Home / mailings APPLE-SA-2017-03-27-7 macOS Server 5.3
Posted on 28 March 2017
Apple Security-announce-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2017-03-27-7 macOS Server 5.3
macOS Server 5.3 is now available and addresses the following:
Profile Manager
Available for: macOS 10.12.4 and later
Impact: A remote user may be able to cause a denial-of-service
Description: A crafted request may cause a global cache to grow
indefinitely, leading to a denial-of-service. This was addressed by
not caching unknown MIME types.
CVE-2016-0751
Web Server
Available for: macOS 10.12.4 and later
Impact: A remote attacker may be able to cause a denial of service
against the HTTP server via partial HTTP requests
Description: This issue was addressed by adding mod_reqtimeout.
CVE-2007-6750
Wiki Server
Available for: macOS 10.12.4 and later
Impact: A remote attacker may be able to enumerate users
Description: An access issue was addressed through improved
permissions checking.
CVE-2017-2382: Maris Kocins of SEMTEXX LTD
Installation note:
macOS Server 5.3 may be obtained from the Mac App Store.
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
