Mailing Lists: Apple Mailing Lists
Image of Mac OS face in stamp
APPLE-SA-2015-04-24-1 OS X Server v4.1
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

APPLE-SA-2015-04-24-1 OS X Server v4.1



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2015-04-24-1 OS X Server v4.1

OS X Server v4.1 is now available and addresses the following:

Dovecot
Available for:  OS X Yosemite v10.10 or later
Impact:  An attacker may be able to decrypt data protected by SSL
Description:  There are known attacks on the confidentiality of SSL
3.0 when a cipher suite uses a block cipher in CBC mode. An attacker
could force the use of SSL 3.0, even when the server would support a
better TLS version, by blocking TLS 1.0 and higher connection
attempts. This issue was addressed by disabling SSL 3.0 support in
Dovecot.
CVE-ID
CVE-2014-3566

Firewall
Available for:  OS X Yosemite v10.10 or later
Impact:  Custom firewall rules may not be enforced
Description:  An incorrect path was referenced in the firewall
configuration files. This issue was addressed by correcting the path
to point to the correct configuration file.
CVE-ID
CVE-2015-1150 : Phil Schumm of the Research Computing Group,
University of Chicago

Postfix
Available for:  OS X Yosemite v10.10 or later
Impact:  An attacker may be able to decrypt data protected by SSL
Description:  There are known attacks on the confidentiality of SSL
3.0 when a cipher suite uses a block cipher in CBC mode. An attacker
could force the use of SSL 3.0, even when the server would support a
better TLS version, by blocking TLS 1.0 and higher connection
attempts. This issue was addressed by disabling SSL 3.0 support in
Postfix.
CVE-ID
CVE-2014-3566

Wiki Server
Available for:  OS X Yosemite v10.10 or later
Impact:  Access controls may not be enforced on mobile devices
Description:  Access controls for the Activity and People wiki pages
were not enforced on iPad clients. This issue was addressed by
improving access control verification.
CVE-ID
CVE-2015-1151


OS X Server v4.1 may be obtained from the Mac App Store.

Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----

iQIcBAEBAgAGBQJVOto4AAoJEBcWfLTuOo7tQgAP/j+6Sm5O9t4BMxCcn0Tg69Sp
e5IkAioYRWkikHuhPgLXgn9vtwNprKYCqbhxseDAHSxqOFfcSlxf59ncc/Ge8fIS
rRCGENY9PDBcfZbeufi6mNfhmPdQ8u+9oc1mgY9kNHrny96TuNzJlrro3qii20S4
Kp/dJjFAD3mYqM+4LeUsk/+zlGC5F13DlRrp7EQBc26MvyEtJfyYiytjK/P3vfmN
bgA7n4RypERmogswT8yZwpEBqTn12tNYgwQMHhvleS1w4//TFnmgmPUlEP9OjVl4
5LpxleIhGa5ed/iWEU1vLSJ+hORgZZt0z9Gu51mud5QRMFy2ElySOb+d+QSSrAC6
QVvd5gFHWfQNh7r+GK31ACNLOCxzJ/sAcD7CYWKAm8XrKB+cL4/JUVeeK6ytF2p9
cKyqn1JraGKNJKyJ1QfCQApeaZTzPiOW8LrtIpQTJhuRu0HP0OqdZTBdIEmknGPh
xBjx46FrfxoUl6xKCuk59ciwWcHPOgySyWcUaufkIUv9X73/nMz45FXakaHUSvHz
cvdHVxJ1hHsCFPn113uXpBBMc46Fj+8a2A/Po6Hkn6a/2kYA6EPLqf9+Zpxjfm1o
ImXeYwQuqE4ZxCNV4Ld0/aw8abHk2UbKEpb4Ksbir0pBOc17QhV0PMmSve7qwlbv
BGtRTntDKK+qhJ/s12j2
=mqvD
-----END PGP SIGNATURE-----


 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden




Visit the Apple Store online or at retail locations.
1-800-MY-APPLE

Contact Apple | Terms of Use | Privacy Policy

Copyright © 2011 Apple Inc. All rights reserved.