BetaONE will rise again!

BetaONE will rise again! (http:\\b1.hcanet.com\forum/index.php)
-   NeoWin News (http:\\b1.hcanet.com\forum/forumdisplay.php?f=6)
-   -   Apple Releases Security Update 2005-001 for Mac OS X (http:\\b1.hcanet.com\forum/showthread.php?t=15532)

NewsBot 27th Jan 05 09:00 AM
Apple Releases Security Update 2005-001 for Mac OS X
 
Apple Computer released a security update for mac owners today to fix seven exploits in Mac OS X.

The update fixes a variety of problems in OS X, including ColorSync, Libxm2, Mail, PHP, Safari, and Sendmail; click read more for an extensive list of the problems and respective fixes.

Users of Mac OS X v10.2.8 Client and Server as well as Mac OSX v10.3.7 Client and Server can update their OS via Software Update preferences, or from Apple Downloads.

View: More Information On Vulnerabilites
Download: Security Update 2005-001 for Mac OSX 1.0.2.8 Client / Mac OSX 1.0.2.8 Server
Download: Security Update 2005-001 for Mac OSX 1.0.3.7 Client / Mac OSX 1.0.3.7 Server
View: Apple Computer


at commands
Problem: The "at" family of commands did not properly drop privileges. This could allow a local user to remove files not owned by them, run programs with added privileges, or read the contents of normally unreadable files.

Affecting: Mac OS X v10.3.7, Mac OS X Server v10.3.7

ColorSync
Problem: An out-of-specification or improperly embedded ICC color profile could overwrite the program heap and allow arbitrary code execution.

Affecting: Mac OS X v10.3.7, Mac OS X Server v10.3.7, Mac OS X v10.2.8, Mac OS X Server v10.2.8

libxml2
Problem: The libxml2 library contains unsafe code that may be exploited in applications linked against it.

Affecting: Mac OS X v10.3.7, Mac OS X Server v10.3.7

Mail
Problem: A GUUID containing an identifier associated with the Ethernet networking hardware was used in the construction of an RFC-822 required Message-ID header.

Affecting: Mac OS X v10.3.7 Client, Mac OS X Server v10.3.7

PHP
Problem: Multiple vulnerabilities in PHP, including remote denial of service and execution of arbitrary code.

Affecting: Mac OS X v10.3.7, Mac OS X Server v10.3.7, Mac OS X v10.2.8, Mac OS X Server v10.2.8

Safari
Problem: When Safari's "Block Pop-Up Windows" feature is not enabled, a malicious pop-up window could appear as being from a trusted site.

Affecting: Mac OS X v10.3.7, Mac OS X Server v10.3.7, Mac OS X v10.2.8, Mac OS X Server v10.2.8

SquirrelMail
Problem: A cross-site scripting vulnerability in SquirrelMail allowed email messages to contain content that would be rendered by a user's web browser.

Affecting: Mac OS X Server 10.3.7

News source: Neowin
Full story: View Here


All times are GMT +1. The time now is 05:25 AM.

Powered by vBulletin® Version 3.6.5
Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.