• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
APPLE-SA-2005-04-19 Security Update 2005-004
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

APPLE-SA-2005-04-19 Security Update 2005-004


  • Subject: APPLE-SA-2005-04-19 Security Update 2005-004
  • From: Apple Product Security <email@hidden>
  • Date: Tue, 19 Apr 2005 16:08:40 -0700

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2005-04-19 Security Update 2005-004

Security Update 2005-004 is now available and delivers the following
security enhancement:

iSync
Available for:  iSync 1.5
CVE-ID:  CAN-2005-0193
Impact:  A buffer overflow in iSync could lead to local privilege
escalation
Description:  The iSync helper tool mRouter contains a buffer
overflow vulnerability. This could result in the execution of
arbitrary commands as root by local system users.  Security Update
2005-004 fixes this problem by providing a patched version of
mRouter.  iSync 1.4 is also affected by this vulnerability, and
customers are encouraged to update to the freely available iSync 1.5
version, then apply Security Update 2005-004.  Credit to Braden
Thomas for reporting this issue.

Security Update 2005-004 may be obtained from the Software Update
pane in System Preferences, or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/

The download file is named:  "SecUpd2005-004Pan.dmg"
Its SHA-1 digest is:  5ef91d98b43ff8d139b2b18782487fc5d13eb21a

Information will also be posted to the Apple Product Security
web site:
http://docs.info.apple.com/article.html?artnum=61798

This message is signed with Apple's Product Security PGP key,
and details are available at:
http://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQEVAwUBQmWOkJyw5owIz4TQAQK5yAf+ONkSVIQ+r2h6rCtdQjaRzJq3kBlxyLSK
e8SYG+ptqM7u+T5awi1JUnF/yv7Mo1sdr3swcYEagWUmanKAZqeznq1Wzz25y8ci
vsVrWcO6Vm2w34eYg3+pjdGekQAL4E7YUtjZHf7S8sTjBwrPPB4tNsyUqv03vN/c
EDvPYdn6oBPHaTcvquDXJG/z8poM6jeBrwfMJ5p2lx4nLDKRRSqccSQfp7hMXrMf
qX7aFyD5TB+qJaJmv0zo1/cCOgopkhl/N5KOqGyAkyPSFfMqSRhx33UsRtq4JycZ
vsdghRIzL6oDbVq+VjFPqUlTOdOgwpLFnYDxHaTs+mvk2GhnmftVlA==
=TusL
-----END PGP SIGNATURE-----

_______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden


  • Prev by Date: APPLE-SA-2005-04-15 Mac OS X v10.3.9
  • Previous by thread: APPLE-SA-2005-04-15 Mac OS X v10.3.9
  • Index(es):
    • Date
    • Thread