Home / mailingsPDF  

APPLE-SA-2012-09-19-4 OS X Server v2.1.1

Posted on 03 October 2012
Apple Security-announce

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2012-09-19-4 OS X Server v2.1.1

OS X Server v2.1.1 is now available and addresses the following:

PostgreSQL
Available for: OS X Mountain Lion v10.8 or later
Impact: Multiple vulnerabilities in PostgreSQL
Description: PostgreSQL is updated to version 9.1.5 to address
multiple vulnerabilities, the most serious of which may allow
database users to read files from the file system with the privileges
of the database server role account. Further information is available
via the PostgreSQL web site at
http://www.postgresql.org/docs/9.1/static/release-9-1-5.html.
CVE-ID
CVE-2012-3488
CVE-2012-3489

Messages Server
Available for: OS X Mountain Lion v10.8 or later
Impact: A remote attacker may reroute federated Jabber messages
Description: An issue existed in the Jabber server's handling of
dialback result messages. An attacker may cause the Jabber server to
disclose information intended for users of federated servers. This
issue was addressed through improved handling of dialback result
messages.
CVE-ID
CVE-2012-3525

Note: OS X Server v2.1.1 includes the content of
OS X Mountain Lion v10.8.2. For further details see:
http://http://support.apple.com/kb/HT5501

OS X Server v2.1.1 may be obtained from Mac App Store.

Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

 

TOP