[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
Subject: US-CERT Technical Cyber Security Alert TA08-043B -- Apple Updates for Multiple Vulnerabilities
From: CERT Advisory <
Date: Tue, 12 Feb 2008 14:29:44 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
National Cyber Alert System
Technical Cyber Security Alert TA08-043B
Apple Updates for Multiple Vulnerabilities
Original release date: February 12, 2008
Last revised: --
Source: US-CERT
Systems Affected
* Apple Mac OS X versions prior to and including 10.4.11 and 10.5.1
* Apple Mac OS X Server versions prior to and including 10.4.11 and
10.5.1
These vulnerabilities affect both Intel and PowerPC platforms
Overview
Apple has released Security Update 2008-001 and OS X version 10.5.2 to
correct multiple vulnerabilities affecting Apple Mac OS X and Mac OS X
Server. Attackers could exploit these vulnerabilities to execute
arbitrary code, gain access to sensitive information, or cause a
denial of service.
I. Description
Apple Security Update 2008-001 and Apple Mac OS X version 10.5.2
address a number of vulnerabilities affecting Apple Mac OS X and OS X
Server versions prior to and including 10.4.11 and 10.5.1. Further
details are available in the US-CERT Vulnerability Notes Database.
The update also addresses vulnerabilities in other vendors' products
that ship with Apple OS X or OS X Server. These products include Samba
and X11.
II. Impact
The impacts of these vulnerabilities vary. Potential consequences
include arbitrary code execution, sensitive information disclosure,
and denial of service.
III. Solution
Install updates from Apple
Install Apple Security Update 2008-001 or Apple Mac OS X version
10.5.2. These and other updates are available via Software Update or
via Apple Downloads.
IV. References
* US-CERT Vulnerability Notes for Apple Security Update 2008-001 -
<http://www.kb.cert.org/vuls/byid?searchview&query=apple_security_update_2008_001>
* About the security content of Mac OS X 10.5.2 and Security Update2008-001 -
<http://docs.info.apple.com/article.html?artnum=307430>
* About the Mac OS X 10.5.2 Update -
<http://docs.info.apple.com/article.html?artnum=307109>
* Mac OS X: Updating your software -
<http://docs.info.apple.com/article.html?artnum=106704>
* Apple - Support - Downloads -
<http://www.apple.com/support/downloads/>
* X.org Foundataion Security Advisories -
<http://www.x.org/wiki/Development/Security>
* Samba Security Releases -
<http://www.samba.org/samba/history/security.html>
____________________________________________________________________
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA08-043B.html>
____________________________________________________________________
Feedback can be directed to US-CERT Technical Staff. Please send
email to <This email address is being protected from spambots. You need JavaScript enabled to view it. > with "TA08-043B Feedback VU#774345" in the
subject.
____________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________
Produced 2008 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
February 12, 2008: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBR7HyXPRFkHkM87XOAQLgawf/WfBp5mjT+DZriprWRqe1HM4Z9SSe/5Dg
jMgSlX1j/YJC7FgZfjJvriQ+yXeOnhwvKggfTbkJWej+0AeRbyIUFWD/ZTh2Qylp
/1vBehJW9nhT2yMT65/gT/MnbArN11AILkfSGr4W6xLPMR2zq0HsrP2SxYlAVkSO
PPlo0KhWWATcjHjJEacdmry4fR6iv6xA0gFjWN6i18VX5LSMOEyO3LpDt+Rk8fet
r7Pwi/QEr/nipEEw8R8Jg9+LT8dqQL1t+yhTa5pV1rceuEb3Cz67paHAqRneldW9
SAl/TPznmYCCMHqyOfHdRBUVvOxI09OPjHYkf7ghv5e06LqbfVMZug==
=qwP5
-----END PGP SIGNATURE-----
| Powered by: | MHonArc  |