APPLE-SA-2003-12-19 Security Update for Jaguar
APPLE-SA-2003-12-19 Security Update for Jaguar
- Subject: APPLE-SA-2003-12-19 Security Update for Jaguar
- From: Apple Product Security <email@hidden>
- Date: Sat, 20 Dec 2003 07:52:58 -0800
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2003-12-19 Security Update 2003-12-19 for Jaguar
Security Update 2003-12-19 for Jaguar is available for Mac OS X 10.2.8
and Mac OS X Server 10.2.8.
It contains security enhancements for the following:
AppleFileServer: Fixes CAN-2003-1007 to improve the handling of
malformed requests.
cd9660.util: Fixes CAN-2003-1006, a buffer overflow vulnerability in
the filesystem utility cd9660.util.
Credit to KF of Secure Network Operations for reporting this issue.
Directory Services: Fixes CAN-2003-1009. The default settings are
changed to prevent an inadvertent connection in the event of a
malicious DHCP server on the computer's local subnet. Further
information is provided in Apple's Knowledge Base article:
http://docs.info.apple.com/article.html?artnum=32478
Credit to William A. Carrel for reporting this issue.
fetchmail: Fixes CAN-2003-0792. Updates are provided to fetchmail that
improve its stability when receiving malformed messages.
fs_usage: Fixes CAN-2003-1010. The fs_usage tool has been improved to
prevent a local privilege escalation vulnerability. This tool is
used to collect system performance information and requires admin
privileges to run.
Credit to Dave G. of @stake for reporting this issue.
rsync: Fixes CAN-2003-0962 by improving the security of the rsync
server.
System initialization: Fixes CAN-2003-1011. The system initialization
process has been improved to restrict root access on a system that
uses a USB keyboard.
Note: The following fixes which appear in "Security Update 2003-12-19
for Panther" are not included in "Security Update 2003-12-19 for
Jaguar" since the Jaguar versions of Mac OS X and Mac OS X Server
are not vulnerable to these issues:
- CAN-2003-1005: ASN.1 Decoding for PKI
- CAN-2003-1008: Screen Saver text clippings
================================================
Security Update 2003-12-19 for Jaguar may be obtained from:
* Software Update pane in System Preferences
* Apple's Software Downloads web site:
http://www.info.apple.com/kbnum/n120291
The download file is named: "SecurityUpd2003-12-19Jag.dmg"
Its SHA-1 digest is: b0c5d1ef54020db7580798fddd7a1e132e653896
Information will also be posted to the Apple Product Security web
site:
http://www.apple.com/support/security/security_updates.html
This message is signed with Apple's Product Security PGP key, and
details are available at:
http://www.apple.com/support/security/security_pgp.html
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.2
iQEVAwUBP+RshHeI0z6bzFr0AQJJhAgAtSkJrSfWVR/AxPsJ1CXOpKNoZuOvdems
6elRfBkuSLK9ETauqKKvJcZa/Wf2D+Mzusz+BYpmDHKAXWIhqcjPjSFJjeHzri8/
/ienm69poqa7Miu+ow6KKsvVsniO8DeAjw7FkFnD8SmvKrkKvbvQVLh0WEHPPB9Y
5lepyEuzsaB8DWOl2DwuDN+0HWgGWrSPSV1hY/VX4HJQPD0ibqqkEcs6tf82kglN
E3s/vFWNkDzkCt2awf3l7vtgV4EZV4Xnaylkzq5b0rLSc3q0gXfHjlB1Ujubx06w
NrecGLBggzYvl9CPisDADXjt/gJhmi76OktRytg6QRDlEZf/OuPMkA==
=kTh7
-----END PGP SIGNATURE-----
_______________________________________________
security-announce mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/security-announce
Do not post admin requests to the list. They will be ignored.