support/security/security_updates.html
This message is signed with Apple's Product Security PGP key, and
details are available at:
http://www.apple.com/support/security/security_pgp.html
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.2
iQEVAwUBP+Rsp3eI0z6bzFr0AQI/MwgAqqUXmeRPg2xLQlbGiK15uDhgrcOuE27V
5fi8IvkiAWMN/qjJofG3y+crtmZwTea0Z8qvcw8EcbMRtuhqzyCu43HFTE8wFJ4w
FqmwihZQANu8IHye9tgl36CiPJvY3bYWPxd3GobAQKZp81/OIhY3H2aB79Oa3N3o
6lBPHInyLmRswlOa9s7v6wSJAK/9MXa7dwSLtaaFsVg7R8kfe4atZ0tAlc8rHAnS
k0sZq1z6hPeiXHRxFIeozwTr6P5QLZB/3YuRYLtgYudojOauV1/X4/ltsOb5Kdk/
HUdrNSZfoECPI78BecWblnsGG91Tgd20GIcTke06o0zWvZa2vXWJDg==
=3ZBF
-----END PGP SIGNATURE-----
_______________________________________________
security-announce mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/security-announce
Do not post admin requests to the list. They will be ignored.