Home / mailings

PDF

APPLE-SA-2014-15-20-1 OS X Server 3.1.2

Posted on 20 May 2014
Apple Security-announce

--===============1991477033==
Content-type: multipart/signed;
boundary="Apple-Mail=_A635050C-AEAF-4ECB-8A05-FF8EA9C2339E";
protocol="application/pgp-signature"; micalg=pgp-sha1


--Apple-Mail=_A635050C-AEAF-4ECB-8A05-FF8EA9C2339E
Content-Transfer-Encoding: 7bit
Content-Type: text/plain;
charset=us-ascii

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2014-15-20-1 OS X Server 3.1.2

OS X Server 3.1.2 is now available and addresses the following:

Ruby
Available for: OS X Mavericks 10.9.3 or later
Impact: Running a Ruby script that uses untrusted input to create a
Float object may lead to an application hang or arbitrary code
execution
Description: A heap-based buffer overflow issue existed in Ruby when
converting a string to a floating point value. An attacker could send
a specially crafted request to Profile Manager or to a Ruby script,
which may lead to an application hang or arbitrary code execution.
This issue was addressed through additional validation of floating
point values.
CVE-ID
CVE-2013-4164


OS X Server 3.1.2 may be obtained from Mac App Store.

Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

 

TOP