Home / mailings APPLE-SA-2008-12-15 Security Update 2008-008 / Mac OS X v10.5.6
Posted on 15 December 2008
Apple Security-announce-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2008-12-15 Security Update 2008-008 / Mac OS X v10.5.6
Security Update 2008-008 / Mac OS X v10.5.6 is now available and
addresses the following issues:
ATS
CVE-ID: CVE-2008-4236
Available for: Mac OS X v10.5 through v10.5.5,
Mac OS X Server v10.5 through v10.5.5
Impact: Viewing or downloading a PDF file containing a maliciously
crafted embedded font may lead to a denial of service
Description: An infinite loop may occur in the Apple Type Services
server's handling of embedded fonts in PDF files. Viewing or
downloading a PDF file containing a maliciously crafted embedded font
may lead to a denial of service. This update addresses the issue by
performing additional validation of embedded fonts. This issue does
not affect systems prior to Mac OS X v10.5. Credit to Michael Samarin
and Mikko Vihonen of Futurice Ltd. for reporting this issue.
BOM
CVE-ID: CVE-2008-4217
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5 through v10.5.5, Mac OS X Server v10.5 through v10.5.5
Impact: Downloading or viewing a maliciously crafted CPIO archive
may lead to arbitrary code execution or unexpected application
termination
Description: A signedness issue exists in BOM's handling of CPIO
headers which may result in a stack buffer overflow. Downloading or
viewing a maliciously crafted CPIO archive may lead to arbitrary code
execution or unexpected application termination. This update
addresses the issue by performing additional validation of CPIO
headers. Credit: Apple.
CoreGraphics
CVE-ID: CVE-2008-3623
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5 through v10.5.5, Mac OS X Server v10.5 through v10.5.5
Impact: Viewing a maliciously crafted image may lead to an
unexpected application termination or arbitrary code execution
Description: A heap buffer overflow exists in the handling of color
spaces within CoreGraphics. Viewing a maliciously crafted image may
lead to an unexpected application termination or arbitrary code
execution. This update addresses the issue through improved bounds
checking. Credit: Apple.
CoreServices
CVE-ID: CVE-2008-3170
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5 through v10.5.5, Mac OS X Server v10.5 through v10.5.5
Impact: Visiting a maliciously crafted website may lead to the
disclosure of user credentials
Description: Safari allows web sites to set cookies for country-
specific top-level domains, which may allow a remote attacker to
perform a session fixation attack and hijack a user's credentials.
This update addresses the issue by performing additional validation
of domain names. Credit to Alexander Clauss of iCab.de for reporting
this issue.
CoreTypes
CVE-ID: CVE-2008-4234
Available for: Mac OS X v10.5 through v10.5.5,
Mac OS X Server v10.5 through v10.5.5
Impact: Attempting to launch unsafe downloaded content may not lead
to a warning
Description: Mac OS X provides the Download Validation capability to
indicate potentially unsafe files. Applications such as Safari and
others use Download Validation to help warn users prior to launching
files marked as potentially unsafe. This update adds to the list of
potentially unsafe types. It adds the content type for files that
have executable permissions and no specific application association.
These files are potentially unsafe as they will launch in Terminal
and their content will be executed as commands. While these files are
not automatically launched, if manually opened they could lead to the
execution of arbitrary code. This issue does not affect systems prior
to Mac OS X v10.5.
Flash Player Plug-in
CVE-ID: CVE-2008-4818, CVE-2008-4819, CVE-2008-4820, CVE-2008-4821,
CVE-2008-4822, CVE-2008-4823, CVE-2008-4824
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5 through v10.5.5, Mac OS X Server v10.5 through v10.5.5
Impact: Multiple vulnerabilities in Adobe Flash Player plug-in
Description: Multiple issues exist in the Adobe Flash Player plug-
in, the most serious of which may lead to arbitrary code execution
when viewing a maliciously crafted web site. The issues are addressed
by updating the Flash Player plug-in to version 9.0.151.0. Further
information is available via the Adobe web site at
http://www.adobe.com/support/security/bulletins/apsb08-20.html
Kernel
CVE-ID: CVE-2008-4218
Available for: Mac OS X v10.5 through v10.5.5,
Mac OS X Server v10.5 through v10.5.5
Impact: A local user may obtain system privileges
Description: Integer overflow issues exist within the i386_set_ldt
and i386_get_ldt system calls, which may allow a local user to
execute arbitrary code with system privileges. This update addresses
the issues through improved bounds checking. These issues do not
affect PowerPC systems. Credit to Richard Vaneeden of IOActive, Inc.
for reporting these issues.
Kernel
CVE-ID: CVE-2008-4219
Available for: Mac OS X v10.5 through v10.5.5,
Mac OS X Server v10.5 through v10.5.5
Impact: Running an executable that links dynamic libraries on an NFS
share may lead to an unexpected system shutdown
Description: An infinite loop may occur when a program located on an
NFS share receives an exception. This may lead to an unexpected
system shutdown. This update addresses the issue through improved
handling of exceptions. Credit to Ben Loer of Princeton University
for reporting this issue.
Libsystem
CVE-ID: CVE-2008-4220
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5 through v10.5.5, Mac OS X Server v10.5 through v10.5.5
Impact: Applications that use the inet_net_pton API may be
vulnerable to arbitrary code execution or an unexpected application
termination
Description: An integer overflow exists in Libsystem's inet_net_pton
API, which may lead to arbitrary code execution or the unexpected
termination of the application using the API. This update addresses
the issue through improved bounds checking. This API is not normally
called with untrusted data, and no exploitable cases of this issue
are known. This update is provided to help mitigate potential attacks
against any application using this API.
Libsystem
CVE-ID: CVE-2008-4221
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5 through v10.5.5, Mac OS X Server v10.5 through v10.5.5
Impact: Applications that use the strptime API may be vulnerable to
arbitrary code execution or unexpected application termination
Description: A memory corruption issue exists in Libsystem's
strptime API. Parsing a maliciously crafted date string may lead to
arbitrary code execution or unexpected application termination. This
update addresses the issue through improved memory allocation.
Credit: Apple.
Libsystem
CVE-ID: CVE-2008-1391
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5 through v10.5.5, Mac OS X Server v10.5 through v10.5.5
Impact: Applications that use the strfmon API may be exposed to an
unexpected application termination or arbitrary code execution
Description: Multiple integer overflows exist in Libsystem's strfmon
implementation. An application calling strfmon with large values of
certain integer fields in the format string argument may unexpectedly
terminate or lead to arbitrary code execution. This update addresses
the issues through improved bounds checking.
Managed Client
CVE-ID: CVE-2008-4237
Available for: Mac OS X v10.5 through v10.5.5,
Mac OS X Server v10.5 through v10.5.5
Impact: The managed screen saver settings are not applied
Description: The method by which the software on a managed client
system installs per-host configuration information does not always
correctly identify the system. On a misidentified system, per-host
settings are not applied, including the screen saver lock. This
update addresses the issue by having Managed Client use the correct
system identification. This issue does not affect systems with built-
in Ethernet. Credit to John Barnes of ESRI, and Trevor Lalish-Menagh
of Tamman Technologies, Inc. for reporting this issue.
network_cmds
CVE-ID: CVE-2008-4222
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5 through v10.5.5, Mac OS X Server v10.5 through v10.5.5
Impact: A remote attacker may be able to cause a denial of service
if Internet Sharing is enabled
Description: An infinite loop may occur in the handling of TCP
packets in natd. By sending a maliciously crafted TCP packet, a
remote attacker may be able to cause a denial of service if Internet
Sharing is enabled. This update addresses the issue by performing
additional validation of TCP packets. Credit to Alex Rosenberg of
Ohmantics, and Gary Teter of Paizo Publishing for reporting this
issue.
Podcast Producer
CVE-ID: CVE-2008-4223
Available for: Mac OS X Server v10.5 through v10.5.5
Impact: A remote attacker may be able to access the administrative
functions of Podcast Producer
Description: An authentication bypass issue exists in the Podcast
Producer server, which may allow an unauthorized user to access
administrative functions in the server. This update addresses the
issue through improved handling of access restrictions. Podcast
Producer was introduced in Mac OS X Server v10.5.
UDF
CVE-ID: CVE-2008-4224
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5 through v10.5.5, Mac OS X Server v10.5 through v10.5.5
Impact: Opening an ISO file may lead to an unexpected system
shutdown
Description: An input validation issue exists in the handling of
malformed UDF volumes. Opening a maliciously crafted ISO file may
lead to an unexpected system shutdown. This update addresses the
issue through improved input validation. Credit to Mauro Notarianni
of PCAX Solutions for reporting this issue.
Security Update 2008-008 and Mac OS X v10.5.6 may be obtained from
the Software Update pane in System Preferences, or Apple's Software
Downloads web site:
http://www.apple.com/support/downloads/
The Software Update utility will present the update that applies
to your system configuration. Only one is needed, either
Security Update 2008-008 or Mac OS X v10.5.6.
For Mac OS X v10.5.5
The download file is named: "MacOSXUpd10.5.6.dmg"
Its SHA-1 digest is: 684f67524a92b4314a4bdd52498fb3b6af8f9ded
For Mac OS X v10.5 - v10.5.4
The download file is named: "MacOSXUpdCombo10.5.6.dmg"
Its SHA-1 digest is: 09de4ac2c5591ab75d51ef37dc70f9e5630150d4
For Mac OS X Server v10.5.5
The download file is named: "MacOSXServerUpd10.5.6.dmg"
Its SHA-1 digest is: bd14ab94b9bcc896da1613ac761171b54286bcac
For Mac OS X Server v10.5 - v10.5.4
The download file is named: "MacOSXServerUpdCombo10.5.6.dmg"
Its SHA-1 digest is: e20d8d458be3ec51b0083ff823ce27def00dbca7
For Mac OS X v10.4.11 (Intel)
The download file is named: "SecUpd2008-008Intel.dmg"
Its SHA-1 digest is: 651e592fad1bd158a76459a81d2ebede1f3bedea
For Mac OS X v10.4.11 (PowerPC)
The download file is named: "SecUpd2008-008PPC.dmg"
Its SHA-1 digest is: 9bb2aa7fcc924715b6442e808fc778789f359906
For Mac OS X Server v10.4.11 (Universal)
The download file is named: "SecUpdSrvr2008-008Univ.dmg"
Its SHA-1 digest is: 21702064037150cdeb9d708304ee91eb254c7371
For Mac OS X Server v10.4.11 (PowerPC)
The download file is named: "SecUpdSrvr2008-008PPC.dmg"
Its SHA-1 digest is: d0e4720051ea27b8edf0ab2a124d6e9f0e16534c
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
http://www.apple.com/support/security/pgp/