APPLE-SA-2015-04-24-1 OS X Server v4.1
APPLE-SA-2015-04-24-1 OS X Server v4.1
- Subject: APPLE-SA-2015-04-24-1 OS X Server v4.1
- From: Apple Product Security <email@hidden>
- Date: Fri, 24 Apr 2015 17:12:33 -0700
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2015-04-24-1 OS X Server v4.1
OS X Server v4.1 is now available and addresses the following:
Dovecot
Available for: OS X Yosemite v10.10 or later
Impact: An attacker may be able to decrypt data protected by SSL
Description: There are known attacks on the confidentiality of SSL
3.0 when a cipher suite uses a block cipher in CBC mode. An attacker
could force the use of SSL 3.0, even when the server would support a
better TLS version, by blocking TLS 1.0 and higher connection
attempts. This issue was addressed by disabling SSL 3.0 support in
Dovecot.
CVE-ID
CVE-2014-3566
Firewall
Available for: OS X Yosemite v10.10 or later
Impact: Custom firewall rules may not be enforced
Description: An incorrect path was referenced in the firewall
configuration files. This issue was addressed by correcting the path
to point to the correct configuration file.
CVE-ID
CVE-2015-1150 : Phil Schumm of the Research Computing Group,
University of Chicago
Postfix
Available for: OS X Yosemite v10.10 or later
Impact: An attacker may be able to decrypt data protected by SSL
Description: There are known attacks on the confidentiality of SSL
3.0 when a cipher suite uses a block cipher in CBC mode. An attacker
could force the use of SSL 3.0, even when the server would support a
better TLS version, by blocking TLS 1.0 and higher connection
attempts. This issue was addressed by disabling SSL 3.0 support in
Postfix.
CVE-ID
CVE-2014-3566
Wiki Server
Available for: OS X Yosemite v10.10 or later
Impact: Access controls may not be enforced on mobile devices
Description: Access controls for the Activity and People wiki pages
were not enforced on iPad clients. This issue was addressed by
improving access control verification.
CVE-ID
CVE-2015-1151
OS X Server v4.1 may be obtained from the Mac App Store.
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIcBAEBAgAGBQJVOto4AAoJEBcWfLTuOo7tQgAP/j+6Sm5O9t4BMxCcn0Tg69Sp
e5IkAioYRWkikHuhPgLXgn9vtwNprKYCqbhxseDAHSxqOFfcSlxf59ncc/Ge8fIS
rRCGENY9PDBcfZbeufi6mNfhmPdQ8u+9oc1mgY9kNHrny96TuNzJlrro3qii20S4
Kp/dJjFAD3mYqM+4LeUsk/+zlGC5F13DlRrp7EQBc26MvyEtJfyYiytjK/P3vfmN
bgA7n4RypERmogswT8yZwpEBqTn12tNYgwQMHhvleS1w4//TFnmgmPUlEP9OjVl4
5LpxleIhGa5ed/iWEU1vLSJ+hORgZZt0z9Gu51mud5QRMFy2ElySOb+d+QSSrAC6
QVvd5gFHWfQNh7r+GK31ACNLOCxzJ/sAcD7CYWKAm8XrKB+cL4/JUVeeK6ytF2p9
cKyqn1JraGKNJKyJ1QfCQApeaZTzPiOW8LrtIpQTJhuRu0HP0OqdZTBdIEmknGPh
xBjx46FrfxoUl6xKCuk59ciwWcHPOgySyWcUaufkIUv9X73/nMz45FXakaHUSvHz
cvdHVxJ1hHsCFPn113uXpBBMc46Fj+8a2A/Po6Hkn6a/2kYA6EPLqf9+Zpxjfm1o
ImXeYwQuqE4ZxCNV4Ld0/aw8abHk2UbKEpb4Ksbir0pBOc17QhV0PMmSve7qwlbv
BGtRTntDKK+qhJ/s12j2
=mqvD
-----END PGP SIGNATURE-----
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden