libc
This patch only affects users of Mac OS X v10.4.11, Mac OS X Server v10.4.11. The update addresses a vulnerability in CVE-2008-0988. A remote attacker may be able to cause a certificate to appear trusted. According to Apple: "An off by one issue exists in Libsystem's strnstr(3) implementation. Applications that use the strnstr API can read one byte beyond the limit specified by the user, which may lead to an unexpected application termination. This update addresses the issue through improved bounds checking. This issue does not affect systems running Mac OS X v10.5 or later." Apple credits Mike Ash of Rogue Amoeba Software for reporting this vulnerability.
mDNSResponder
This patch affects users of Mac OS X v10.5.2, Mac OS X Server v10.5.2. The update addresses a vulnerability in CVE-2008-0989. Apple says "a format string issue exists in mDNSResponderHelper. By setting the local hostname to a maliciously crafted string, a local user could cause a denial of service or arbitrary code execution with the privileges of mDNSResponderHelper. This update addresses the issue by using a static format string. This issue does not affect systems prior to Mac OS X v10.5".
notifyd
This patch only affects users of Mac OS X v10.4.11, Mac OS X Server v10.4.11 and addresses a vulnerability in CVE-2008-0990. Apple says "notifyd accepts Mach port death notifications without verifying that they come from the kernel. If a local user sends fake Mach port death notifications to notifyd, applications that use the
notify(3) API to register for notifications may never receive the notifications. This update addresses the issue by only accepting Mach port death notifications from the kernel. This issue does not affect systems running Mac OS X v10.5 or later".
OpenSSH
This patch affects users of Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.2, and Mac OS X Server v10.5.2. The update addresses a vulnerability in CVE-2007-4752. Apple says "OpenSSH forwards a trusted X11 cookie when it cannot create an untrusted one. This may allow a remote attacker to gain elevated privileges. This update addresses the issue by updating OpenSSH to version 4.7".
pax archive utility
This patch affects users of Mac OS X v10.5.2 and Mac OS X Server v10.5.2. The update addresses a vulnerability in CVE-2008-0992. Apple says "the pax command line tool does not check a length in its input before using it as an array index, which may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by checking the index. This issue does not affect systems prior to Mac OS X v10.5".
PHP
This patch affects users of Mac OS X v10.5.2, Mac OS X Server v10.5.2. The update addresses a vulnerabilities in CVE-2007-1659, CVE-2007-1660, CVE-2007-1661, CVE-2007-1662, CVE-2007-4766, CVE-2007-4767, CVE-2007-4768, CVE-2007-4887. Apple says: "PHP is updated to version 5.2.5 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution."
PHP
This patch affects users of Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X Server v10.5.2. The addresses a vulnerability in CVE-2007-3378 and CVE-2007-3799. Apple says: "PHP is updated to version 4.4.8 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution."
Podcast Producer
This patch affects users of Mac OS X v10.5.2, Mac OS X Server v10.5.2. The update addresses the vulnerability in CVE-2008-0993. Apple says "the Podcast Capture application provides passwords to a subtask through the arguments, potentially exposing the passwords to other local users. This update corrects the issue by providing passwords to the subtask through a pipe. This issue does not affect systems prior to Mac OS X v10.5". Apple credits Maximilian Reiss of Chair for Applied Software Engineering, TUM for reporting this issue.
Preview
This patch affects users of Mac OS X v10.5.2 and Mac OS X Server v10.5.2 and addresses the vulnerability in CVE-2008-0994. Apple says "when Preview saves a PDF file with encryption, it uses 40-bit RC4. This encryption algorithm may be broken with significant but readily available computing power. A person with access to the file may apply a brute-force technique to view it. This update enhances the encryption to 128-bit RC4".
Printing
This patch affects users of Mac OS X v10.5.2, Mac OS X Server v10.5.2. The update addresses a vulnerability in CVE-2008-0995. Apple says: " Printing to a PDF file and setting an 'open' password uses 40-bit RC4. This encryption algorithm may be broken with significant but readily available computing power. A person with access to the file may apply a brute-force technique to view it. This update enhances the encryption to 128-bit RC4. This issue does not affect systems prior to Mac OS X v10.5."
Printing
This patch affects users of Mac OS X v10.5.2 and Mac OS X Server v10.5.2. The update addresses a vulnerability in CVE-2008-0996. Apple says: "An information disclosure issue exists in the handling of authenticated print queues. When starting a job on an authenticated print queue, the credentials used for authentication may be saved to disk. This update addresses the issue by removing user credentials from printing presets before saving them to disk. This issue does not affect systems prior to Mac OS X v10.5."
System Configuration
This patch affects users of Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.2, Mac OS X Server v10.5.2. The update addresses the vulnerability in CVE-2008-0998. Apple says: "The privileged tool NetCfgTool uses distributed objects to communicate with untrusted client programs on the local machine.
By sending a maliciously crafted message, a local user can bypass the authorization step and may cause arbitrary code execution with the privileges of the privileged program."
UDF
This patch affects users of Mac OS X v10.5.2 and Mac OS X Server v10.5.2. The update addresses the vulnerability in CVE-2008-0999. Apple says: "A null pointer dereference issue exists in the handling of Universal Disc Format (UDF) file systems. By enticing a user to open a maliciously crafted disk image, an attacker may cause an unexpected system shutdown. This update addresses the issue through improved validation of UDF file systems. This issue does not affect systems prior to Mac OS X v10.5." Apple credits to Paul Wagland of Redwood Software, and Wayne Linder of Iomega for reporting this vulnerability.
X11
This patch affects users of Mac OS X v10.5.2, Mac OS X Server v10.5.2 and addresses the vulnerability in CVE-2008-1000. Apple says " A path traversal issue exists in the Mac OS X v10.5 Server Wiki Server. Attackers with access to edit wiki content may upload files that leverage this issue to place content wherever the wiki server can write, which may lead to arbitrary code execution with the privileges of the wiki server. This update addresses the issue through improved file name handling. This issue does not affect systems prior to Mac OS X v10.5. Apple credits to Rodrigo Carvalho, from the Core Security Consulting Services (CSC) team of CORE Security Technologies for reporting this vulnerability.
X11
This patch affects users of Mac OS X v10.4.11 and Mac OS X Server v10.4.11 and addresses the vulnerabilities in CVE-2007-4568 and CVE-2007-4990. Apple says "multiple vulnerabilities exist in X11 X Font Server
(XFS) 1.0.4, the most serious of which may lead to arbitrary code execution. This update addresses the issue by updating to version 1.0.5".
X11
This patch affects users of Mac OS X v10.5.2 and Mac OS X Server v10.5.2 and addresses the vulnerability in CVE-2006-3334, CVE-2006-5793, CVE-2007-2445, CVE-2007-5266, CVE-2007-5267, CVE-2007-5268, and CVE-2007-5269. Apple says: "The PNG reference library (libpng) is updated to version 1.2.24 tp address several vulnerabilities, the most serious of which may lead to a remote denial of service or arbitrary code execution.
X11
This patch affects users of Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.2, and Mac OS X Server v10.5.2 and addresses the vulnerability in CVE-2007-5958, CVE-2008-0006, CVE-2007-6427, CVE-2007-6428, and CVE-2007-6429. Apple says: "Numerous vulnerabilities in the X11 server allow execution of arbitrary code with the privileges of the user running the X11 server if the attacker can authenticate to the X11 server.
This is a security vulnerability only if the X11 server is configured to not require authentication, which Apple does not recommend."
This article was first published as a blog on CNET News.com.
Play video
» Achieve enhanced server performance with energy-efficient blade technology
There are currently no comments for this post.