Home / mailings APPLE-SA-2008-03-18 Security Update 2008-002
Posted on 18 March 2008
Apple Security-announce-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2008-03-18 Security Update 2008-002
Security Update 2008-002 is now available and addresses the following
issues:
AFP Client
CVE-ID: CVE-2008-0044
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5.2, Mac OS X Server v10.5.2
Impact: Accessing a maliciously crafted afp:// URL may lead to an
application termination or arbitrary code execution
Description: Multiple stack buffer overflow issues exist in AFP
Client's handling of afp:// URLs. By enticing a user to connect to a
malicious AFP Server, an attacker may cause an unexpected application
termination or arbitrary code execution. This update addresses the
issues through improved bounds checking.
AFP Server
CVE-ID: CVE-2008-0045
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11
Impact: Cross-realm authentication with AFP Server may be bypassed
Description: An implementation issue exists in AFP Server's check of
Kerberos principal realm names. This may allow unauthorized
connections to the server, when cross-realm authentication with AFP
Server is used. This update addresses the issue by through improved
checks of Kerberos principal realm names. This issue does not affect
systems running Mac OS X v10.5 or later. Credit to Ragnar Sundblad of
KTH - Royal Institute of Technology, Stockholm, Sweden for reporting
this issue.
Apache
CVE-ID: CVE-2005-3352, CVE-2006-3747, CVE-2007-3847, CVE-2007-5000,
CVE-2007-6388
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X Server v10.5.2
Impact: Multiple vulnerabilities in Apache 1.3.33 and 1.3.39
Description: Apache is updated to version 1.3.41 to address several
vulnerabilities, the most serious of which may lead to arbitrary code
execution. Further information is available via the Apache web site
at http://httpd.apache.org For Mac OS X v10.5, Apache version 1.3.x
is only shipped on Server configurations. mod_ssl is also updated
from version 2.8.24 to 2.8.31 to match the upgraded Apache; no
security fixes are included in the update.
Apache
CVE-ID: CVE-2007-5000, CVE-2007-6203, CVE-2007-6388, CVE-2007-6421,
CVE-2008-0005
Available for: Mac OS X v10.5.2, Mac OS X Server v10.5.2
Impact: Multiple vulnerabilities in Apache 2.2.6
Description: Apache is updated to version 2.2.8 to address several
vulnerabilities, the most serious of which may lead to cross-site
scripting. Further information is available via the Apache web site
at http://httpd.apache.org
AppKit
CVE-ID: CVE-2008-0048
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11
Impact: Usage of the NSDocument API to may lead to arbitrary code
execution
Description: A stack buffer overflow exists in the NSDocument API's
handling of file names. On most file systems, this issue is not
exploitable. This update addresses the issue through improved bounds
checking. This issue does not affect systems running Mac OS X v10.5
or later.
AppKit
CVE-ID: CVE-2008-0049
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11
Impact: A local user may be able to execute arbitrary code with
system privileges
Description: A mach port in NSApplication intended for inter-thread
synchronization is unintentionally available for inter-process
communication. By sending maliciously crafted messages to privileged
applications in the same bootstrap namespace, a local user may cause
arbitrary code execution with the privileges of the target
application. This update addresses the issue by removing the mach
port in question and using another method to synchronize. This issue
does not affect systems running Mac OS X v10.5 or later.
AppKit
CVE-ID: CVE-2008-0057
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11
Impact: Visiting a maliciously crafted website may lead to arbitrary
code execution
Description: Multiple integer overflow vulnerabilities exist in the
parser for a legacy serialization format. By causing a maliciously
formatted serialized property list to be parsed, an attacker could
trigger a heap-based buffer overflow which may lead to arbitrary code
execution. This update addresses the issue by performing additional
validation of serialized input. This issue does not affect systems
running Mac OS X v10.5 or later.
AppKit
CVE-ID: CVE-2008-0997
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11
Impact: Querying a network printer may cause an unexpected
application termination or arbitrary code execution
Description: A stack based buffer overflow exists in AppKit's
handling of PPD files. By enticing a user to query a network printer,
an attacker may cause an unexpected application termination or
arbitrary code execution. This update addresses the issue through
improved handling of PPD files. This issue does not affect systems
running Mac OS X v10.5 or later.
Application Firewall
CVE-ID: CVE-2008-0046
Available for: Mac OS X v10.5.2, Mac OS X Server v10.5.2
Impact: The German translation of the Application Firewall
preference pane was misleading
Description: The "Set access for specific services and applications"
radio button of the Application Firewall preference pane was
translated into German as "Zugriff auf bestimmte Dienste und
Programme festlegen", which is "Set access to specific services and
applications". This might lead a user to believe that the listed
services were the only ones that would be permitted to accept
incoming connections. This update addresses the issue by changing the
German text to semantically match the English text. This issue does
not affect systems prior to Mac OS X v10.5.
CFNetwork
CVE-ID: CVE-2008-0050
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11
Impact: A malicious proxy server may spoof secure websites
Description: A malicious HTTPS proxy server may return arbitrary
data to CFNetwork in a 502 Bad Gateway error. A malicious proxy
server could use this to spoof secure websites. This update addresses
the issue by returning an error on any proxy error, instead of
returning the proxy-supplied data. This issue is already addressed in
systems running Mac OS X v10.5.2.
ClamAV
CVE-ID: CVE-2007-3725, CVE-2007-4510, CVE-2007-4560, CVE-2007-5759,
CVE-2007-6335, CVE-2007-6336, CVE-2007-6337, CVE-2008-0318,
CVE-2008-0728
Available for: Mac OS X Server v10.5.2
Impact: Multiple vulnerabilities in ClamAV 0.90.3
Description: Multiple vulnerabilities exist in ClamAV 0.90.3
provided with Mac OS X Server v10.5 systems, the most serious of
which may lead to arbitrary code execution. This update addresses the
issue by updating to ClamAV 0.92.1. Further information is available
via the ClamAV website at www.clamav.net
ClamAV
CVE-ID: CVE-2006-6481, CVE-2007-1745, CVE-2007-1997, CVE-2007-3725,
CVE-2007-4510, CVE-2007-4560, CVE-2007-0897, CVE-2007-0898,
CVE-2008-0318, CVE-2008-0728
Available for: Mac OS X Server v10.4.11
Impact: Multiple vulnerabilities in ClamAV 0.88.5
Description: Multiple vulnerabilities exist in ClamAV 0.88.5
provided with Mac OS X Server v10.4.11, the most serious of which may
lead to arbitrary code execution. This update addresses the issue by
updating to ClamAV 0.92.1. Further information is available via the
ClamAV website at www.clamav.net
CoreFoundation
CVE-ID: CVE-2008-0051
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11
Impact: A local user may be able to execute arbitrary code with
system privileges
Description: An integer overflow exists in CoreFoundation's handling
of time zone data. This may allow a local user to cause arbitrary
code execution with system privileges. This update addresses the
issue through improved bounds checking on time zone data files. This
issue does not affect systems running Mac OS X v10.5 or later.
CoreServices
CVE-ID: CVE-2008-0052
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11
Impact: Visiting a website could cause files to be opened in
AppleWorks
Description: Files with names ending in ".ief" can be automatically
opened in AppleWorks if Safari's "Open 'Safe' files" preference is
enabled. This is not the intended behavior and could lead to security
policy violations. This update addresses the issue by removing ".ief"
from the list of safe file types. This issue only affects systems
prior to Mac OS X v10.5 with AppleWorks installed.
CUPS
CVE-ID: CVE-2008-0596
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11
Impact: A remote attacker may be able to cause an unexpected
application termination if printer sharing is enabled
Description: A memory leak exists in CUPS. By sending a large number
of requests to add and remove shared printers, an attacker may be
able to cause a denial of service. This issue can not result in
arbitrary code execution. This update addresses the issue through
improved memory management. This issue does not affect systems prior
to Mac OS X v10.5.
CUPS
CVE-ID: CVE-2008-0047
Available for: Mac OS X v10.5.2, Mac OS X Server v10.5.2
Impact: A remote attacker may be able to cause an unexpected
application termination or arbitrary code execution if printer
sharing is enabled
Description: A heap buffer overflow exists in the CUPS interface's
processing of search expressions. If printer sharing is enabled, a
remote attacker may be able to cause an unexpected application
termination or arbitrary code execution with system privileges. If
printer sharing is not enabled, a local user may be able to gain
system privileges. This update addresses the issue by performing
additional bounds checking. This issue does not affect systems prior
to Mac OS X v10.5. Credit to regenrecht working with the VeriSign
iDefense VCP for reporting this issue.
CUPS
CVE-ID: CVE-2008-0053, CVE-2008-0882
Available for: Mac OS X v10.5.2, Mac OS X Server v10.5.2
Impact: Multiple vulnerabilities in CUPS may lead to an unexpected
application termination or arbitrary code execution with system
privileges
Description: Multiple input validation issues exist in CUPS, the
most serious of which may lead to arbitrary code execution with
system privileges. This update addresses the issues by updating to
CUPS 1.3.6. These issues do not affect systems prior to Mac OS X
v10.5.
curl
CVE-ID: CVE-2005-4077
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11
Impact: Running curl with a maliciously crafted URL may lead to an
unexpected application termination or arbitrary code execution
Description: A one byte buffer overflow exists in curl 7.13.1. By
enticing a user to run curl with a maliciously crafted URL, an
attacker may cause an unexpected application termination or arbitrary
code execution. This update addresses the issue by updating curl to
version 7.16.3. Crash Reporter was updated to match the curl changes.
This issue does not affect systems running Mac OS X v10.5 or later.
Emacs
CVE-ID: CVE-2007-6109
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5.2, Mac OS X Server v10.5.2
Impact: Format string vulnerability in Emacs Lisp may lead to an
unexpected application termination or possibly arbitrary code
execution
Description: A stack buffer overflow exists in Emacs' format
function. By exploiting vulnerable Emacs Lisp which allows an
attacker to provide a format string containing a large precision
value, an attacker may cause an unexpected application termination or
possibly arbitrary code execution. Further information on the patch
applied is available via the Savannah Emacs website at http://cvs.sav
annah.gnu.org/viewvc/emacs/emacs/src/editfns.c?r1=1.439.2.3&r2=1.439.
2.9&view=patch
Emacs
CVE-ID: CVE-2007-5795
Available for: Mac OS X v10.5.2, Mac OS X Server v10.5.2
Impact: Safe mode checks in Emacs may be bypassed
Description: A logic error in Emacs' hack-local-variable function
allows any local variable to be set, even if 'enable-local-variables'
is set to :safe. By enticing a user to load a file containing a
maliciously crafted local variables declaration, a local user may
cause an unauthorized modification of Emacs Lisp variables leading to
arbitrary code execution. This issue has been fixed through improved
:safe mode checks. The patch applied is available via the Savannah
Emacs website at http://cvs.savannah.gnu.org/viewvc/emacs/lisp/files.
el?r1=1.937&r2=1.938&sortby=date&root=emacs&view=patch This issue
does not affect systems prior to Mac OS X v10.5.
file
CVE-ID: CVE-2007-2799
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11
Impact: Running the file command on a maliciously crafted file may
lead to an unexpected application termination or arbitrary code
execution
Description: An integer overflow vulnerability exists in the file
command line tool, which may lead to an unexpected application
termination or arbitrary code execution. This update addresses the
issue through improved bounds checking. This issue does not affect
systems running Mac OS X v10.5 or later. Credit to Colin Percival of
the FreeBSD security team for reporting this issue.
Foundation
CVE-ID: CVE-2008-0054
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11
Impact: Usage of the NSSelectorFromString API may result in an
unexpected method being called
Description: An input validation issue exists in the
NSSelectorFromString API. Passing it a malformed selector name may
result in the return of an unexpected selector, which could lead to
an unexpected application termination or arbitrary code execution.
This update addresses the issue by performing additional validation
on the selector name. This issue does not affect systems running Mac
OS X v10.5 or later.
Foundation
CVE-ID: CVE-2008-0055
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11
Impact: A local user can interfere in other users' file operations
and may be able to obtain elevated privileges
Description: When performing a recursive file copying operation,
NSFileManager creates directories as world-writable, and only later
restricts the permissions. This creates a race condition during which
a local user can manipulate the directory and interfere in subsequent
operations. This may lead to a privilege escalation to that of the
application using t he API. This update addresses the issue by
creating directories with restrictive permissions. This issue does
not affect systems running Mac OS X v10.5 or later.
Foundation
CVE-ID: CVE-2008-0056
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11
Impact: Programs using the NSFileManager API could be manipulated to
execute arbitrary code
Description: A long pathname with an unexpected structure can expose
a stack buffer overflow vulnerability in NSFileManager. Presenting a
specially crafted path to a program using NSFileManager could lead to
the execution of arbitrary code. This update addresses the issue by
ensuring a properly sized destination buffer. This issue does not
affect systems running Mac OS X v10.5 or later.
Foundation
CVE-ID: CVE-2008-0058
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11
Impact: Visiting a maliciously crafted website may lead to a denial
of service or arbitrary code execution
Description: A thread race condition exists in NSURLConnection's
cache management, which can cause a deallocated object to receive
messages. Triggering this issue may lead to a denial of service, or
arbitrary code execution with the privileges of Safari or another
program using NSURLConnection. This update addresses the issue by
removing an unsynchronized caching operation. This issue does not
affect systems running Mac OS X v10.5 or later. Credit to Daniel
Jalkut of Red Sweater Software for reporting this issue.
Foundation
CVE-ID: CVE-2008-0059
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11
Impact: Processing an XML document may lead to an unexpected
application termination or arbitrary code execution
Description: A race condition exists in NSXML. By enticing a user to
process an XML file in an application which uses NSXML, an attacker
may cause an unexpected application termination or arbitrary code
execution. This update addresses the issue through improvements to
the error handling logic of NSXML. This issue does not affect systems
running Mac OS X v10.5 or later.
Help Viewer
CVE-ID: CVE-2008-0060
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5.2, Mac OS X Server v10.5.2
Impact: Accessing a maliciously crafted help: URL may lead to
arbitrary Applescript execution
Description: A malicious help:topic_list URL may insert arbitrary
HTML or JavaScript into the generated topic list page, which may
redirect to a Help Viewer help:runscript link that runs Applescript.
This update addresses the issue by performing HTML escaping on the
URL data used in help topic lists before building the generated page.
Credit to Brian Mastenbrook for reporting this issue.
Image Raw
CVE-ID: CVE-2008-0987
Available for: Mac OS X v10.5.2, Mac OS X Server v10.5.2
Impact: Viewing a maliciously crafted image may lead to an
unexpected application termination or arbitrary code execution
Description: A stack based buffer overflow exists in the handling of
Adobe Digital Negative (DNG) image files. By enticing a user to open
a maliciously crafted image file, an attacker may cause an unexpected
application termination or arbitrary code execution. This update
addresses the issue through improved validation of DNG image files.
This issue does not affect systems prior to Mac OS X v10.5. Credit to
Clint Ruoho of Laconic Security for reporting this issue.
Kerberos
CVE-ID: CVE-2007-5901, CVE-2007-5971, CVE-2008-0062, CVE-2008-0063
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5.2, Mac OS X Server v10.5.2
Impact: Multiple vulnerabilities in MIT Kerberos 5 may lead to an
unexpected application termination or arbitrary code execution with
system privileges
Description: Multiple memory corruption issues exist in MIT Kerberos
5, which may lead to an unexpected application termination or
arbitrary code execution with system privileges. Further information
on the issues and the patches applied is available via the MIT
Kerberos website at http://web.mit.edu/Kerberos/ CVE-2008-0062 and
CVE-2008-0063 do not affect systems running Mac OS X v10.5 or later.
CVE-2007-5901 does not affect systems prior to Mac OS X v10.4.
libc
CVE-ID: CVE-2008-0988
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11
Impact: Applications that use the strnstr API could be vulnerable to
a denial of service
Description: An off by one issue exists in Libsystem's strnstr(3)
implementation. Applications that use the strnstr API can read one
byte beyond the limit specified by the user, which may lead to an
unexpected application termination. This update addresses the issue
through improved bounds checking. This issue does not affect systems
running Mac OS X v10.5 or later. Credit to Mike Ash of Rogue Amoeba
Software for reporting this issue.
mDNSResponder
CVE-ID: CVE-2008-0989
Available for: Mac OS X v10.5.2, Mac OS X Server v10.5.2
Impact: A local user may be able to execute arbitrary code with
system privileges
Description: A format string issue exists in mDNSResponderHelper. By
setting the local hostname to a maliciously crafted string, a local
user could cause a denial of service or arbitrary code execution with
the privileges of mDNSResponderHelper. This update addresses the
issue by using a static format string. This issue does not affect
systems prior to Mac OS X v10.5.
notifyd
CVE-ID: CVE-2008-0990
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11
Impact: A local user may be able to deny access to notifications
Description: notifyd accepts Mach port death notifications without
verifying that they come from the kernel. If a local user sends fake
Mach port death notifications to notifyd, applications that use the
notify(3) API to register for notifications may never receive the
notifications. This update addresses the issue by only accepting Mach
port death notifications from the kernel. This issue does not affect
systems running Mac OS X v10.5 or later.
OpenSSH
CVE-ID: CVE-2007-4752
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5.2, Mac OS X Server v10.5.2
Impact: A remote attacker may be able to execute arbitrary code with
elevated privileges
Description: OpenSSH forwards a trusted X11 cookie when it cannot
create an untrusted one. This may allow a remote attacker to gain
elevated privileges. This update addresses the issue by updating
OpenSSH to version 4.7. Further information is available via the
OpenSSH website at http://www.openssh.org/txt/release-4.7
pax archive utility
CVE-ID: CVE-2008-0992
Available for: Mac OS X v10.5.2, Mac OS X Server v10.5.2
Impact: Running the pax command on a maliciously crafted archive may
lead to arbitrary code execution
Description: The pax command line tool does not check a length in
its input before using it as an array index, which may lead to an
unexpected application termination or arbitrary code execution. This
update addresses the issue by checking the index. This issue does not
affect systems prior to Mac OS X v10.5.
PHP
CVE-ID: CVE-2007-1659, CVE-2007-1660, CVE-2007-1661, CVE-2007-1662,
CVE-2007-4766, CVE-2007-4767, CVE-2007-4768, CVE-2007-4887
Available for: Mac OS X v10.5.2, Mac OS X Server v10.5.2
Impact: Multiple vulnerabilities in PHP 5.2.4
Description: PHP is updated to version 5.2.5 to address multiple
vulnerabilities, the most serious of which may lead to arbitrary code
execution. Further information is available via the PHP website at
http://www.php.net/ PHP version 5.2.x is only provided with Mac OS X
v10.5 systems.
PHP
CVE-ID: CVE-2007-3378, CVE-2007-3799
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X Server v10.5.2
Impact: Multiple vulnerabilities in PHP 4.4.7
Description: PHP is updated to version 4.4.8 to address multiple
vulnerabilities, the most serious of which may lead to arbitrary code
execution. Further information is available via the PHP website at
http://www.php.net/
Podcast Producer
CVE-ID: CVE-2008-0993
Available for: Mac OS X v10.5.2, Mac OS X Server v10.5.2
Impact: Podcast Capture exposes passwords to other local users
Description: The Podcast Capture application provides passwords to a
subtask through the arguments, potentially exposing the passwords to
other local users. This update corrects the issue by providing
passwords to the subtask through a pipe. This issue does not affect
systems prior to Mac OS X v10.5. Credit to Maximilian Reiss of Chair
for Applied Software Engineering, TUM for reporting this issue.
Preview
CVE-ID: CVE-2008-0994
Available for: Mac OS X v10.5.2, Mac OS X Server v10.5.2
Impact: Saving to encrypted PDF in Preview produces files that may
be read without the password
Description: When Preview saves a PDF file with encryption, it uses
40-bit RC4. This encryption algorithm may be broken with significant
but readily available computing power. A person with access to the
file may apply a brute-force technique to view it. This update
enhances the encryption to 128-bit RC4.
Printing
CVE-ID: CVE-2008-0995
Available for: Mac OS X v10.5.2, Mac OS X Server v10.5.2
Impact: Printing to encrypted PDF produces files that may be read
without the 'open' password
Description: Printing to a PDF file and setting an 'open' password
uses 40-bit RC4. This encryption algorithm may be broken with
significant but readily available computing power. A person with
access to the file may apply a brute-force technique to view it. This
update enhances the encryption to 128-bit RC4. This issue does not
affect systems prior to Mac OS X v10.5.
Printing
CVE-ID: CVE-2008-0996
Available for: Mac OS X v10.5.2, Mac OS X Server v10.5.2
Impact: Printing to an authenticated print queue may disclose login
credentials
Description: An information disclosure issue exists in the handling
of authenticated print queues. When starting a job on an
authenticated print queue, the credentials used for authentication
may be saved to disk. This update addresses the issue by removing
user credentials from printing presets before saving them to disk.
This issue does not affect systems prior to Mac OS X v10.5.
System Configuration
CVE-ID: CVE-2008-0998
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5.2, Mac OS X Server v10.5.2
Impact: A local user may be able to execute arbitrary code with
system privileges
Description: The privileged tool NetCfgTool uses distributed objects
to communicate with untrusted client programs on the local machine.
By sending a maliciously crafted message, a local user can bypass the
authorization step and may cause arbitrary code execution with the
privileges of the privileged program. This update addresses the issue
by performing additional validation of distributed objects.
UDF
CVE-ID: CVE-2008-0999
Available for: Mac OS X v10.5.2, Mac OS X Server v10.5.2
Impact: Opening a maliciously crafted disk image may lead to an
unexpected system shutdown
Description: A null pointer dereference issue exists in the handling
of Universal Disc Format (UDF) file systems. By enticing a user to
open a maliciously crafted disk image, an attacker may cause an
unexpected system shutdown. This update addresses the issue through
improved validation of UDF file systems. This issue does not affect
systems prior to Mac OS X v10.5. Credit to Paul Wagland of Redwood
Software, and Wayne Linder of Iomega for reporting this issue.
Wiki Server
CVE-ID: CVE-2008-1000
Available for: Mac OS X v10.5.2, Mac OS X Server v10.5.2
Impact: A user with access to edit wiki content may be able to
execute arbitrary commands as the wiki server
Description: A path traversal issue exists in the Mac OS X v10.5
Server Wiki Server. Attackers with access to edit wiki content may
upload files that leverage this issue to place content wherever the
wiki server can write, which may lead to arbitrary code execution
with the privileges of the wiki server. This update addresses the
issue through improved file name handling. This issue does not affect
systems prior to Mac OS X v10.5. Credit to Rodrigo Carvalho, from the
Core Security Consulting Services (CSC) team of CORE Security
Technologies.
X11
CVE-ID: CVE-2007-4568, CVE-2007-4990
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11
Impact: Multiple Vulnerabilities in X11 X Font Server (XFS) 1.0.4
Description: Multiple vulnerabilities exist in X11 X Font Server
(XFS) 1.0.4, the most serious of which may lead to arbitrary code
execution. This update addresses the issue by updating to version
1.0.5. Further information is available via the X.Org website at
http://www.x.org/wiki/Development/Security These issues are already
addressed in systems running Mac OS X v10.5.2.
X11
CVE-ID: CVE-2006-3334, CVE-2006-5793, CVE-2007-2445, CVE-2007-5266,
CVE-2007-5267, CVE-2007-5268, CVE-2007-5269
Available for: Mac OS X v10.5.2, Mac OS X Server v10.5.2
Impact: Multiple vulnerabilities in X11's libpng 1.2.8
Description: The PNG reference library (libpng) is updated to
version 1.2.24 to address several vulnerabilities, the most serious
of which may lead to a remote denial of service or arbitrary code
execution. Further information is available via the libpng website at
http://www.libpng.org/pub/png/libpng.html This issue affects libpng
within X11. It does not affect systems prior to Mac OS X v10.5.
X11
CVE-ID: CVE-2007-5958, CVE-2008-0006, CVE-2007-6427, CVE-2007-6428,
CVE-2007-6429
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5.2, Mac OS X Server v10.5.2
Impact: Multiple vulnerabilities in the X11 server
Description: Numerous vulnerabilities in the X11 server allow
execution of arbitrary code with the privileges of the user running
the X11 server if the attacker can authenticate to the X11 server.
This is a security vulnerability only if the X11 server is configured
to not require authentication, which Apple does not recommend. This
update fixes the issue by applying the updated X.Org patches. Further
information is available via the X.Org website at
http://www.x.org/wiki/Development/Security
Security Update 2008-002 may be obtained from the Software Update
pane in System Preferences, or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/
For Mac OS X v10.5.2
The download file is named: "SecUpd2008-002.dmg"
Its SHA-1 digest is: 15083986b3ce6b73c3b894f1c2bcf5c22170236c
For Mac OS X v10.4.11 (Universal)
The download file is named: "SecUpd2008-002Univ.dmg"
Its SHA-1 digest is: 49b1c6b1a919b33cbaada1c86eb501291e7145e8
For Mac OS X v10.4.11 (PPC)
The download file is named: "SecUpd2008-002PPC.dmg"
Its SHA-1 digest is: 8a838e33b6720184a4e4e13c17392892e5a06a56
For Mac OS X Server v10.5.2
The download file is named: "SecUpdSrvr2008-002.dmg"
Its SHA-1 digest is: 2f5126096b872482315a25cd3d75bc1c0a082e84
For Mac OS X Server v10.4.11 (Universal)
The download file is named: "SecUpdSrvr2008-002Univ.dmg"
Its SHA-1 digest is: 77074bdd1d0574abe9631b12011f8ef1d15151b3
For Mac OS X Server v10.4.11 (PPC)
The download file is named: "SecUpdSrvr2008-002PPC.dmg"
Its SHA-1 digest is: 1b5f3c1464b1fce0d77f44e50a0b662b467e3fd0
Information will also be posted to the Apple Security Updates
web site:
http://docs.info.apple.com/article.html?artnum=61798
This message is signed with Apple's Product Security PGP key,
and details are available at:
http://www.apple.com/support/security/pgp/