Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2010.0052 APPLE-SA-2010-01-19-1 Security Update 2010-001 20 January 2010 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: CoreAudio CUPS Flash Player plug-in ImageIO Image RAW OpenSSL Publisher: Apple Operating System: Mac OS X Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Denial of Service -- Remote with User Interaction Access Confidential Data -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2010-0037 CVE-2010-0036 CVE-2009-3951 CVE-2009-3800 CVE-2009-3799 CVE-2009-3798 CVE-2009-3797 CVE-2009-3796 CVE-2009-3794 CVE-2009-3555 CVE-2009-3553 CVE-2009-2285 Reference: ASB-2009.1155 ASB-2009.1125 ESB-2009.1029 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2010-01-19-1 Security Update 2010-001 Security Update 2010-001 is now available and addresses the following: CoreAudio CVE-ID: CVE-2010-0036 Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.2, Mac OS X Server v10.6.2 Impact: Playing a maliciously crafted mp4 audio file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow exists in the handling of mp4 audio files. Playing a maliciously crafted mp4 audio file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit to Tobias Klein of trapkit.de for reporting this issue. CUPS CVE-ID: CVE-2009-3553 Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.2, Mac OS X Server v10.6.2 Impact: A remote attacker may cause an unexpected application termination of cupsd Description: A use-after-free issue exists in cupsd. By issuing a maliciously crafted get-printer-jobs request, an attacker may cause a remote denial of service. This is mitigated through the automatic restart of cupsd after its termination. This issue is addressed through improved connection use tracking. Flash Player plug-in CVE-ID: CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800, CVE-2009-3951 Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.2, Mac OS X Server v10.6.2 Impact: Multiple vulnerabilities in Adobe Flash Player plug-in Description: Multiple issues exist in the Adobe Flash Player plug- in, the most serious of which may lead to arbitrary code execution when viewing a maliciously crafted web site. The issues are addressed by updating the Flash Player plug-in to version 10.0.42. Further information is available via the Adobe web site at http://www.adobe.com/support/security/bulletins/apsb09-19.html Credit to an anonymous researcher and Damian Put working with TippingPoints Zero Day Initiative, Bing Liu of Fortinet's FortiGuard Global Security Research Team, Will Dormann of CERT, Manuel Caballero and Microsoft Vulnerability Research (MSVR). ImageIO CVE-ID: CVE-2009-2285 Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8 Impact: Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution Description: A buffer underflow exists in ImageIO's handling of TIFF images. Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.2. Image RAW CVE-ID: CVE-2010-0037 Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.2, Mac OS X Server v10.6.2 Impact: Viewing a maliciously crafted DNG image may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow exists in Image RAW's handling of DNG images. Viewing a maliciously crafted DNG image may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit to Jason Carr of Carnegie Mellon University Computing Services for reporting this issue. OpenSSL CVE-ID: CVE-2009-3555 Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.2, Mac OS X Server v10.6.2 Impact: An attacker with a privileged network position may capture data or change the operations performed in sessions protected by SSL Description: A man-in-the-middle vulnerability exists in the SSL and TLS protocols. Further information is available at http://www.phonefactor.com/sslgap A change to the renegotiation protocol is underway within the IETF. This update disables renegotiation in OpenSSL as a preventive security measure. The issue does not affect services using Secure Transport as it does not support renegotiation. Credit to Steve Dispensa and Marsh Ray of PhoneFactor, Inc. for reporting this issue. Security Update 2010-001 may be obtained from the Software Update pane in System Preferences, or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ For Mac OS X v10.5.8 The download file is named: SecUpd2010-001.dmg Its SHA-1 digest is: f3f5061ca161355c8a5f1d1a52d5e8a9e604a30d For Mac OS X Server v10.5.8 The download file is named: SecUpdSrvr2010-001.dmg Its SHA-1 digest is: 32c5ecdb0aeabe0f4eaa061a271242b6d96d8ba1 For Mac OS X v10.6.2 and Mac OS X Server v10.6.2 The download file is named: SecUpd2010-001Snow.dmg Its SHA-1 digest is: 8c1f0a08edf557d9242974e925ff58deb5e5dbf2 Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (Darwin) iQEcBAEBAgAGBQJLVgCAAAoJEHkodeiKZIkBWDkH/2C0cMXWVasLqk+z3c7UGP6T Y3749YLbz4nw201ElUkiMJalR7jdnz1GJkjgORrIev9U5nDozNdkrOdqEkW/DOUl 6fGitHWx8zYDBgQqVSeTz70w2AFosRBeHpEUW2QDUnBs2wC7LpWuIgFshPb8F5Oi sJCg+oCMGMY51x+PQjoMqO+guCowNNdFG/ibhnOfni33QYVQXgowhnOqsoouoGoS BorD9Utpqf1W94sxqt2OsKFuWoDyHUkxBVB73EWQ3NWWnCpR50nQP5aNaZQqDZc8 o1LinGLWBwaIkssc7YR8jvHkZVeUQ4a+dBGjxjg0t/ntzjvhUnOB+LlJ0Lx1A4I= =eH9l - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 If you believe that your computer system has been compromised or attacked in any way, we encourage you to let us know by completing the secure National IT Incident Reporting Form at: http://www.auscert.org.au/render.html?it=3192 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iD8DBQFLVkEsNVH5XJJInbgRAoMwAJ9dxpnA2DeLu6XoEa2Z2JuntD+PmwCeNiC7 9duY2hCP+vHBwIyieDsjzpA= =ExaP -----END PGP SIGNATURE-----