APPLE-SA-2013-10-22-5 OS X Server 3.0
APPLE-SA-2013-10-22-5 OS X Server 3.0
- Subject: APPLE-SA-2013-10-22-5 OS X Server 3.0
- From: Apple Product Security <email@hidden>
- Date: Tue, 22 Oct 2013 15:17:02 -0700
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2013-10-22-5 OS X Server 3.0
OS X Server 3.0 is now available and addresses
the following:
Profile Manager
Available for: OS X Mavericks v10.9 or later
Impact: A remote attacker may be able to cause a denial of service
Description: The JSON Ruby Gem permanently allocated memory when
parsing certain constructs in its input. An attacker could exploit
this to use all available memory leading to a denial of service. This
issue was addressed through additional validation of JSON data.
CVE-ID
CVE-2013-0269
Profile Manager
Available for: OS X Mountain Lion v10.9 or later
Impact: Multiple issues in Ruby on Rails
Description: Multiple issues existed in Ruby on Rails, the most
serious of which may lead to cross site scripting. These issues were
addressed by updating the Rails implementation used by Profile
Manager to version 2.3.18.
CVE-ID
CVE-2013-1854
CVE-2013-1855
CVE-2013-1856
CVE-2013-1857
FreeRADIUS
Available for: OS X Mavericks v10.9 or later
Impact: A remote attacker may be able to cause a denial of service
or arbitrary code execution
Description: A buffer overflow existed in FreeRADIUS when parsing
the 'not after' timestamp in a client certificate, when using TLS-
based EAP methods. This issue was addressed by updating FreeRADIUS to
version 2.2.0.
CVE-ID
CVE-2012-3547
Server App
Available for: OS X Mavericks v10.9 or later
Impact: Server may use a fallback certificate during authentication
Description: A logic issue existed whereby the RADIUS service could
choose an incorrect certificate from the list of configured
certificates. The issue was addressed by using the same certificate
as other services.
CVE-ID
CVE-2013-5143 : Arek Dreyer of Dreyer Network Consultants, Inc.
OS X Server 3.0 may be obtained from Mac App Store.
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJSZvgDAAoJEPefwLHPlZEw5n0P/RSy2GvJ0DS4hV1UjjKw0pjQ
WQTTRm5mJDiCYOFiLVKULS2a8+LWtSb5stTV5bYr4U3N9STqwcH5So8ZAN+XOkIg
qPYebAYU37jtb/mjch6Eh7r1Wr1/EpJ5dp1mcqJLjRmjKi/YxLPm8HDGCWzMyjHY
WExYyCuHzgi8fsqpSFeqJaNvoiwoHk7KLRrUDGQNnj/tj2ZMZ8ik3qw8GpgwNAFK
q6P9iHTjfcreBUs3Z74XJRQciqZzSBL3Gwzk1g4mOIZ3gyauQStGPmU+nVAiKFRm
cMG4N8+33kml9cdZUvncGrzuvVLvA3sks0eQ9n6zvibiey+1Xrh0ZZaEaVPGfpWL
S7H7oBx7cNcmH945LnPKRzxEmlvDgNtlXAJvQyBM88dW3QS1Dy6H9yDFfzmra8Nl
DaHNTbD8x1RRdYgg+L7ca3AUbEqhTPmNgZWlgEPCDaVorSXElOndUKli6bQq0klg
uNglegmJ4VIlWSmRQOOKZi4v3qcYp9vb2Xf38JlsNBdbEFtXVJkeyixT33A2Lvlm
EC1wr/Rg5Rj4QkQDFw+zLJsFH27GwPV0i/GaNsgof243hONiC81oQI1WPd20u66A
Zn5XBZn6cO0zLL/vaMFuNaBJIxtW/YdcZPRurWele8kDZgPku9yqF/LI/oYowINu
Bk9+Uo1Yl/u27TRmTnDv
=w5wB
-----END PGP SIGNATURE-----
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden