Apple Security Update Server Changelog

What's new in Apple Security Update Server 2014-003

Jun 30, 2014

Recommended for all users and improves the security of OS X.

New in Apple Security Update Server 2014-002 (Apr 22, 2014)

New in Apple Security Update Server 2013-004 (Sep 13, 2013)

Addresses the following:
Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8 to v10.8.4
Impact: Multiple vulnerabilities in Apache
Description: Multiple vulnerabilities existed in Apache, the most serious of which may lead to cross-site scripting. These issues were addressed by updating Apache to version 2.2.24.
CVE-ID: CVE-2012-0883, CVE-2012-2687, CVE-2012-3499, CVE-2012-4558
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8 to v10.8.4
Impact: Multiple vulnerabilities in BIND
Description: Multiple vulnerabilities existed in BIND, the most serious of which may lead to a denial of service. These issues were addressed by updating BIND to version 9.8.5-P1. CVE-2012-5688 did not
affect Mac OS X v10.7 systems.
CVE-ID: CVE-2012-3817, CVE-2012-4244, CVE-2012-5166, CVE-2012-5688, CVE-2013-2266
Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8 to v10.8.4
Impact: Root certificates have been updated
Description: Several certificates were added to or removed from the list of system roots. The complete list of recognized system roots may be viewed via the Keychain Access application.
Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7.5, OS X Lion Server v10.7.5
Impact: Multiple vulnerabilities in ClamAV
Description: Multiple vulnerabilities exist in ClamAV, the most serious of which may lead to arbitrary code execution. This update addresses the issues by updating ClamAV to version 0.97.8.
CVE-ID: CVE-2013-2020, CVE-2013-2021
Available for: OS X Mountain Lion v10.8 to v10.8.4
Impact: Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in the handling of JBIG2 encoded data in PDF files. This issue was addressed through additional bounds checking.
CVE-ID: CVE-2013-1025 : Felix Groebert of the Google Security Team
Available for: OS X Mountain Lion v10.8 to v10.8.4
Impact: Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in the handling of JPEG2000 encoded data in PDF files. This issue was addressed through additional bounds checking.
CVE-ID: CVE-2013-1026 : Felix Groebert of the Google Security Team
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8 to v10.8.4
Impact: Packages could be opened after certificate revocation
Description: When Installer encountered a revoked certificate, it would present a dialog with an option to continue. The issue was addressed by removing the dialog and refusing any revoked package.
CVE-ID: CVE-2013-1027
Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8 to v10.8.4
Impact: An attacker may intercept data protected with IPSec Hybrid Auth
Description: The DNS name of an IPSec Hybrid Auth server was not being matched against the certificate, allowing an attacker with a certificate for any server to impersonate any other. This issue was addressed by properly checking the certificate.
CVE-ID: CVE-2013-1028 : Alexander Traud of www.traud.de
Available for: OS X Mountain Lion v10.8 to v10.8.4
Impact: A local network user may cause a denial of service
Description: An incorrect check in the IGMP packet parsing code in the kernel allowed a user who could send IGMP packets to the system to cause a kernel panic. The issue was addressed by removing the check.
CVE-ID: CVE-2013-1029 : Christopher Bohn of PROTECTSTAR INC.
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8 to v10.8.4
Impact: Passwords may be disclosed to other local users
Description: A password was passed on the command-line to mdmclient, which made it visible to other users on the same system. The issue was addressed by communicating the password through a pipe.
CVE-ID: CVE-2013-1030 : Per Olofsson at the University of Gothenburg
Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8 to v10.8.4
Impact: Multiple vulnerabilities in OpenSSL
Description: Multiple vulnerabilities existed in OpenSSL, the most serious of which may lead to disclosure of user data. These issues were addressed by updating OpenSSL to version 0.9.8y.
CVE-ID: CVE-2012-2686, CVE-2013-0166, CVE-2013-0169
Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8 to v10.8.4
Impact: Multiple vulnerabilities in PHP
Description: Multiple vulnerabilities existed in PHP, the most serious of which may lead to arbitrary code execution. These issues were addressed by updating PHP to version 5.3.26.
CVE-ID: CVE-2013-1635, CVE-2013-1643, CVE-2013-1824, CVE-2013-2110
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8 to v10.8.4
Impact: Multiple vulnerabilities in PostgreSQL
Description: Multiple vulnerabilities exist in PostgreSQL, the most serious of which may lead to data corruption or privilege escalation. This update addresses the issues by updating PostgreSQL to version 9.0.13.
CVE-ID: CVE-2013-1899, CVE-2013-1900, CVE-2013-1901, CVE-2013-1902, CVE-2013-1903
Available for: OS X Mountain Lion v10.8 to v10.8.4
Impact: The screen saver may not start after the specified time period
Description: A power assertion lock issue existed. This issue was addressed through improved lock handling.
CVE-ID: CVE-2013-1031
Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8 to v10.8.4
Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution
Description: A memory corruption issue existed in the handling of 'idsc' atoms in QuickTime movie files. This issue was addressed through additional bounds checking.
CVE-ID: CVE-2013-1032 : Jason Kratzer working with iDefense VCP
Available for: OS X Mountain Lion v10.8 to v10.8.4
Impact: A user with screen sharing access may be able to bypass the screen lock when another user is logged in
Description: A session management issue existed in the screen lock's handling of screen sharing sessions. This issue was addressed through improved session tracking.
CVE-ID: CVE-2013-1033 : Jeff Grisso of Atos IT Solutions, Sebastien Stormacq
Note: OS X Mountain Lion v10.8.5 also addresses an issue where certain Unicode strings could cause applications to unexpectedly terminate.

New in Apple Security Update Server 2013-002 (Jun 5, 2013)

CFNetwork:
 Available for: OS X Mountain Lion v10.8 to v10.8.3
 Impact: An attacker with access to a user's session may be able to log into previously accessed sites, even if Private Browsing was used
 Description: Permanent cookies were saved after quitting Safari, even when Private Browsing was enabled. This issue was addressed by improved handling of cookies.
CoreAnimation:
 Available for: OS X Mountain Lion v10.8 to v10.8.3
 Impact: Visiting a maliciously crafted site may lead to an unexpected application termination or arbitrary code execution
 Description: An unbounded stack allocation issue existed in the handling of text glyphs. This could be triggered by maliciously crafted URLs in Safari. The issue was addressed through improved bounds checking.
CoreMedia Playback:
 Available for: OS X Lion v10.7 to v10.7.5, OS X Lion Server v10.7 to v10.7.5, OS X Mountain Lion v10.8 to v10.8.3
 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution
 Description: An uninitialized memory access issue existed in the handling of text tracks. This issue was addressed by additional validation of text tracks.
CUPS:
 Available for: OS X Mountain Lion v10.8 to v10.8.3
 Impact: A local user in the lpadmin group may be able to read or write arbitrary files with system privileges
 Description: A privilege escalation issue existed in the handling of CUPS configuration via the CUPS web interface. A local user in the lpadmin group may be able to read or write arbitrary files with system privileges. This issue was addressed by moving certain configuration directives to cups-files.conf, which can not be modified from the CUPS web interface.
Directory Service:
 Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8
 Impact: A remote attacker may execute arbitrary code with system privileges on systems with Directory Service enabled
 Description: An issue existed in the directory server's handling of messages from the network. By sending a maliciously crafted message, a remote attacker could cause the directory server to terminate or execute arbitrary code with system privileges. This issue was addressed through improved bounds checking. This issue does not affect OS X Lion or OS X Mountain Lion systems.
Disk Management:
 Available for: OS X Mountain Lion v10.8 to v10.8.3
 Impact: A local user may disable FileVault
 Description: A local user who is not an administrator may disable FileVault using the command-line. This issue was addressed by adding additional authentication.
OpenSSL:
 Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.5, OS X Lion Server v10.7 to v10.7.5, OS X Mountain Lion v10.8 to v10.8.3
 Impact: An attacker may be able to decrypt data protected by SSL
 Description: There were known attacks on the confidentiality of TLS 1.0 when compression was enabled. This issue was addressed by disabling compression in OpenSSL.
OpenSSL: Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.5, OS X Lion Server v10.7 to v10.7.5, OS X Mountain Lion v10.8 to v10.8.3
 Impact: Multiple vulnerabilities in OpenSSL
 Description: OpenSSL was updated to version 0.9.8x to address multiple vulnerabilities, which may lead to denial of service or disclosure of a private key. Further information is available via the OpenSSL website at http://www.openssl.org/news/
QuickDraw Manager:
 Available for: OS X Lion v10.7 to v10.7.5, OS X Lion Server v10.7 to v10.7.5, OS X Mountain Lion v10.8 to v10.8.2
 Impact: Opening a maliciously crafted PICT image may lead to an unexpected application termination or arbitrary code execution
 Description: A buffer overflow existed in the handling of PICT images. This issue was addressed through improved bounds checking.
QuickTime:
 Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.5, OS X Lion Server v10.7 to v10.7.5, OS X Mountain Lion v10.8 to v10.8.3
 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution
 Description: A buffer overflow existed in the handling of 'enof' atoms. This issue was addressed through improved bounds checking.
QuickTime:
 Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.5, OS X Lion Server v10.7 to v10.7.5, OS X Mountain Lion v10.8 to v10.8.3
 Impact: Viewing a maliciously crafted QTIF file may lead to an unexpected application termination or arbitrary code execution
 Description: A memory corruption issue existed in the handling of QTIF files. This issue was addressed through improved bounds checking.
QuickTime:
 Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.5, OS X Lion Server v10.7 to v10.7.5, OS X Mountain Lion v10.8 to v10.8.3
 Impact: Viewing a maliciously crafted FPX file may lead to an unexpected application termination or arbitrary code execution
 Description: A buffer overflow existed in the handling of FPX files. This issue was addressed through improved bounds checking.
QuickTime:
 Available for: OS X Mountain Lion v10.8 to v10.8.3
 Impact: Playing a maliciously crafted MP3 file may lead to an unexpected application termination or arbitrary code execution
 Description: A buffer overflow existed in the handling of MP3 files. This issue was addressed through improved bounds checking.
Ruby:
 Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8
 Impact: Multiple vulnerabilities in Ruby on Rails
 Description: Multiple vulnerabilities existed in Ruby on Rails, the most serious of which may lead to arbitrary code execution on systems running Ruby on Rails applications. These issues were addressed by updating Ruby on Rails to version 2.3.18. This issue may affect OS X Lion or OS X Mountain Lion systems that were upgraded from Mac OS X 10.6.8 or earlier. Users can update affected gems on such systems by using the /usr/bin/gem utility.
SMB:
 Available for: OS X Lion v10.7 to v10.7.5, OS X Lion Server v10.7 to v10.7.5, OS X Mountain Lion v10.8 to v10.8.3
 Impact: An authenticated user may be able to write files outside the shared directory
 Description: If SMB file sharing is enabled, an authenticated user may be able to write files outside the shared directory. This issue was addressed through improved access control. 
Note: Starting with OS X v10.8.4, Java Web Start (i.e. JNLP) applications downloaded from the Internet need to be signed with a Developer ID certificate. Gatekeeper will check downloaded Java Web Start applications for a signature and block such applications from launching if they are not properly signed.

New in Apple Security Update Server 2012-001 v1.1 (Feb 4, 2012)

New in Apple Security Update Server 2011-006 (Oct 13, 2011)

Apache:
Impact: Multiple vulnerabilities in Apache
Description: Apache is updated to version 2.2.20 to address several vulnerabilities, the most serious of which may lead to a denial of service. CVE-2011-0419 does not affect OS X Lion systems. Further information is available via the Apache web site at http://httpd.apache.org/
Application Firewall:
Impact: Executing a binary with a maliciously crafted name may lead to arbitrary code execution with elevated privileges
Description: A format string vulnerability existed in Application Firewall's debug logging.
ATS:
Impact: Viewing or downloading a document containing a maliciouslycrafted embedded font may lead to arbitrary code execution
Description: A signedness issue existed in ATS' handling of Type 1 fonts. This issue does not affect systems prior to OS X Lion.
Impact: Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution
Description: An out of bounds memory access issue existed in ATS' handling of Type 1 fonts. This issue does not affect OS X Lion systems.
Impact: Applications which use the ATSFontDeactivate API may be vulnerable to an unexpected application termination or arbitrary code execution
Description: A buffer overflow issue existed in the ATSFontDeactivate API.
BIND:
Impact: Multiple vulnerabilities in BIND 9.7.3
Description: Multiple denial of service issues existed in BIND 9.7.3. These issues are addressed by updating BIND to version 9.7.3-P3.
Impact: Multiple vulnerabilities in BIND
Description: Multiple denial of service issues existed in BIND. These issues are addressed by updating BIND to version 9.6-ESV-R4-P3.
Certificate Trust Policy:
Impact: Root certificates have been updated
Description: Several trusted certificates were added to the list of system roots. Several existing certificates were updated to their most recent version. The complete list of recognized system roots may be viewed via the Keychain Access application.
CFNetwork:
Impact: Safari may store cookies it is not configured to accept
Description: A synchronization issue existed in CFNetwork's handling of cookie policies. Safari's cookie preferences may not be honored, allowing websites to set cookies that would be blocked were the preference enforced. This update addresses the issue through improved handling of cookie storage.
CFNetwork:
Impact: Visiting a maliciously crafted website may lead to the disclosure of sensitive information
Description: An issue existed in CFNetwork's handling of HTTP cookies. When accessing a maliciously crafted HTTP or HTTPS URL, CFNetwork could incorrectly send the cookies for a domain to a server outside that domain. This issue does not affect systems prior to OS X Lion.
CoreFoundation:
Impact: Viewing a maliciously crafted website or e-mail message may lead to an unexpected application termination or arbitrary code execution
Description: A memory corruption issue existed in CoreFoundation's handling of string tokenization. This issue does not affect OS X Lion systems. This update addresses the issue through improved bounds checking.
CoreMedia:
Impact: Visiting a maliciously crafted website may lead to the disclosure of video data from another site
Description: A cross-origin issue existed in CoreMedia's handling of cross-site redirects. This issue is addressed through improved origin tracking.
Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in the handling of QuickTime movie files. These issues do not affect OS X Lion systems.
CoreProcesses:
Impact: A person with physical access to a system may partially bypass the screen lock
Description: A system window, such as a VPN password prompt, that appeared while the screen was locked may have accepted keystrokes while the screen was locked. This issue is addressed by preventing system windows from requesting keystrokes while the screen is locked. This issue does not affect systems prior to OS X Lion.
CoreStorage:
Impact: Converting to FileVault does not erase all existing data
Description: After enabling FileVault, approximately 250MB at the start of the volume was left unencrypted on the disk in an unused area. Only data which was present on the volume before FileVault was enabled was left unencrypted. This issue is addressed by erasing this area when enabling FileVault, and on the first use of an encrypted
volume affected by this issue. This issue does not affect systems prior to OS X Lion.
File Systems:
Impact: An attacker in a privileged network position may manipulate HTTPS server certificates, leading to the disclosure of sensitive information
Description: An issue existed in the handling of WebDAV volumes on HTTPS servers. If the server presented a certificate chain that could not be automatically verified, a warning was displayed and the connection was closed. If the user clicked the "Continue" button in the warning dialog, any certificate was accepted on the following connection to that server. An attacker in a privileged network position may have manipulated the connection to obtain sensitive information or take action on the server on the user's behalf. This update addresses the issue by validating that the certificate received on the second connection is the same certificate originally presented to the user.
IOGraphics:
Impact: A person with physical access may be able to bypass the screen lock
Description: An issue existed with the screen lock when used with Apple Cinema Displays. When a password is required to wake from sleep, a person with physical access may be able to access the system without entering a password if the system is in display sleep mode.
This update addresses the issue by ensuring that the lock screen is correctly activated in display sleep mode. This issue does not affect OS X Lion systems.
iChat Server:
Impact: A remote attacker may cause the Jabber server to consume system resources disproportionately
Description: An issue existed in the handling of XML external entities in jabberd2, a server for the Extensible Messaging and Presence Protocol (XMPP). jabberd2 expands external entities in incoming requests. This allows an attacker to consume system resources very quickly, denying service to legitimate users of the server. This update addresses the issue by disabling entity expansion in incoming requests.
Kernel:
Impact: A person with physical access may be able to access the user's password
Description: A logic error in the kernel's DMA protection permitted firewire DMA at loginwindow, boot, and shutdown, although not at screen lock. This update addresses the issue by preventing firewire DMA at all states where the user is not logged in.
Impact: An unprivileged user may be able to delete another user's files in a shared directory
Description: A logic error existed in the kernel's handling of file deletions in directories with the sticky bit.
libsecurity:
Impact: Viewing a maliciously crafted website or e-mail message may lead to an unexpected application termination or arbitrary code execution
Description: An error handling issue existed when parsing a nonstandard certificate revocation list extension.
Mailman:
Impact: Multiple vulnerabilities in Mailman 2.1.14
Description: Multiple cross-site scripting issues existed in Mailman 2.1.14. These issues are addressed by improved encoding of characters in HTML output. Further information is available via the Mailman site at http://mail.python.org/pipermail/mailman-announce/2011-February/000158.html This issue does not affect OS X Lion systems.
MediaKit:
Impact: Opening a maliciously crafted disk image may lead to an unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in the handling of disk images. These issues do not affect OS X Lion systems.
Open Directory:
Impact: Any user may read another local user's password data
Description: An access control issue existed in Open Directory. This issue does not affect systems prior to OS X Lion.
Impact: An authenticated user may change that account's password without providing the current password
Description: An access control issue existed in Open Directory. This issue does not affect systems prior to OS X Lion.
Impact: A user may be able to log in without a password
Description: When Open Directory is bound to an LDAPv3 server using RFC2307 or custom mappings, such that there is no
AuthenticationAuthority attribute for a user, an LDAP user may be allowed to log in without a password. This issue does not affect systems prior to OS X Lion.
PHP:
Impact: Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution
Description: A signedness issue existed in FreeType's handling of Type 1 fonts. This issue is addressed by updating FreeType to version 2.4.6. This issue does not affect systems prior to OS X Lion. Further information is available via the FreeType site at http://www.freetype.org/
Impact: Multiple vulnerabilities in libpng 1.4.3
Description: libpng is updated to version 1.5.4 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. Further information is available via the libpng website at http://www.libpng.org/pub/png/libpng.html
Impact: Multiple vulnerabilities in PHP 5.3.4
Description: PHP is updated to version 5.3.6 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. This issues do not affect OS X Lion systems. Further information is available via the PHP website at http://www.php.net/
postfix:
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8
Impact: An attacker in a privileged network position may manipulate mail sessions, resulting in the disclosure of sensitive information
Description: A logic issue existed in Postfix in the handling of the STARTTLS command. After receiving a STARTTLS command, Postfix may process other plain-text commands. An attacker in a privileged network position may manipulate the mail session to obtain sensitive information from the encrypted traffic. This update addresses the
issue by clearing the command queue after processing a STARTTLS command. This issue does not affect OS X Lion systems. Further information is available via the Postfix site at http://www.postfix.org/announcements/postfix-2.7.3.html
python:
Impact: Multiple vulnerabilities in python
Description: Multiple vulnerabilities existed in python, the most serious of which may lead to arbitrary code execution. This update addresses the issues by applying patches from the python project. Further information is available via the python site at http://www.python.org/download/releases/
QuickTime:
Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in QuickTime's handling of movie files.
Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution
Description: A heap buffer overflow existed in the handling of STSC atoms in QuickTime movie files. This issue does not affect OS X Lion systems.
Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution
Description: A heap buffer overflow existed in the handling of STSS atoms in QuickTime movie files. This issue does not affect OS X Lion systems.
Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution
Description: A heap buffer overflow existed in the handling of STSZ atoms in QuickTime movie files. This issue does not affect OS X Lion systems.
Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution
Description: A heap buffer overflow existed in the handling of STTS atoms in QuickTime movie files. This issue does not affect OS X Lion systems.
Impact: An attacker in a privileged network position may inject script in the local domain when viewing template HTML
Description: A cross-site scripting issue existed in QuickTime Player's "Save for Web" export. The template HTML files generated by
this feature referenced a script file from a non-encrypted origin. An attacker in a privileged network position may be able to inject malicious scripts in the local domain if the user views a template file locally. This issue is resolved by removing the reference to an online script. This issue does not affect OS X Lion systems.
Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in QuickTime's handling of H.264 encoded movie files.
Impact: Viewing a maliciously crafted movie file may lead to the disclosure of memory contents
Description: An uninitialized memory access issue existed in QuickTime's handling of URL data handlers within movie files.
Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution
Description: An implementation issue existed in QuickTime's handling of the atom hierarchy within a movie file.
Impact: Viewing a maliciously crafted FlashPix file may lead to an unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in QuickTime's handling of FlashPix files.
Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in QuickTime's handling of FLIC files.
Impact: A guest user may browse shared folders
Description: An access control issue existed in the SMB File Server.
Disallowing guest access to the share point record for a folder prevented the '_unknown' user from browsing the share point but not guests (user 'nobody'). This issue is addressed by applying the access control to the guest user. This issue does not affect systems prior to OS X Lion.
Tomcat:
Impact: Multiple vulnerabilities in Tomcat 6.0.24
Description: Tomcat is updated to version 6.0.32 to address multiple vulnerabilities, the most serious of which may lead to a cross site scripting attack. Tomcat is only provided on Mac OS X Server systems.
This issue does not affect OS X Lion systems. Further information is available via the Tomcat site at http://tomcat.apache.org/
User Documentation:
Impact: An attacker in a privileged network position may manipulate App Store help content, leading to arbitrary code execution
Description: App Store help content was updated over HTTP. This update addresses the issue by updating App Store help content over HTTPS. This issue does not affect OS X Lion systems.
Web Server:
Impact: Clients may be unable to access web services that require digest authentication
Description: An issue in the handling of HTTP Digest authentication was addressed. Users may be denied access to the server's resources, when the server configuration should have allowed the access. This issue does not represent a security risk, and was addressed to facilitate the use of stronger authentication mechanisms. Systems running OS X Lion Server are not affected by this issue.
X11:
Impact: Multiple vulnerabilities in libpng
Description: Multiple vulnerabilities existed in libpng, the most serious of which may lead to arbitrary code execution. These issues are addressed by updating libpng to version 1.5.4 on OS Lion systems, and to 1.2.46 on Mac OS X v10.6 systems.

New in Apple Security Update Server 2011-004 (Jun 24, 2011)

New in Apple Security Update Server 2011-002 (Apr 15, 2011)

New in Apple Security Update Server 2011-001 (Mar 21, 2011)

AirPort:
Available for: Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6
Impact: When connected to Wi-Fi, an attacker on the same network may be able to cause a system reset
Description: A divide by zero issue existed in the handling of Wi-Fi frames. When connected to Wi-Fi, an attacker on the same network may be able to cause a system reset. This issue does not affect systems prior to Mac OS X v10.6.
CVE-ID
CVE-2011-0172
Apache:
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6
Impact: Multiple vulnerabilities in Apache 2.2.15
Description: Apache is updated to version 2.2.17 to address several vulnerabilities, the most serious of which may lead to a denial of service. Further information is available via the Apache web site at http://httpd.apache.org/
CVE-ID
CVE-2010-1452
CVE-2010-2068
AppleScript:
Available for: Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6
Impact: Running an AppleScript Studio-based application that allows untrusted input to be passed to a dialog may lead to an unexpected application termination or arbitrary code execution
Description: A format string issue existed in AppleScript Studio's generic dialog commands ("display dialog" and "display alert"). Running an AppleScript Studio-based application that allows untrusted input to be passed to a dialog may lead to an unexpected application termination or arbitrary code execution.
CVE-ID
CVE-2011-0173 : Alexander Strange
ATS:
Available for: Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6
Impact: Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution
Description: A heap buffer overflow issue existed in the handling of OpenType fonts. Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution.
CVE-ID
CVE-2011-0174
ATS:
Available for: Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6
Impact: Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution
Description: Multiple buffer overflow issues existed in the handling of TrueType fonts. Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution.
CVE-ID
CVE-2011-0175 : Christoph Diehl of Mozilla, Felix Grobert of the Google Security Team, Marc Schoenefeld of Red Hat Security Response Team, Tavis Ormandy and Will Drewry of Google Security Team
ATS:
Available for: Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6
Impact: Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution
Description: Multiple buffer overflow issues existed in the handling of Type 1 fonts. Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution.
CVE-ID
CVE-2011-0176 : Felix Grobert of the Google Security Team, geekable working with TippingPoint's Zero Day Initiative
ATS:
Available for: Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6
Impact: Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution
Description: Multiple buffer overflow issues existed in the handling of SFNT tables. Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution.
CVE-ID
CVE-2011-0177 : Marc Schoenefeld of Red Hat Security Response Team
bzip2:
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6
Impact: Using the command line bzip2 or bunzip2 tool to decompress a bzip2 file may result in an unexpected application termination or arbitrary code execution
Description: An integer overflow issue existed in bzip2's handling of bzip2 compressed files. Using the command line bzip2 or bunzip2 tool to decompress a bzip2 file may result in an unexpected application termination or arbitrary code execution.
CVE-ID
CVE-2010-0405
CarbonCore:
Available for: Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6
Impact: Applications that use FSFindFolder() with the kTemporaryFolderType flag may be vulnerable to a local information disclosure
Description: When used with the kTemporaryFolderType flag, the FSFindFolder() API returns a directory that is world readable. This issue is addressed by returning a directory that is only readable by the user that the process is running as.
CVE-ID
CVE-2011-0178
ClamAV:
Available for: Mac OS X Server v10.5.8, Mac OS X Server v10.6.6
Impact: Multiple vulnerabilities in ClamAV
Description: Multiple vulnerabilities exist in ClamAV, the most serious of which may lead to arbitrary code execution. This update addresses the issues by updating ClamAV to version 0.96.5. ClamAV is distributed only with Mac OS X Server systems. Further information is available via the ClamAV website at http://www.clamav.net/
CVE-ID
CVE-2010-0405
CVE-2010-3434
CVE-2010-4260
CVE-2010-4261
CVE-2010-4479
CoreText:
Available for: Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6
Impact: Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution
Description: A memory corruption issue existed in CoreText's handling of font files. Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution.
CVE-ID
CVE-2011-0179 : Christoph Diehl of Mozilla
File Quarantine:
Available for: Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6
Impact: Definition added
Description: The OSX.OpinionSpy definition has been added to the malware check within File Quarantine.
HFS:
Available for: Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6
Impact: A local user may be able to read arbitrary files from an HFS, HFS+, or HFS+J filesystem
Description: An integer overflow issue existed in the handling of the F_READBOOTSTRAP ioctl. A local user may be able to read arbitrary files from an HFS, HFS+, or HFS+J filesystem.
CVE-ID
CVE-2011-0180 : Dan Rosenberg of Virtual Security Research
ImageIO:
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6
Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Description: A heap buffer overflow issue existed in ImageIO's handling of JPEG images. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.
CVE-ID
CVE-2011-0170 : Andrzej Dyjak working with iDefense VCP
ImageIO:
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6
Impact: Viewing a maliciously crafted XBM image may result in an unexpected application termination or arbitrary code execution
Description: An integer overflow issue existed in ImageIO's handling of XBM images. Viewing a maliciously crafted XBM image may result in an unexpected application termination or arbitrary code execution.
CVE-ID
CVE-2011-0181 : Harry Sintonen
ImageIO:
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6
Impact: Viewing a maliciously crafted TIFF image may result in an unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in libTIFF's handling of JPEG encoded TIFF images. Viewing a maliciously crafted TIFF image may result in an unexpected application termination or arbitrary code execution.
CVE-ID
CVE-2011-0191 : Apple
ImageIO:
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6
Impact: Viewing a maliciously crafted TIFF image may result in an unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in libTIFF's handling of CCITT Group 4 encoded TIFF images. Viewing a maliciously crafted TIFF image may result in an unexpected application termination or arbitrary code execution.
CVE-ID
CVE-2011-0192 : Apple
ImageIO:
Available for: Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6
Impact: Viewing a maliciously crafted JPEG-encoded TIFF image may result in an unexpected application termination or arbitrary code execution
Description: An integer overflow issue existed in ImageIO's handling of JPEG-encoded TIFF images. Viewing a maliciously crafted TIFF image may result in an unexpected application termination or arbitrary code execution. This issue does not affect systems prior to Mac OS X v10.6.
CVE-ID
CVE-2011-0194 : Dominic Chell of NGS Secure
Image RAW:
Available for: Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6
Impact: Viewing a maliciously crafted Canon RAW image may result in an unexpected application termination or arbitrary code execution
Description: Multiple buffer overflow issues existed in Image RAW's handling of Canon RAW images. Viewing a maliciously crafted Canon RAW image may result in an unexpected application termination or arbitrary code execution.
CVE-ID
CVE-2011-0193 : Paul Harrington of NGS Secure
Installer:
Available for: Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6
Impact: Visiting a maliciously crafted website may lead to the installation of an agent that contacts an arbitrary server when the user logs in, and mislead the user into thinking that the connection is with Apple
Description: A URL processing issue in Install Helper may lead to the installation of an agent that contacts an arbitrary server when the user logs in. The dialog resulting from a connection failure may lead the user to believe that the connection was attempted with Apple. This issue is addressed by removing Install Helper.
CVE-ID
CVE-2011-0190 : Aaron Sigel of vtty.com
Kerberos:
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6
Impact: Multiple vulnerabilities in MIT Kerberos 5
Description: Multiple cryptographic issues existed in MIT Kerberos 5. Only CVE-2010-1323 affects Mac OS X v10.5. Further information on the issues and the patches applied is available via the MIT Kerberos website at http://web.mit.edu/Kerberos/
CVE-ID
CVE-2010-1323
CVE-2010-1324
CVE-2010-4020
CVE-2010-4021
Kernel:
Available for: Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6
Impact: A local user may be able to execute arbitrary code with system privileges
Description: A privilege checking issue existed in the i386_set_ldt system call's handling of call gates. A local user may be able to execute arbitrary code with system privileges. This issue is addressed by disallowing creation of call gate entries via i386_set_ldt().
CVE-ID
CVE-2011-0182 : Jeff Mears
Libinfo:
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6
Impact: A remote attacker may be able to cause a denial of service on hosts that export NFS file systems
Description: An integer truncation issue existed in Libinfo's handling of NFS RPC packets. A remote attacker may be able to cause NFS RPC services such as lockd, statd, mountd, and portmap to become unresponsive.
CVE-ID
CVE-2011-0183 : Peter Schwenk of the University of Delaware
libxml:
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6
Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Description: A memory corruption issue existed in libxml's XPath handling. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.
CVE-ID
CVE-2010-4008 : Bui Quang Minh from Bkis (www.bkis.com)
libxml:
Available for: Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6
Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Description: A double free issue existed in libxml's handling of XPath expressions. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue does not affect systems prior to Mac OS X v10.6.
CVE-ID
CVE-2010-4494 : Yang Dingning of NCNIPC, Graduate University of Chinese Academy of Sciences
Mailman:
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6
Impact: Multiple vulnerabilities in Mailman 2.1.13
Description: Multiple cross-site scripting issues existed in Mailman 2.1.13. These issues are addressed by updating Mailman to version 2.1.14. Further information is available via the Mailman site at http://mail.python.org/pipermail/mailman-announce/2010-September/000154.html
CVE-ID
CVE-2010-3089
PHP:
Available for: Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6
Impact: Multiple vulnerabilities in PHP 5.3.3
Description: PHP is updated to version 5.3.4 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. Further information is available via the PHP website at http://www.php.net/
CVE-ID
CVE-2006-7243
CVE-2010-2950
CVE-2010-3709
CVE-2010-3710
CVE-2010-3870
CVE-2010-4150
CVE-2010-4409
PHP:
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8
Impact: Multiple vulnerabilities in PHP 5.2.14
Description: PHP is updated to version 5.2.15 to address multiple vulnerabilities, the most serious of which may lead to arbitary code execution. Further information is available via the PHP website at http://www.php.net/
CVE-ID
CVE-2010-3436
CVE-2010-3709
CVE-2010-4150
QuickLook:
Available for: Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6
Impact: Downloading a maliciously crafted Excel file may lead to an unexpected application termination or arbitrary code execution
Description: A memory corruption issue existed in QuickLook's handling of Excel files. Downloading a maliciously crafted Excel file may lead to an unexpected application termination or arbitrary code execution. This issue does not affect systems prior to Mac OS X v10.6.
CVE-ID
CVE-2011-0184 : Tobias Klein working with Verisign iDefense Labs
QuickLook:
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6
Impact: Downloading a maliciously crafted Microsoft Office file may lead to an unexpected application termination or arbitrary code execution
Description: A memory corruption issue existed in QuickLook's handling of Microsoft Office files. Downloading a maliciously crafted Microsoft Office file may lead to an unexpected application termination or arbitrary code execution.
CVE-ID
CVE-2011-1417 : Charlie Miller and Dion Blazakis, working with TippingPoint's Zero Day Initiative
QuickTime:
Available for: Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6
Impact: Viewing a maliciously crafted JPEG2000 image with QuickTime may lead to an unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in QuickTime's handling of JPEG2000 images. Viewing a maliciously crafted JPEG2000 image with QuickTime may lead to an unexpected application termination or arbitrary code execution.
CVE-ID
CVE-2011-0186 : Will Dormann of the CERT/CC
QuickTime:
Available for: Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6
Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution
Description: An integer overflow existed in QuickTime's handling of movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. For Mac OS X v10.5 this issue was addressed in QuickTime 7.6.9.
CVE-ID
CVE-2010-4009 : Honggang Ren of Fortinet's FortiGuard Labs
QuickTime:
Available for: Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6
Impact: Viewing a maliciously crafted FlashPix image may lead to an unexpected application termination or arbitrary code execution
Description: A memory corruption issue existed in QuickTime's handling of FlashPix images. Viewing a maliciously crafted FlashPix image may lead to an unexpected application termination or arbitrary code execution. For Mac OS X v10.5 this issue was addressed in QuickTime 7.6.9.
CVE-ID
CVE-2010-3801 : Damian Put working with TippingPoint's Zero Day Initiative, and Rodrigo Rubira Branco from the Check Point Vulnerability Discovery Team
QuickTime:
Available for: Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6
Impact: Visiting a maliciously crafted website may lead to the disclosure of video data from another site
Description: A cross-origin issue existed in QuickTime plug-in's handling of cross-site redirects. Visiting a maliciously crafted website may lead to the disclosure of video data from another site. This issue is addressed by preventing QuickTime from following cross-site redirects.
CVE-ID
CVE-2011-0187 : Nirankush Panchbhai and Microsoft Vulnerability Research (MSVR)
QuickTime:
Available for: Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6
Impact: Viewing a maliciously crafted QTVR movie file may lead to an unexpected application termination or arbitrary code execution
Description: A memory corruption issue existed in QuickTime's handling of panorama atoms in QTVR (QuickTime Virtual Reality) movie files. Viewing a maliciously crafted QTVR movie file may lead to an unexpected application termination or arbitrary code execution. For Mac OS X v10.5 this issue was addressed in QuickTime 7.6.9.
CVE-ID
CVE-2010-3802 : an anonymous researcher working with TippingPoint's Zero Day Initiative
Ruby:
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6
Impact: Running a Ruby script that uses untrusted input to create a BigDecimal object may lead to an unexpected application termination or arbitrary code execution
Description: An integer truncation issue existed in Ruby's BigDecimal class. Running a Ruby script that uses untrusted input to create a BigDecimal object may lead to an unexpected application termination or arbitrary code execution. This issue only affects 64-bit Ruby processes.
CVE-ID
CVE-2011-0188 : Apple
Samba:
Available for: Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6
Impact: If SMB file sharing is enabled, a remote attacker may cause a denial of service or arbitrary code execution
Description: A stack buffer overflow existed in Samba's handling of Windows Security IDs. If SMB file sharing is enabled, a remote attacker may cause a denial of service or arbitrary code execution.
CVE-ID
CVE-2010-3069
Subversion
Available for: Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6
Impact: Subversion servers that use the non-default "SVNPathAuthz short_circuit" mod_dav_svn configuration setting may allow unauthorized users to access portions of the repository
Description: Subversion servers that use the non-default "SVNPathAuthz short_circuit" mod_dav_svn configuration setting may allow unauthorized users to access portions of the repository. This issue is addressed by updating Subversion to version 1.6.13. This issue does not affect systems prior to Mac OS X v10.6.
CVE-ID
CVE-2010-3315
Terminal:
Available for: Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6
Impact: When ssh is used in Terminal's "New Remote Connection" dialog, SSH version 1 is selected as the default protocol version
Description: When ssh is used in Terminal's "New Remote Connection" dialog, SSH version 1 is selected as the default protocol version. This issue is addressed by changing the default protocol version to "Automatic". This issue does not affect systems prior to Mac OS X v10.6.
CVE-ID
CVE-2011-0189 : Matt Warren of HNW Inc.
X11:
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6
Impact: Multiple vulnerabilities in FreeType
Description: Multiple vulnerabilities existed in FreeType, the most serious of which may lead to arbitrary code execution when processing a maliciously crafted font. These issues are addressed by updating FreeType to version 2.4.3. Further information is available via the FreeType site at http://www.freetype.org/

New in Apple Security Update Server 2010-007 (Nov 11, 2010)

AFP Server:
CVE-ID: CVE-2010-1828
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
Impact: A remote attacker may cause AFP Server to unexpectedly shutdown
Description: A null pointer dereference exists in AFP Server's handling of reconnect authentication packets. A remote attacker may cause AFP Server to unexpectedly shutdown. Mac OS X automatically restarts AFP Server after a shutdown. This issue is addressed through improved validation of reconnect packets. Credit: Apple.
AFP Server:
CVE-ID: CVE-2010-1829
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
Impact: An authenticated user may cause arbitrary code execution
Description: A directory traversal issue exists in AFP Server, which may allow an authenticated user to create files outside of a share with the permissions of the user. With a system configuration where users are permitted file sharing access only, this may lead to arbitrary code execution. This issue is addressed through improved path validation. Credit: Apple.
AFP Server:
CVE-ID: CVE-2010-1830
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
Impact: A remote attacker may determine the existence of an AFP share
Description: An error handling issue exists in AFP Server. This may allow a remote attacker to determine the existence of an AFP share with a given name. This issue is addressed through improved signaling of error conditions. Credit: Apple.
Apache mod_perl:
CVE-ID: CVE-2009-0796
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
Impact: A remote attacker may cause cross-site scripting against the web server
Description: A cross-site scripting issue exists in Apache mod_perl's encoding of HTML output for the /perl-status page. An attacker may leverage this issue to inject arbitrary script code in the context of a web site served by Apache. This issue does not affect the default configuration as mod_perl and its status page are not enabled by default. This issue is addressed by properly escaping HTML output.
Apache:
CVE-ID: CVE-2010-0408, CVE-2010-0434
Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
Impact: Multiple vulnerabilities in Apache 2.2.14
Description: Apache is updated to version 2.2.15 to address several vulnerabilities, the most serious of which may lead to a denial of service. Further information is available via the Apache web site at http://httpd.apache.org/
AppKit:
CVE-ID: CVE-2010-1842
Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
Impact: Rendering a bidirectional string that requires truncation may lead to an unexpected application termination or arbitrary code execution
Description: A buffer overflow exists in AppKit. If a string containing bidirectional text is rendered, and it is truncated with an ellipsis, AppKit may apply an inappropriate layout calculation. This could lead to an unexpected application termination or arbitrary code execution. This issue is addressed by avoiding the inappropriate layout calculation. Credit to Jesse Ruderman of Mozilla Corporation for reporting this issue.
ATS:
CVE-ID: CVE-2010-1831
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
Impact: Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution
Description: A buffer overflow exists in Apple Type Services' handling of embedded fonts with long names. Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution. This issue is addressed through improved bounds checking.
ATS:
CVE-ID: CVE-2010-1832
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
Impact: Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution
Description: A stack buffer overflow exists in Apple Type Services' handling of embedded fonts. Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution. On Mac OS X v10.6 systems this issue is mitigated by the -fstack-protector compiler flag. This issue is addressed through improved bounds checking. Credit: Apple.
ATS:
CVE-ID: CVE-2010-1833
Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
Impact: Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution
Description: A memory corruption issue exists in Apple Type Services' handling of embedded fonts. Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution. This issue is addressed through improved bounds checking. This issue does not affect systems prior to Mac OS X v10.6. Credit to Marc Schoenefeld of Red Hat, and Christoph Diehl of Mozilla for reporting this issue.
ATS:
CVE-ID: CVE-2010-1797
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8
Impact: Viewing or downloading a document containing a maliciously crafted embedded CFF font may lead to arbitrary code execution
Description: A signedness issue exists in Apple Type Services' handling of Compact Font Format (CFF) fonts. Viewing or downloading a document containing a maliciously crafted embedded CFF font may lead to arbitrary code execution. This issue is addressed through improved handling of CFF fonts. This issue does not affect Mac OS X v10.6 systems. Credit to Matias Eissler and Anibal Sacco of Core Security Technologies for reporting this issue.
CFNetwork:
CVE-ID: CVE-2010-1752
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Description: A stack overflow exists in CFNetwork's URL handling code. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit to Laurent OUDOT of TEHTRI-Security, and Neil Fryer of IT Security Geeks for reporting this issue.
CFNetwork:
CVE-ID: CVE-2010-1834
Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
Impact: Visiting a maliciously crafted website may cause cookies to be set for other sites
Description: An implementation issue exists in CFNetwork's handling of domain specifications in cookies. CFNetwork allows cookies to be set for a partial IP address. A maliciously crafted website may set a cookie that will be sent to a third-party site, if the third-party site is accessed by IP address. This update addresses the issue by through improved validation of domains specified in cookies.
CoreGraphics:
CVE-ID: CVE-2010-1836
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution
Description: A stack buffer overflow exists in CoreGraphics' handling of PDF files. Opening a maliciously crafted PDF file may lead to an unexpected application termination. On 32-bit systems, it may also lead to arbitrary code execution. This update addresses the issues through improved bounds and error checking. Credit to Andrew Kiss for reporting this issue.
CoreText:
CVE-ID: CVE-2010-1837
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
Impact: Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution
Description: A memory corruption issue exists in CoreText's handling of font files. Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved validation of font files. Credit: Apple.
CUPS:
CVE-ID: CVE-2010-2941
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
Impact: A remote attacker may cause an unexpected application termination or arbitrary code execution
Description: A memory corruption issue exists in the handling of Internet Printing Protocol (IPP) requests in CUPS. By sending a maliciously crafted IPP request, a remote attacker may cause an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory management. This issue may only be triggered remotely on systems with Printer Sharing enabled. Printer Sharing is not enabled by default. Credit to Emmanuel Bouillon of NATO C3 Agency for reporting this issue.
Directory Services:
CVE-ID: CVE-2010-1838
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
Impact: A local attacker may bypass the password validation and log in to a mobile account
Description: An error handling issue exists in Directory Service. A local attacker with knowledge of the name of a disabled mobile account, or a mobile account that allows a limited number of login failures, may bypass the password validation and log in to the account. This issue is addressed through improved handling of disabled accounts.
Directory Services:
CVE-ID: CVE-2010-1840
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
Impact: An attacker may be able to cause an unexpected application termination or arbitrary code execution
Description: A stack buffer overflow exists in Directory Services' password validation. An attacker may be able to cause an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit to Rodrigo Rubira Branco from Check Point Vulnerability Discovery Team (VDT), and Rainer Mueller for reporting this issue.
diskdev_cmds:
CVE-ID: CVE-2010-0105
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
Impact: A local user may be able to prevent the system from starting properly
Description: An implementation issue exists fsck_hfs' handling of directory trees. A local user may be able to prevent the system from starting properly. This issue is addressed through improved validation of directory trees. Credit to Maksymilian Arciemowicz of SecurityReason for reporting this issue.
Disk Images:
CVE-ID: CVE-2010-1841
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
Impact: Opening a maliciously crafted disk image may lead to an unexpected application termination or arbitrary code execution
Description: A memory corruption issue exists in processing UDIF disk images. Opening a maliciously crafted disk image may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved validation of UDIF disk images. Credit to Marc Schoenefeld of Red Hat for reporting this issue.
Flash Player plug-in:
CVE-ID: CVE-2008-4546, CVE-2009-3793, CVE-2010-0209, CVE-2010-1297, CVE-2010-2160, CVE-2010-2161, CVE-2010-2162, CVE-2010-2163, CVE-2010-2164, CVE-2010-2165, CVE-2010-2166, CVE-2010-2167, CVE-2010-2169, CVE-2010-2170, CVE-2010-2171, CVE-2010-2172, CVE-2010-2173, CVE-2010-2174, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2179, CVE-2010-2180, CVE-2010-2181, CVE-2010-2182, CVE-2010-2183, CVE-2010-2184, CVE-2010-2185, CVE-2010-2186, CVE-2010-2187, CVE-2010-2189, CVE-2010-2188, CVE-2010-2213, CVE-2010-2214, CVE-2010-2215, CVE-2010-2216, CVE-2010-2884, CVE-2010-3636, CVE-2010-3638, CVE-2010-3639, CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, CVE-2010-3652, CVE-2010-3654, CVE-2010-3976
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
Impact: Multiple vulnerabilities in Adobe Flash Player plug-in
Description: Multiple issues exist in the Adobe Flash Player plug-in, the most serious of which may lead to arbitrary code execution. The issues are addressed by updating the Flash Player plug-in to version 10.1.102.64. Further information is available via the Adobe web site at http://www.adobe.com/support/security/
gzip:
CVE-ID: CVE-2010-0001
Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
Impact: Extracting a maliciously crafted archive may lead to an unexpected application termination or arbitrary code execution
Description: An integer overflow exists in gzip's handling of archives that use LZW compression. Extracting a maliciously crafted archive may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. This issue does not affect systems prior to Mac OS X v10.6. Credit to Aki Helin of the Oulu University Secure Programming Group for reporting this issue.
gzip:
CVE-ID: CVE-2009-2624
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
Impact: Extracting a maliciously crafted archive may lead to an unexpected application termination or arbitrary code execution
Description: An buffer overflow exists in gzip. Extracting a maliciously crafted archive may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory management.
Image Capture:
CVE-ID: CVE-2010-1844
Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
Impact: Downloading a maliciously crafted image may lead to an unexpected system shutdown
Description: A unbounded memory consumption issue exists in Image Capture. Downloading a maliciously crafted image may lead to an unexpected system shutdown. This issue is addressed through improved input validation. This issue does not affect systems prior to Mac OS X v10.6. Credit to Steven Fisher of Discovery Software Ltd. for reporting this issue.
ImageIO:
CVE-ID: CVE-2010-1845
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
Impact: Viewing a maliciously crafted PSD image may lead to an unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues exist in ImageIO's handling of PSD images. Viewing a maliciously crafted PSD image may lead to an unexpected application termination or arbitrary code execution. These issues are addressed through improved validation of PSD images. Credit to Dominic Chell of NGSSoftware for reporting one of these issues.
ImageIO:
CVE-ID: CVE-2010-1811
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
Impact: Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution
Description: A heap buffer overflow exists in the handling of TIFF Images. Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit: Apple.
ImageIO:
CVE-ID: CVE-2010-2249, CVE-2010-1205
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
Impact: Multiple vulnerabilities in libpng
Description: libpng is updated to version 1.4.3 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. Further information is available via the libpng website at http://www.libpng.org/pub/png/libpng.html
Image RAW:
CVE-ID: CVE-2010-1846
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
Impact: Viewing a maliciously crafted RAW image may lead to an unexpected application termination or arbitrary code execution
Description: A heap buffer overflow exists in Image RAW's handling of images. Viewing a maliciously crafted RAW image may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit: Apple.
Kernel:
CVE-ID: CVE-2010-1847
Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
Impact: A local user may cause an unexpected system shutdown
Description: A memory management issue in the handling of terminal devices may allow a local user to cause an unexpected system shutdown. This issue is addressed through improved memory management.
MySQL:
CVE-ID: CVE-2010-1848, CVE-2010-1849, CVE-2010-1850
Available for: Mac OS X Server v10.5.8, Mac OS X Server v10.6 through v10.6.4
Impact: Multiple vulnerabilities in MySQL 5.0.88
Description: MySQL is updated to version 5.0.91 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. MySQL is only provided with Mac OS X Server systems. Further information is available via the MySQL web site at http://dev.mysql.com/doc/refman/5.0/en/news-5-0-91.html
neon:
CVE-ID: CVE-2009-2473, CVE-2009-2474
Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
Impact: Multiple vulnerabilities in neon 0.28.3
Description: neon is updated to version 0.28.6 to address several vulnerabilities, the most serious of which may allow a man-in-the-middle attacker to redirect connections and intercept user credentials or other sensitive information. Further information is available via the neon web site at http://www.webdav.org/neon/
Networking:
CVE-ID: CVE-2010-1843
Available for: Mac OS X v10.6.2 through v10.6.4, Mac OS X Server v10.6.2 through v10.6.4
Impact: A remote attacker may cause an unexpected system shutdown
Description: A null pointer dereference issue exists in the handling of Protocol Independent Multicast (PIM) packets. By sending a maliciously crafted PIM packet, a remote attacker may cause an unexpected system shutdown. This issue is addressed through improved validation of PIM packets. This issue does not affect systems prior to Mac OS X v10.6.2. Credit to an anonymous researcher working with TippingPoint's Zero Day Initiative for reporting this issue.
OpenLDAP:
CVE-ID: CVE-2010-0211
Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
Impact: A remote attacker may cause a denial of service or arbitrary code execution
Description: A memory management issue exists in OpenLDAP. By sending a maliciously crafted query an attacker may cause a denial of service or arbitrary code execution. This issue is addressed through improved memory management.
OpenLDAP:
CVE-ID: CVE-2010-0212
Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
Impact: A remote attacker may cause a denial of service
Description: A null pointer dereference exists in OpenLDAP. By sending a maliciously crafted query an attacker may cause a denial of service. This issue is addressed through improved memory management. Credit to Ilkka Mattila and Tuomas Salomaki for reporting this issue.
OpenSSL:
CVE-ID: CVE-2010-1378
Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
Impact: A remote user may bypass TLS authentication or spoof a trusted server
Description: An arithmetic issue exists in OpenSSL's certificate validation. A remote user may bypass certificate validation steps, and cause OpenSSL to accept any certificate signed by a trusted root as valid. This issue is addressed through improved certificate validation. This issue does not affect systems prior to Mac OS X v10.6. This issue only affects the Mac OS X distribution of OpenSSL. Credit to Ryan Govostes of RPISEC for reporting this issue.
Password Server:
CVE-ID: CVE-2010-3783
Available for: Mac OS X Server v10.5.8, Mac OS X Server v10.6 through v10.6.4
Impact: A remote attacker may be able to log in with an outdated password
Description: An implementation issue in Password Server's handling of replication may cause passwords to not be replicated. A remote attacker may be able to log in to a system using an outdated password. This issue is addressed through improved handling of password replication. This issue only affects Mac OS X Server systems. Credit: Apple.
PHP:
CVE-ID: CVE-2010-0397, CVE-2010-2531
Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
Impact: Multiple vulnerabilities in PHP 5.3.2
Description: PHP is updated to version 5.3.3 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. Further information is available via the PHP website at http://www.php.net/
PHP:
CVE-ID: CVE-2010-0397, CVE-2010-2531, CVE-2010-2484
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8
Impact: Multiple vulnerabilities in PHP 5.2.12
Description: PHP is updated to version 5.2.14 to address multiple vulnerabilities, the most serious of which may lead to arbitary code execution. Further information is available via the PHP website at http://www.php.net/
Printing:
CVE-ID: CVE-2010-3784
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
Impact: Applications that use the PMPageFormatCreateWithDataRepresentation API may be vulnerable to an unexpected application termination
Description: A null dereference issue exists in the PMPageFormatCreateWithDataRepresentation API's handling of XML data. Applications that use this API may be vulnerable to an unexpected application termination. This issue is addressed through improved handling of XML data. Credit to Wujun Li of Microsoft for reporting this issue.
python:
CVE-ID: CVE-2009-4134, CVE-2010-1449, CVE-2010-1450
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
Impact: Python applications using the rgbimg and audioop modules may be vulnerable to an unexpected application termination or arbitrary code execution.
Description: Multiple integer overflows exists in python's rgbimg and audioop modules. Python applications using the rgbimg and audioop modules may be vulnerable to an unexpected application termination or arbitrary code execution. These issues are addressed through improved bounds checking.
QuickLook:
CVE-ID: CVE-2010-3785
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
Impact: Downloading a maliciously crafted Microsoft Office file may lead to an unexpected application termination or arbitrary code execution
Description: A buffer overflow exists in QuickLook's handling of Microsoft Office files. Downloading a maliciously crafted Microsoft Office file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. Credit: Apple.
QuickLook:
CVE-ID: CVE-2010-3786
Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
Impact: Downloading a maliciously crafted Excel file may lead to an unexpected application termination or arbitrary code execution
Description: A memory corruption issue exists in QuickLook's handling of Excel files. Downloading a maliciously crafted Excel file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. This issue does not affect systems prior to Mac OS X v10.6. Credit to Tobias Klein, working with VeriSign iDefense Labs for reporting this issue.
QuickTime:
CVE-ID: CVE-2010-3787
Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
Impact: Viewing a maliciously crafted JP2 image may lead to an unexpected application termination or arbitrary code execution
Description: A heap buffer overflow exists in QuickTime's handling of JP2 images. Viewing a maliciously crafted JP2 image may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit to Nils of MWR InfoSecurity for reporting this issue.
QuickTime:
CVE-ID: CVE-2010-3788
Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
Impact: Viewing a maliciously crafted JP2 image may lead to an unexpected application termination or arbitrary code execution
Description: An uninitialized memory access issue exists in QuickTime's handling of JP2 images. Viewing a maliciously crafted JP2 image may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved validation of JP2 images. Credit to Damian Put and Procyun, working with TippingPoint's Zero Day Initiative for reporting this issue.
QuickTime:
CVE-ID: CVE-2010-3789
Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
Impact: Viewing a maliciously crafted avi file may lead to an unexpected application termination or arbitrary code execution
Description: A memory corruption issue is in QuickTime's handling of avi files. Viewing a maliciously crafted avi file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of avi files. Credit to Damian Put working with TippingPoint's Zero Day Initiative for reporting this issue.
QuickTime:
CVE-ID: CVE-2010-3790
Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution
Description: A memory corruption issue exists in QuickTime's handling of movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of movie files. Credit to Honggang Ren of Fortinet's FortiGuard Labs for reporting this issue.
QuickTime:
CVE-ID: CVE-2010-3791
Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution
Description: A buffer overflow exists in QuickTime's handling of MPEG encoded movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit to an anonymous researcher working with TippingPoint's Zero Day Initiative for reporting this issue.
QuickTime:
CVE-ID: CVE-2010-3792
Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution
Description: A signedness issue exists in QuickTime's handling of MPEG encoded movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of MPEG encoded movie files. Credit to an anonymous researcher working with TippingPoint's Zero Day Initiative for reporting this issue.
QuickTime:
CVE-ID: CVE-2010-3793
Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution
Description: A memory corruption issue exists in the handling of Sorenson encoded movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved validation of Sorenson encoded movie files. Credit to an anonymous researcher working with TippingPoint's Zero Day Initiative and Carsten Eiram of Secunia Research for reporting this issue.
QuickTime:
CVE-ID: CVE-2010-3794
Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
Impact: Viewing a maliciously crafted FlashPix image may lead to an unexpected application termination or arbitrary code execution
Description: An uninitialized memory access issue exists in QuickTime's handling of FlashPix images. Viewing a maliciously crafted FlashPix image may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory management. Credit to an anonymous researcher working with TippingPoint's Zero Day Initiative for reporting this issue.
QuickTime:
CVE-ID: CVE-2010-3795
Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
Impact: Viewing a maliciously crafted GIF image may lead to an unexpected application termination or arbitrary code execution
Description: An unitialized memory access issue exists in QuickTime's handling of GIF images. Viewing a maliciously crafted GIF image may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory management. Credit to an anonymous researcher working with TippingPoint's Zero Day Initiative for reporting this issue.
Safari RSS:
CVE-ID: CVE-2010-3796
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
Impact: Accessing a maliciously crafted "feed:" URL may lead to the disclosure of sensitive information
Description: Java applets are allowed in RSS feeds. Since Java applets can modify the loading DOM, accessing a maliciously crafted "feed:" URL may lead to the disclosure of sensitive information. This issue is addressed by disallowing Java applets in RSS feeds. Credit to Jason Hullinger of IOActive for reporting this issue.
Time Machine:
CVE-ID: CVE-2010-1803
Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
Impact: A remote attacker may access a user's Time Machine information
Description: The user may designate a remote AFP volume to be used for Time Machine backups. Time Machine does not verify that the same physical device is being used for subsequent backup operations. An attacker who is able to spoof the remote AFP volume can gain access to the user's backup information. This issue is addressed by verifying the unique identifier associated with a disk for backup operations. This issue does not affect Mac OS X v10.5 systems.
Wiki Server:
CVE-ID: CVE-2010-3797
Available for: Mac OS X Server v10.5.8, Mac OS X Server v10.6 through v10.6.4
Impact: A user who can edit wiki pages may obtain the credentials of other users
Description: A JavaScript injection issue exists in Wiki Server. A user who can edit wiki pages may obtain the credentials of any user who visits the edited pages. This issue is addressed through improved input validation. This issue only affects Mac OS X Server systems. Credit: Apple.
X11:
CVE-ID: CVE-2010-1205, CVE-2010-2249, CVE-2010-0205
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
Impact: Multiple vulnerabilities in libpng version 1.2.41
Description: Multiple vulnerabilities exist in libpng version 1.2.42, the most serious of which may lead to arbitrary code execution. These issues are addressed by updating to version 1.2.44. Further information is available via the libpng website at http://www.libpng.org/pub/png/libpng.html
X11:
CVE-ID: CVE-2009-0946, CVE-2010-2497, CVE-2010-2498, CVE-2010-2499, CVE-2010-2500, CVE-2010-2519, CVE-2010-2520, CVE-2010-2805, CVE-2010-2806, CVE-2010-2807, CVE-2010-2808, CVE-2010-3053, CVE-2010-3054
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
Impact: Multiple vulnerabilities in FreeType 2.3.9
Description: Multiple vulnerabilities exist in FreeType 2.3.9, the most serious of which may lead to arbitrary code execution when processing a maliciously crafted font. These issues are addressed by updating FreeType to version 2.4.2. Further information is available via the FreeType site at http://www.freetype.org/
xar:
CVE-ID: CVE-2010-3798
Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
Impact: Extracting a maliciously crafted xar archive may lead to an unexpected application termination or arbitrary code execution
Description: A heap buffer overflow exists in xar. Extracting a maliciously crafted xar archive may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. This issue does not affect systems prior to Mac OS X v10.6. Credit: Apple.

New in Apple Security Update Server 2010-005 (Aug 25, 2010)

ATS:
CVE-ID: CVE-2010-1808
 Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.4, Mac OS X Server v10.6.4 
Impact: Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution 
Description: A stack buffer overlow exists in Apple Type Services' handling of embedded fonts. Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution. This issue is addressed through improved bounds checking.
CFNetwork: 
CVE-ID: CVE-2010-1800 
Available for: Mac OS X v10.6.4, Mac OS X Server v10.6.4 
Impact: An attacker with a privileged network position may intercept user credentials or other sensitive information 
Description: CFNetwork permits anonymous TLS/SSL connections. This may allow a man-in-the-middle attacker to redirect connections and intercept user credentials or other sensitive information. This issue does not affect the Mail application. This issue is addressed by disabling anonymous TLS/SSL connections. This issue does not affect systems prior to Mac OS X v10.6.3. Credit to Aaron Sigel of vtty.com, Jean-Luc Giraud of Citrix, Tomas Bjurman of Sirius IT, and Wan-Teh Chang of Google, Inc. for reporting this issue.
ClamAV: 
CVE-ID: CVE-2010-0098, CVE-2010-1311 
Available for: Mac OS X Server v10.5.8, Mac OS X Server v10.6.4 
Impact: Multiple vulnerabilities in ClamAV 
Description: Multiple vulnerabilities exist in ClamAV, the most serious of which may lead to arbitrary code execution. This update addresses the issues by updating ClamAV to version 0.96.1. ClamAV is distributed only with Mac OS X Server systems. Further information is available via the ClamAV website at http://www.clamav.net/
CoreGraphics: 
CVE-ID: CVE-2010-1801 
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.4, Mac OS X Server v10.6.4 
Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution 
Description: A heap buffer overflow exists in CoreGraphics' handling of PDF files. Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit to Rodrigo Rubira Branco from the Check Point Vulnerability Discovery Team (VDT) for reporting this issue.
libsecurity: 
CVE-ID: CVE-2010-1802 
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.4, Mac OS X Server v10.6.4 
Impact: An attacker in a privileged network position who can obtain a domain name that differs only in the last characters from the name of a legitimate domain may impersonate hosts in that domain 
Description: An issue exists in the handling of certificate host names. For host names containing three or more components, the last characters are not properly compared. In the case of a name containing exactly three components, only the last character is not checked. For example, if an attacker in a privileged network position could obtain a certificate for www.example.con the attacker can impersonate www.example.com. This issue is addressed through improved handling of certificate host names. Credit to Peter Speck for reporting this issue.
PHP: 
CVE-ID: CVE-2010-1205 
Available for: Mac OS X v10.6.4, Mac OS X Server v10.6.4 
Impact: Loading a maliciously crafted PNG image may lead to an unexpected application termination or arbitary code execution 
Description: A buffer overflow exists in PHP's libpng library. Loading a maliciously crafted PNG image may lead to an unexpected application termination or arbitary code execution. This issue is addressed by updating libpng within PHP to version 1.4.3. This issue does not affect systems prior to Mac OS X v10.6.
PHP: 
CVE-ID: CVE-2010-1129, CVE-2010-0397, CVE-2010-2225, CVE-2010-2531, CVE-2010-2484 
Available for: Mac OS X v10.6.4, Mac OS X Server v10.6.4 
Impact: Multiple vulnerabilities in PHP 5.3.1 
Description: PHP is updated to version 5.3.2 to address multiple vulnerabilities, the most serious of which may lead to arbitary code execution. Further information is available via the PHP website at http://www.php.net/
Samba: 
CVE-ID: CVE-2010-2063 
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.4, Mac OS X Server v10.6.4 
Impact: An unauthenticated remote attacker may cause a denial of service or arbitrary code execution 
Description: A buffer overflow exists in Samba. An unauthenticated remote attacker may cause a denial of service or arbitrary code execution by sending a maliciously crafted packet. This issue is addressed by performing additional validation of packets in Samba.

New in Apple Security Update Server 2010-004 (Jun 16, 2010)

New in Apple Security Update Server 2010-003 (Apr 14, 2010)

New in Apple Security Update Server 2009-006 (Nov 10, 2009)

AFP Client:
Impact: Accessing a malicious AFP server may lead to an unexpected system termination or arbitrary code execution with system privileges
Description: Multiple memory corruption issues exist in AFP Client. Connecting to a malicious AFP Server may cause an unexpected system termination or arbitrary code execution with system privileges. This update addresses the issues through improved bounds checking. These issues do not affect Mac OS X v10.6 systems. Credit: Apple.
Adaptive Firewall:
Impact: A brute force or dictionary attack to guess an SSH login password may not be detected by Adaptive Firewall
Description: Adaptive Firewall responds to suspicious activity, such as an unusual volume of access attempts, by creating a temporary rule to restrict access. In certain circumstances, Adaptive Firewall may not detect SSH login attempts using invalid user names. This update addresses the issue through improved detection of invalid SSH login attempts. This issue only affects Mac OS X Server systems. Credit: Apple.
Apache:
Impact: Multiple vulnerabilities in Apache 2.2.11
Description: Apache is updated to version 2.2.13 to address several vulnerabilities, the most serious of which may lead to privilege escalation. Further information is available via the Apache web site at http://httpd.apache.org/
Impact: A remote attacker can conduct cross-site scripting attacks against Apache web server
Description: The Apache web server allows the TRACE HTTP method. A remote attacker may use this facility to conduct cross-site scripting attacks through certain web client software. This issue is addressed by updating the configuration to disable support for the TRACE method.
Apache Portable Runtime:
Impact: Applications using Apache Portable Runtime (apr) may be exploited for code execution
Description: Multiple integer overflows in Apache Portable Runtime (apr) may lead to an unexpected application termination or arbitrary code execution. These issues are addressed by updating Apache Portable Runtime to version 1.3.8 on Mac OS X v10.6 systems, and by applying the Apache Portable Runtime patches on Mac OS X v10.5.8 systems. Systems running Mac OS X v10.6 are affected only by CVE-2009-2412. Further information is available via the Apache Portable Runtime web site at http://apr.apache.org/
ATS:
Impact: Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution
Description: Multiple buffer overflows exist in Apple Type Services' handling of embedded fonts. Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution. This update addresses the issues through improved bounds checking. These issues do not affect Mac OS X v10.6 systems. Credit: Apple.
Certificate Assistant:
Impact: A user may be misled into accepting a certificate for a different domain
Description: An implementation issue exists in the handling of SSL certificates which have NUL characters in the Common Name field. A user could be misled into accepting an attacker-crafted certificate that visually appears to match the domain visited by the user. This issue is mitigated as Mac OS X does not consider such a certificate to be valid for any domain. This update addresses the issue through improved handling of SSL certificates.
CoreGraphics:
Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution
Description: Multiple integer overflows in CoreGraphics' handling of PDF files may result in a heap buffer overflow. Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issues through improved bounds checking. These issues do not affect Mac OS X v10.6 systems. Credit: Apple.
CoreMedia:
Impact: Viewing a maliciously crafted H.264 movie may lead to an unexpected application termination or arbitrary code execution
Description: A memory corruption issue exists in the handling of H.264 movie files. Viewing a maliciously crafted H.264 movie file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. This issue does not affect systems prior to Mac OS X v10.6. Credit to Tom Ferris of the Adobe Secure Software Engineering Team for reporting this issue.
Impact: Viewing a maliciously crafted H.264 movie may lead to an unexpected application termination or arbitrary code execution
Description: A heap buffer overflow exists in the handling of H.264 movie files. Viewing a maliciously crafted H.264 movie file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. This issue does not affect systems prior to Mac OS X v10.6. Credit to an anonymous researcher working with TippingPoint and the Zero Day Initiative for reporting this issue.
CUPS:
Impact: Acessing a maliciously crafted website or URL may lead to a cross-site scripting or HTTP response splitting attack
Description: An issue in CUPS may lead to cross-site scripting and HTTP response splitting. Accessing a maliciously crafted web page or URL may allow an attacker to access content available to the current local user via the CUPS web interface. This could include print system configuration and the titles of jobs that have been printed. This issue is addressed through improved handling of HTTP headers and HTML templates. Credit: Apple.
Dictionary:
Impact: A user on the local network may be able to cause arbitrary code execution
Description: A design issue in Dictionary allows maliciously crafted Javascript to write arbitrary data to arbitary locations on the user's filesystem. This may allow another user on the local network to execute arbitrary code on the user's system. This update addresses the issue by removing the vulnerable code. This issue does not affect Mac OS X v10.6 systems. Credit: Apple.
DirectoryService:
Impact: A remote attacker may cause an unexpected application termination or arbitrary code execution
Description: A memory corruption issue exists in DirectoryService. This may allow a remote attacker to cause an unexpected application termination or arbitrary code execution. This update only affects systems configured as DirectoryService servers. This update addresses the issue through improved memory handling. This issue does not affect Mac OS X v10.6 systems. Credit: Apple.
Disk Images:
Impact: Downloading a maliciously crafted disk image may lead to an unexpected application termination or arbitrary code execution
Description: A heap buffer overflow exists in the handling of disk images containing FAT filesystems. Downloading a maliciously crafted disk image may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. This issue does not affect Mac OS X v10.6 systems. Credit: Apple.
Dovecot:
Impact: A local user may cause an unexpected application termination or arbitrary code execution with system privilege
Description: Multiple buffer overflows exist in dovecot-sieve. By implementing a maliciously crafted dovecot-sieve script, a local user may cause an unexpected application termination or arbitrary code execution with system privileges. This update addresses the issue by performing additional validation of dovecot-sieve scripts. This issue affects Mac OS X Server systems only. This issue does not affect systems prior to Mac OS X v10.6.
Event Monitor:
Impact: A remote attacker may cause log injection
Description: A log injection issue exists in Event Monitor. By connecting to the SSH server with maliciously crafted authentication information, a remote attacker may cause log injection. This may lead to a denial of service as log data is processed by other services. This update addresses the issue through improved escaping of XML output. This issue affects Mac OS X Server systems only. This issue does not affect Mac OS X v10.6 systems. Credit: Apple.
fetchmail:
Impact: fetchmail is updated to 6.3.11
Description: fetchmail has been updated to 6.3.11 to address a man-in-the-middle issue. Further information is available via the fetchmail web site at http://fetchmail.berlios.de/
file:
Impact: Running the file command on a maliciously crafted Common Document Format (CDF) file may lead to an unexpected application termination or arbitrary code execution
Description: Multiple buffer overflows vulnerabilities exist in the file command line tool. Running the file command on a maliciously crafted Common Document Format (CDF) file may lead to an unexpected application termination or arbitrary code execution. These issues are addressed by updating file to version 5.03. These issues do not affect systems prior to Mac OS X v10.6.
FTP Server:
Impact: An attacker with access to FTP and the ability to create directories on a system may be able to cause unexpected application termination or arbitrary code execution
Description: A buffer overflow exists in FTP Server's CWD command line tool. Issuing the CWD command on a deeply nested directory hierarchy may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. This issue affects Mac OS X Server systems only. Credit: Apple.
Help Viewer:
Impact: Using Help Viewer on an untrusted network may result in arbitrary code execution
Description: Help Viewer does not use HTTPS for viewing remote Apple Help content. A user on the local network may send spoofed HTTP responses containing malicious help:runscript links. This update addresses the issue by using HTTPS when requesting remote Apple Help content. Credit to Brian Mastenbrook for reporting this issue.
ImageIO:
Impact: Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution
Description: A buffer underflow exists in ImageIO's handling of TIFF images. Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking.
International Components for Unicode:
Impact: Applications that use the UCCompareTextDefault API may be vulnerable to an unexpected application termination or arbitrary code execution
Description: A buffer overflow exists in the UCCompareTextDefault API, which may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved memory management. This issue does not affect Mac OS X v10.6 systems. Credit to Nikita Zhuk and Petteri Kamppuri of MK&C for reporting this issue.
IOKit:
Impact: A non-privileged user may be able to modify the keyboard firmware
Description: A non-privileged user may alter the firmware in an attached USB or Bluetooth Apple keyboard. This update addresses the issue by requiring system privileges to send firmware to USB or Bluetooth Apple keyboards. Credit to K. Chen of Georgia Institute of Technology for reporting this issue.
IPSec:
Impact: Multiple vulnerabilities in the racoon daemon may lead to a denial of service
Description: Multiple vulnerabilities in the racoon daemon's ipsec-tools before 0.7.2 may lead to a denial of service. This update addresses the issues by applying patches from the IPsec-Tools project. Further information is available via the IPsec-Tools web site at http://ipsec-tools.sourceforge.net/
Kernel:
Impact: A local user may cause information disclosure, an unexpected system shutdown, or arbitrary code execution
Description: Multiple input validation issues exist in Kernel's handling of task state segments. These may allow a local user to cause information disclosure, an unexpected system shutdown, or arbitrary code execution. This update addresses the issues through improved input validation. Credit to Regis Duchesne of VMware, Inc. for reporting this issue.
Launch Services:
Impact: Attempting to open unsafe downloaded content may not lead to a warning
Description: When Launch Services is called to open a quarantined folder, it will recursively clear quarantine information from all files contained within the folder. The quarantine information that is cleared is used trigger a user warning prior to opening the item. This would allow the user to launch a potentially unsafe item, such as an application, without being presented with the appropriate warning dialog. This update addresses the issue by not clearing this quarantine information from the folder's content. This issue does not affect systems prior to Mac OS X v10.6. Credit: Apple.
libsecurity:
Impact: Support for X.509 certificates with MD2 hashes may expose users to spoofing and information disclosure as attacks improve
Description: There are known cryptographic weaknesses in the MD2 hash algorithm. Further research could allow the creation of X.509 certificates with attacker controlled values that are trusted by the system. This could expose X.509 based protocols to spoofing, man in the middle attacks, and information disclosure. While it is not yet considered computationally feasible to mount an attack using these weaknesses, this update disables support for an X.509 certificate with an MD2 hash for any use other than as trusted root certificate. This is a proactive change to protect users in advance of improved attacks against the MD2 hash algorithm. Credit to Dan Kaminsky of IOACTIVE and Microsoft Vulnerability Research (MSVR) for reporting this issue.
libxml:
Impact: Parsing maliciously crafted XML content may lead to an unexpected application termination
Description: Multiple use-after-free issues exist in libxml2, the most serious may lead to an unxexpected application termination. This update addresses the issues through improved memory handling. Credit to Rauli Kaksonen and Jukka Taimisto from the CROSS project at Codenomicon Ltd. for reporting these issues.
Login Window:
Impact: A user may log in to any account without supplying a password
Description: A race condition exists in Login Window. If an account on the system has no password, such as the Guest account, a user may log in to any account without supplying a password. This update addresses the issue through improved access checks. This issue does not affect systems prior to Mac OS X v.10.6.
OpenLDAP:
Impact: A man-in-the-middle attacker may be able to impersonate a trusted OpenLDAP server or user even when SSL is being used
Description: An implementation issue exists in OpenLDAP's handling of SSL certificates which have NUL characters in the Common Name field. Using a maliciously crafted SSL certificate, an attacker may be able to perform a man-in-the-middle attack on OpenLDAP transactions which use SSL. This update addresses the issue through improved handling of SSL certificates.
Impact: Multiple vulnerabilities in OpenLDAP
Description: Multiple vulnerabilities exist in OpenLDAP, the most serious of which may lead a denial of service or arbitrary code execution. This update addresses the issues by applying the OpenLDAP patches for the referenced CVE IDs. Further information is available via the OpenLDAP web site at http://www.openldap.org/. These issues do not affect Mac OS X v10.6 systems.
OpenSSH:
Impact: Data in an OpenSSH session may be disclosed
Description: An error handling issue exists in OpenSSH, which may lead to the disclosure of certain data in an SSH session. This update addresses the issue by updating OpenSSH to version 5.2p1. Further information is available via the OpenSSH web site at http://www.openssh.com/txt/release-5.2 This issue does not affect Mac OS X v10.6 systems.
PHP:
Impact: Multiple vulnerabilities in PHP 5.2.10
Description: PHP is updated to version 5.2.11 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. Further information is available via the PHP website at http://www.php.net/ These issues do not affect Mac OS X v10.6 systems.
QuickDraw Manager:
Impact: Opening a maliciously crafted PICT image may lead to an unexpected application termination or arbitrary code execution
Description: A heap buffer overflow exists in QuickDraw's handling of PICT images. Opening a maliciously crafted PICT image may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of PICT images. Credit to Nicolas Joly of VUPEN Vulnerability Research Team for reporting this issue.
QuickLook:
Impact: Downloading a maliciously crafted Microsoft Office file may lead to an unexpected application termination or arbitrary code execution
Description: An integer overflow in QuickLook's handling of Microsoft Office files may lead to a buffer overflow. Downloading a maliciously crafted Microsoft Office file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. This issue does not affect Mac OS X v10.6 systems. Credit: Apple.
QuickTime:
Impact: Viewing a maliciously crafted H.264 movie may lead to an unexpected application termination or arbitrary code execution
Description: A memory corruption issue exists in the handling of H.264 movie files. Viewing a maliciously crafted H.264 movie file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. This issue is already addressed in QuickTime 7.6.4 for both Mac OS X v10.5.8 and Windows. Credit to Tom Ferris of the Adobe Secure Software Engineering Team for reporting this issue.
Impact: Viewing a maliciously crafted H.264 movie may lead to an unexpected application termination or arbitrary code execution
Description: A heap buffer overflow exists in the handling of H.264 movie files. Viewing a maliciously crafted H.264 movie file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. This issue is already addressed in QuickTime 7.6.4 for both Mac OS X v10.5.8 and Windows. Credit to an anonymous researcher working with TippingPoint and the Zero Day Initiative for reporting this issue.
Impact: Opening a maliciously crafted MPEG-4 video file may lead to an unexpected application termination or arbitrary code execution
Description: A buffer overflow exists in QuickTime's handling of MPEG-4 video files. Opening a maliciously crafted MPEG-4 video file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. This issue is already addressed in QuickTime 7.6.4 for both Mac OS X v10.5.8 and Windows. Credit to Alex Selivanov for reporting this issue.
Impact: Viewing a maliciously crafted FlashPix file may lead to an unexpected application termination or arbitrary code execution
Description: A heap buffer overflow exists in QuickTime's handling of FlashPix files. Viewing a maliciously crafted FlashPix file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. This issue is already addressed in QuickTime 7.6.4 for both Mac OS X v10.5.8 and Windows. Credit to Damian Put working with TippingPoint and the Zero Day Initiative for reporting this issue.
FreeRADIUS:
Impact: A remote attacker may terminate the operation of the RADIUS service
Description: An issue exists in FreeRADIUS in the handling of Access-Request messages. A remote attacker may cause the RADIUS service to terminate by sending an Access-Request message containing a Tunnel-Password attribute with a zero-length attribute value. After any unexpected termination, the RADIUS service will be automatically restarted. This update addresses the issue through improved validation of zero-length attributes. This issue does not affect Mac OS X v10.6 systems.
Screen Sharing:
Impact: Accessing a malicious VNC server may lead to an unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues exist in the Screen Sharing client. Accessing a malicious VNC server, such as by opening a vnc:// URL, may cause an unexpected application termination or arbitrary code execution. This update addresses the issues through improved memory handling. This issue does not affect Mac OS X v10.6 systems. Credit: Apple.
Spotlight:
Impact: A local user may manipulate files with the privileges of another user
Description: An insecure file operation exists in Spotlight's handling of temporary files. This could allow a local user to overwrite files with the privileges of another user. This update addresses the issue through improved handling of temporary files. This issue does not affect Mac OS X v10.6 systems. Credit: Apple.
Subversion:
Impact: Accessing a Subversion repository may lead to an unexpected application termination or arbitrary code execution
Description: Multiple heap buffer overflows in Subversion may lead to an unexpected application termination or arbitrary code execution. This update addresses the issues by updating Subversion to version 1.6.5 for Mac OS X v10.6 systems, and by applying the Subversion patches for Mac OS X v10.5.8 systems. Further information is available via the Subversion web site at http://subversion.tigris.org/

New in Apple Security Update Server 2009-005 (Sep 11, 2009)

Alias Manager- A buffer overflow exists in the handling of alias files. Opening a maliciously crafted alias file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. This issue does not affect Mac OS X v10.6 systems. Credit: Apple.
CarbonCore - Opening a file with a maliciously crafted resource fork may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue exists in the Resource Manager's handling of resource forks. Opening a file with a maliciously crafted resource fork may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved validation of resource forks. This issue does not affect Mac OS X v10.6 systems. Credit: Apple.
ClamAV - Multiple vulnerabilities exist in ClamAV 0.94.2, the most serious of which may lead to arbitrary code execution. This update addresses the issues by updating ClamAV to version 0.95.2. ClamAV is distributed only with Mac OS X Server systems. Further information is available via the ClamAV website at http://www.clamav.net/ These issues do not affect Mac OS X v10.6 systems.
ColorSync - An integer overflow exists in the handling of images with an embedded ColorSync profile, which may lead to a heap buffer overflow. Opening a maliciously crafted image with an embedded ColorSync profile may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of ColorSync profiles. This issue does not affect Mac OS X v10.6 systems. Credit: Apple.
CoreGraphics - An integer overflow in CoreGraphics' handling of PDF files may result in a heap buffer overflow. Opening a PDF file containing a maliciously crafted JBIG2 stream may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. Credit to Will Dormann of CERT/CC for reporting this issue. This issue does not affect Mac OS X v10.6 systems.
CoreGraphics - A heap buffer overflow exists in the drawing of long text strings. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. This issue does not affect Mac OS X v10.6 systems. Credit to Will Drewry of Google Inc. for reporting this issue.
CUPS - A null pointer dereference exists in CUPS. By repeatedly sending maliciously crafted scheduler requests, a remote attacker may be able to deny access to the Printer Sharing service. This update addresses the issue through improved validation of scheduler requests. This issue does not affect Mac OS X v10.6 systems. Credit to Anibal Sacco of the CORE IMPACT Exploit Writing Team (EWT) at Core Security Technologies for reporting this issue.
CUPS - A heap buffer overflow exists in the CUPS USB backend. This may allow a local user to obtain system privileges. This update addresses the issue through improved bounds checking. This issue does not affect systems prior to Mac OS X v10.5, or Mac OS X v10.6 systems.
Flash Player plug-in - Multiple issues exist in the Adobe Flash Player plug-in, the most serious of which may lead to arbitrary code execution when viewing a maliciously crafted web site. The issues are addressed by updating the Flash Player plug-in on Mac OS v10.5.8 to version 10.0.32.18, and to version 9.0.246.0 on Mac OS X v10.4.11 systems. For Mac OS X v10.6 systems, these issues are addressed in Mac OS X v10.6.1. Further information is available via the Adobe web site at http://www.adobe.com/support/security/bulletins/apsb09-10.html
ImageIO - Multiple memory corruption issues exist in ImageIO's handling of PixarFilm encoded TIFF images. Viewing a maliciously crafted PixarFilm encoded TIFF image may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through additional validation of PixarFilm encoded TIFF images. This issue does not affect Mac OS X v10.6 systems. Credit: Apple.
Launch Services - This update adds '.fileloc' to the system's list of content types that will be flagged as potentially unsafe under certain circumstances, such as when they are downloaded from an e-mail. While these content types are not automatically opened, if manually opened they could lead to the execution of a malicious payload. This update improves the system's ability to notify users before handling '.fileloc' files. This issue does not affect Mac OS X v10.6 systems. Credit: Apple.
Launch Services - When an application is downloaded, Launch Services analyzes its exported document types. A design issue in the handling of the exported document types may cause Launch Services to associate a safe file extension with an unsafe Uniform Type Identifier (UTI). Visiting a malicious website may cause an unsafe file type to be opened automatically. This update addresses the issue through improved handling of exported document types from untrusted applications. This issue does not affect systems prior to Mac OS X v10.5, or Mac OS X v10.6 systems. Credit: Apple.
MySQL - MySQL is updated to version 5.0.82 to address an implementation issue that allows a local user to obtain elevated privileges. This issue only affects Mac OS X Server systems. This issue does not affect Mac OS X v10.6 systems. Further information is available via the MySQL web site at http://dev.mysql.com/doc/refman/5.0/en/news-5-0-82.html
PHP - PHP is updated to version 5.2.10 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. Further information is available via the PHP website at http://www.php.net/ These issues do not affect Mac OS X v10.6 systems.
SMB - An unchecked error condition exists in Samba. A user who does not have a configured home directory, and connects to the Windows File Sharing service, will be able to access the contents of the file system, subject to local file system permissions. This update addresses the issue by improving the handling of path resolution errors. This issue does not affect systems prior to Mac OS X v10.5, or Mac OS X v10.6 systems. Credit to J. David Hester of LCG Systems National Institutes of Health for reporting this issue.
Wiki Server - A cross site scripting issue exists in the Wiki Server's handling of search requests containing non-UTF-8 encoded data. This may allow a remote attacker to access a Wiki server with the credentials of the Wiki Server user performing the search. This update addresses the issue by setting UTF-8 as the default character set in HTTP responses. This issue does not affect systems prior to Mac OS X v10.5, or Mac OS X v10.6 systems. Credit: Apple.

Apple Security Update Server Changelog

What's new in Apple Security Update Server 2014-003

New in Apple Security Update Server 2014-002 (Apr 22, 2014)

New in Apple Security Update Server 2013-004 (Sep 13, 2013)

New in Apple Security Update Server 2013-002 (Jun 5, 2013)

New in Apple Security Update Server 2012-001 v1.1 (Feb 4, 2012)

New in Apple Security Update Server 2011-006 (Oct 13, 2011)

New in Apple Security Update Server 2011-004 (Jun 24, 2011)

New in Apple Security Update Server 2011-002 (Apr 15, 2011)

New in Apple Security Update Server 2011-001 (Mar 21, 2011)

New in Apple Security Update Server 2010-007 (Nov 11, 2010)

New in Apple Security Update Server 2010-005 (Aug 25, 2010)

New in Apple Security Update Server 2010-004 (Jun 16, 2010)

New in Apple Security Update Server 2010-003 (Apr 14, 2010)

New in Apple Security Update Server 2009-006 (Nov 10, 2009)

New in Apple Security Update Server 2009-005 (Sep 11, 2009)

New in Apple Security Update Server 2009-004 (Aug 13, 2009)