Home / mailingsPDF  

APPLE-SA-2013-10-22-5 OS X Server 3.0

Posted on 23 October 2013
Apple Security-announce

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2013-10-22-5 OS X Server 3.0

OS X Server 3.0 is now available and addresses
the following:

Profile Manager
Available for: OS X Mavericks v10.9 or later
Impact: A remote attacker may be able to cause a denial of service
Description: The JSON Ruby Gem permanently allocated memory when
parsing certain constructs in its input. An attacker could exploit
this to use all available memory leading to a denial of service. This
issue was addressed through additional validation of JSON data.
CVE-ID
CVE-2013-0269

Profile Manager
Available for: OS X Mountain Lion v10.9 or later
Impact: Multiple issues in Ruby on Rails
Description: Multiple issues existed in Ruby on Rails, the most
serious of which may lead to cross site scripting. These issues were
addressed by updating the Rails implementation used by Profile
Manager to version 2.3.18.
CVE-ID
CVE-2013-1854
CVE-2013-1855
CVE-2013-1856
CVE-2013-1857

FreeRADIUS
Available for: OS X Mavericks v10.9 or later
Impact: A remote attacker may be able to cause a denial of service
or arbitrary code execution
Description: A buffer overflow existed in FreeRADIUS when parsing
the 'not after' timestamp in a client certificate, when using TLS-
based EAP methods. This issue was addressed by updating FreeRADIUS to
version 2.2.0.
CVE-ID
CVE-2012-3547

Server App
Available for: OS X Mavericks v10.9 or later
Impact: Server may use a fallback certificate during authentication
Description: A logic issue existed whereby the RADIUS service could
choose an incorrect certificate from the list of configured
certificates. The issue was addressed by using the same certificate
as other services.
CVE-ID
CVE-2013-5143 : Arek Dreyer of Dreyer Network Consultants, Inc.


OS X Server 3.0 may be obtained from Mac App Store.

Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

 

TOP

Mailings :

Exploits :