APPLE-SA-2003-11-19 Security Update 2003-11-19
APPLE-SA-2003-11-19 Security Update 2003-11-19
- Subject: APPLE-SA-2003-11-19 Security Update 2003-11-19
- From: Product Security <email@hidden>
- Date: Wed, 19 Nov 2003 17:40:26 -0800
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2003-11-19 Security Update 2003-11-19
Security Update 2003-11-19 is now available for Mac OS X 10.2.8 and
Mac OS X 10.3.
It is Apple's policy to quickly address significant vulnerabilities in
past releases of Mac OS X wherever feasible. Security Update
2003-11-19 includes updates to several components of Mac OS X v10.2
"Jaguar" that meet this criteria.
Updates for Mac OS X v10.2.8 "Jaguar" and Mac OS X Server v10.2.8
=================================================================
gm4: Fixes CAN-2001-1411 a format string vulnerability in the gm4
utility. No setuid root programs relied on gm4 and this fix is a
preventive measure against a possible future exploit.
groff: Fixes VU#399883 where the groff component pic contained a
format-string vulnerability.
Mail: Fixes CAN-2003-0881 the Mac OS X Mail application will no longer
fall back to plain text login when an account is configured to use MD5
Challenge Response.
OpenSSL: Fixes CAN-2003-0851 parsing particular malformed ASN.1
sequences are now handled in a more secure manner.
Personal File Sharing: Fixes CAN-2003-0878 when Personal File Sharing
is enabled, the slpd daemon can no longer create a root-owned file in
the /tmp directory to gain elevated privileges.
QuickTime for Java: Fixes CAN-2003-0871 a potential vulnerability that
could allow unauthorized access to a system.
zlib: Addresses CAN-2003-0107. While there were no functions in Mac
OS X that used the vulnerable gzprintf() function, the underlying
issue in zlib has been fixed to protect any third-party applications
that may potentially use this library.
Updates for Mac OS X v10.3.1 "Panther" and Mac OS X Server v10.3.1
==================================================================
OpenSSL: Fixes CAN-2003-0851 parsing particular malformed ASN.1
sequences are now handled in a more secure manner.
zlib: Addresses CAN-2003-0107. While there were no functions in Mac
OS X that used the vulnerable gzprintf() function, the underlying
issue in zlib has been fixed to protect any third-party applications
that may potentially use this library.
================================================
Security Update 2003-11-19 may be obtained from:
* Software Update pane in System Preferences
* Apple's Software Downloads web site:
Security update 2003-11-19 for Jaguar 10.2.8
http://www.info.apple.com/kbnum/n120277
The download file is named: "SecurityUpd2003-11-19Jag.dmg"
Its SHA-1 digest is: bf6dfd69f084d1ffc0a0db9eff5252fb3213178b
Security Update 2003-11-19 for Panther 10.3.1
http://www.info.apple.com/kbnum/n120278
The download file is named: "SecurityUpd2003-11-19.dmg"
Its SHA-1 digest is: 0cfb4c9048859a2e8a60424400e081da5ff84b80
Information will also be posted to the Apple Product Security web
site:
http://www.apple.com/support/security/security_updates.html
This message is signed with Apple's Product Security PGP key, and
details are available at:
http://www.apple.com/support/security/security_pgp.html
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.2
iQEVAwUBP7wbJ3eI0z6bzFr0AQLqBgf/VosadrRIxai1AJe4th5MfYPOSxz5aJBM
aMcuIdXhGLK01/Zynr//DSNSwJ1gPZefMQtFrvaF5BJvUS8hmWOu9PyCZbEo8hiX
YJc14ON7/edXEA0JDB9BuB6Hbaflh+DgW2FIp8pjDScvudtFheMWFPQDMhBR3Az3
B6y6lIe9olZ+wUsML9ireLzKfhBFZGF7c/kYIoSS4X5WlmQ19F30RdBbJI/b8Sn2
nIBgBM9YtgkuMVSoqhPgBPIrQLQ0Qa8NVPY9NpBjFHnDgpUjiqCtYYL97TATOiMi
khl84JnBdIOk8j/S8z1zTSPwMG1v7LJPxdzhMRC3UhdiKOHDPTrofg==
=DdeD
-----END PGP SIGNATURE-----
_______________________________________________
security-announce mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/security-announce
Do not post admin requests to the list. They will be ignored.