APPLE-SA-2011-01-06-1 Mac OS X v10.6.6
APPLE-SA-2011-01-06-1 Mac OS X v10.6.6
- Subject: APPLE-SA-2011-01-06-1 Mac OS X v10.6.6
- From: Apple Product Security <email@hidden>
- Date: Thu, 6 Jan 2011 08:27:15 -0800
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2011-01-06-1 Mac OS X v10.6.6
Mac OS X v10.6.6 is now available and addresses the following:
PackageKit
CVE-ID: CVE-2010-4013
Available for: Mac OS X v10.6 through v10.6.5,
Mac OS X Server v10.6 through v10.6.5
Impact: A man-in-the-middle attacker may be able to cause an
unexpected application termination or arbitrary code execution
Description: A format string issue exists in PackageKit's handling
of distribution scripts. A man-in-the-middle attacker may be able to
cause an unexpected application termination or arbitrary code
execution when Software Update checks for new updates. This issue is
addressed through improved validation of distribution scripts. This
issue does not affect systems prior to Mac OS X v10.6. Credit to
Aaron Sigel of vtty.com for reporting this issue.
Mac OS X Server v10.6.6 may be obtained from the Software Update
pane in System Preferences, or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/
For Mac OS X v10.6.5
The download file is named: MacOSXUpd10.6.6.dmg
Its SHA-1 digest is: 299d22132bebdab229be531e169d65a88f4736c9
For Mac OS X v10.6 - v10.6.4
The download file is named: MacOSXUpdCombo10.6.6.dmg
Its SHA-1 digest is: 868768cbc88db1895161f74030e98e8ce2303151
For Mac OS X Server v10.6.5
The download file is named: MacOSXServerUpd10.6.6.dmg
Its SHA-1 digest is: 2f202fcbe27fa54ddd2fb8aaa5b4aa9b055301e2
For Mac OS X Server v10.6 - v10.6.4
The download file is named: MacOSXServUpdCombo10.6.6.dmg
Its SHA-1 digest is: 3d051d91a8ffe4d25b95378eb7385e94a64fc71c
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (Darwin)
iQEcBAEBAgAGBQJNJeeXAAoJEGnF2JsdZQeeV7UIAJTPFZz+mQMIdlrS7TlRpsdv
Hvz3O/9sj/czbpBs/EcAIk75vRNcGqI/NYCAbf+5VNHt8ALuJkXuRidIjIPvy8sV
Sq7tiNRySzD2kzjCvFXxqcWRewsfD1JWtPoV6HgL6PAHZF7KEQfCH54UI/Ka8h3U
XAoRRXWhKdDuBsO0W2mJFrZEwgihb3aetY1SHYX2yX9K1ccVy29vznAfWTKNeS3w
z4MBJV9OdufqpJEEe6sWC4zpZgiCBkDvNgxYujRoJYPujOajvb94HeBkl3hnSsLV
9X02Y/VQ0VRWPxtCCnIwbvXyv7A5AR/BeDX56fxNIyrJHNE65vIOjM+um5EmVPo=
=eHtZ
-----END PGP SIGNATURE-----
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden