• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
APPLE-SA-2015-04-24-1 OS X Server v4.1
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

APPLE-SA-2015-04-24-1 OS X Server v4.1


  • Subject: APPLE-SA-2015-04-24-1 OS X Server v4.1
  • From: Apple Product Security <email@hidden>
  • Date: Fri, 24 Apr 2015 17:12:33 -0700

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2015-04-24-1 OS X Server v4.1

OS X Server v4.1 is now available and addresses the following:

Dovecot
Available for:  OS X Yosemite v10.10 or later
Impact:  An attacker may be able to decrypt data protected by SSL
Description:  There are known attacks on the confidentiality of SSL
3.0 when a cipher suite uses a block cipher in CBC mode. An attacker
could force the use of SSL 3.0, even when the server would support a
better TLS version, by blocking TLS 1.0 and higher connection
attempts. This issue was addressed by disabling SSL 3.0 support in
Dovecot.
CVE-ID
CVE-2014-3566

Firewall
Available for:  OS X Yosemite v10.10 or later
Impact:  Custom firewall rules may not be enforced
Description:  An incorrect path was referenced in the firewall
configuration files. This issue was addressed by correcting the path
to point to the correct configuration file.
CVE-ID
CVE-2015-1150 : Phil Schumm of the Research Computing Group,
University of Chicago

Postfix
Available for:  OS X Yosemite v10.10 or later
Impact:  An attacker may be able to decrypt data protected by SSL
Description:  There are known attacks on the confidentiality of SSL
3.0 when a cipher suite uses a block cipher in CBC mode. An attacker
could force the use of SSL 3.0, even when the server would support a
better TLS version, by blocking TLS 1.0 and higher connection
attempts. This issue was addressed by disabling SSL 3.0 support in
Postfix.
CVE-ID
CVE-2014-3566

Wiki Server
Available for:  OS X Yosemite v10.10 or later
Impact:  Access controls may not be enforced on mobile devices
Description:  Access controls for the Activity and People wiki pages
were not enforced on iPad clients. This issue was addressed by
improving access control verification.
CVE-ID
CVE-2015-1151


OS X Server v4.1 may be obtained from the Mac App Store.

Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----

iQIcBAEBAgAGBQJVOto4AAoJEBcWfLTuOo7tQgAP/j+6Sm5O9t4BMxCcn0Tg69Sp
e5IkAioYRWkikHuhPgLXgn9vtwNprKYCqbhxseDAHSxqOFfcSlxf59ncc/Ge8fIS
rRCGENY9PDBcfZbeufi6mNfhmPdQ8u+9oc1mgY9kNHrny96TuNzJlrro3qii20S4
Kp/dJjFAD3mYqM+4LeUsk/+zlGC5F13DlRrp7EQBc26MvyEtJfyYiytjK/P3vfmN
bgA7n4RypERmogswT8yZwpEBqTn12tNYgwQMHhvleS1w4//TFnmgmPUlEP9OjVl4
5LpxleIhGa5ed/iWEU1vLSJ+hORgZZt0z9Gu51mud5QRMFy2ElySOb+d+QSSrAC6
QVvd5gFHWfQNh7r+GK31ACNLOCxzJ/sAcD7CYWKAm8XrKB+cL4/JUVeeK6ytF2p9
cKyqn1JraGKNJKyJ1QfCQApeaZTzPiOW8LrtIpQTJhuRu0HP0OqdZTBdIEmknGPh
xBjx46FrfxoUl6xKCuk59ciwWcHPOgySyWcUaufkIUv9X73/nMz45FXakaHUSvHz
cvdHVxJ1hHsCFPn113uXpBBMc46Fj+8a2A/Po6Hkn6a/2kYA6EPLqf9+Zpxjfm1o
ImXeYwQuqE4ZxCNV4Ld0/aw8abHk2UbKEpb4Ksbir0pBOc17QhV0PMmSve7qwlbv
BGtRTntDKK+qhJ/s12j2
=mqvD
-----END PGP SIGNATURE-----


 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden


  • Prev by Date: APPLE-SA-2015-04-21-1 OS X: Flash Player plug-in blocked
  • Previous by thread: APPLE-SA-2015-04-21-1 OS X: Flash Player plug-in blocked
  • Index(es):
    • Date
    • Thread