Aktuálně - nový Security Update - MujMAC.cz - Apple, Mac OS X, Apple iPod

Odběr fotomagazínu

Fotografický magazín "iZIN IDIF" každý týden ve Vašem e-mailu.
Co nového ve světě fotografie!

 

Zadejte Vaši e-mailovou adresu:

Kamarád fotí rád?

Přihlas ho k odběru fotomagazínu!

 

Zadejte e-mailovou adresu kamaráda:

Seriály

Více seriálů



Novinky

Aktuálně - nový Security Update

5. října 2004, 00.00 | Na stránkách apple.com se objevil nový bezpečností update. Označení má Security Update 2004-09-30 (released 2004-10-04) a opravuje tyto komponenty: AFP Server, CUPS, Netinfo Manager, postfix a QuickTime.

Na stránkách apple.com se objevil nový bezpečností update. Označení má Security Update 2004-09-30 (released 2004-10-04) a opravuje tyto komponenty: AFP Server, CUPS, Netinfo Manager, postfix a QuickTime.

Security Update 2004-09-30 (released 2004-10-04)

  • AFP Server
    Available for: Mac OS X v10.3.5 and Mac OS X Server v10.3.5
    CVE-ID: CAN-2004-0921
    Impact: A denial of service permitting a guest to disconnect AFP volumes
    Description: An AFP volume mounted by a guest could be used to terminate authenticated user mounts from the same server by modifying SessionDestroy packets. This issue does not affect systems prior to Mac OS X v10.3 or Mac OS X Server v10.3.

  • AFP Server
    Available for: Mac OS X v10.3.5 and Mac OS X Server v10.3.5
    CVE-ID: CAN-2004-0922
    Impact: Write-only AFP Drop Box may be set as read-write
    Description: A write-only Drop Box on an AFP volume mounted by a guest could sometimes be read-write due to an incorrect setting of the guest group id. This issue does not affect systems prior to Mac OS X v10.3 or Mac OS X Server v10.3.

  • CUPS
    Available for: Mac OS X v10.3.5, Mac OS X Server v10.3.5, Mac OS X v10.2.8, Mac OS X Server v10.2.8
    CVE-ID: CAN-2004-0558
    Impact: A denial of service causing the printing system to hang
    Description: The Internet Printing Protocol (IPP) implementation in CUPS can hang when a certain UDP packet is sent to the IPP port.

  • CUPS
    Available for: Mac OS X v10.3.5, Mac OS X Server v10.3.5, Mac OS X v10.2.8, Mac OS X Server v10.2.8
    CVE-ID: CAN-2004-0923
    Impact: Local disclosure of user passwords
    Description: Certain methods of authenticated remote printing could disclose user passwords in the printing system log files. Credit to Gary Smith of the IT Services department at Glasgow Caledonian University for reporting this issue.

  • NetInfoManager
    Available for: Mac OS X v10.3.5 and Mac OS X Server v10.3.5
    CVE-ID: CAN-2004-0924
    Impact: Incorrect indication of account status
    Description: The NetInfo Manager utility can enable the "root" account, but after a single "root" login it is no longer possible to use NetInfo Manager to disable the account and it incorrectly appears to be disabled. This issue does not affect systems prior to Mac OS X v10.3 or Mac OS X Server v10.3.

  • postfix
    Available for: Mac OS X v10.3.5 and Mac OS X Server v10.3.5
    CVE-ID: CAN-2004-0925
    Impact: A denial of service when SMTPD AUTH has been enabled
    Description: When SMTPD AUTH has been enabled in postfix, a buffer containing the username is not correctly cleared between authentication attempts. Only users with the longest usernames will be able to authenticate. This issue does not affect systems prior to Mac OS X v10.3 or Mac OS X Server v10.3. Credit to Michael Rondinelli of EyeSee360 for reporting this issue.

  • QuickTime
    Available for: Mac OS X v10.3.5, Mac OS X Server v10.3.5, Mac OS X v10.2.8, Mac OS X Server v10.2.8
    CVE-ID: CAN-2004-0926
    Impact: A heap buffer overflow could allow attackers to execute arbitrary code
    Description: Flaws in decoding the BMP image type could overwrite heap memory and potentially allow the execution of arbitrary code hidden in an image.

  • ServerAdmin
    Available for: Mac OS X Server v10.3.5 and Mac OS X Server v10.2.8
    CVE-ID: CAN-2004-0927
    Impact: Client - Server communication with ServerAdmin can be read by decoding captured sessions
    Description: Client - Server communication with ServerAdmin uses SSL. All systems come installed with the same example self signed certificate. If that certificate has not been replaced, then ServerAdmin communication may be decrypted. The fix replaces the existing self-signed certificate with one that has been locally and uniquely generated.

Tématické zařazení:

 » Rubriky  » Novinky  

 

 

 

Nejčtenější články
Nejlépe hodnocené články
Apple kurzy

 

Přihlášení k mému účtu

Uživatelské jméno:

Heslo: