Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2010.0763 Apple Security Update 2010-005 25 August 2010 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Mac OS X v10.5.8 Mac OS X Server v10.5.8 Mac OS X v10.6.4 Mac OS X Server v10.6.4 Publisher: Apple Operating System: Mac OS X Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Provide Misleading Information -- Remote with User Interaction Access Confidential Data -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2010-2531 CVE-2010-2484 CVE-2010-2225 CVE-2010-2063 CVE-2010-1808 CVE-2010-1802 CVE-2010-1801 CVE-2010-1800 CVE-2010-1311 CVE-2010-1205 CVE-2010-1129 CVE-2010-0397 CVE-2010-0098 Reference: ASB-2010.0189 ASB-2010.0157.2 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2010-08-24-1 Security Update 2010-005 Security Update 2010-005 is now available and addresses the following: ATS CVE-ID: CVE-2010-1808 Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.4, Mac OS X Server v10.6.4 Impact: Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution Description: A stack buffer overlow exists in Apple Type Services' handling of embedded fonts. Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution. This issue is addressed through improved bounds checking. CFNetwork CVE-ID: CVE-2010-1800 Available for: Mac OS X v10.6.4, Mac OS X Server v10.6.4 Impact: An attacker with a privileged network position may intercept user credentials or other sensitive information Description: CFNetwork permits anonymous TLS/SSL connections. This may allow a man-in-the-middle attacker to redirect connections and intercept user credentials or other sensitive information. This issue does not affect the Mail application. This issue is addressed by disabling anonymous TLS/SSL connections. This issue does not affect systems prior to Mac OS X v10.6.3. Credit to Tomas Bjurman of Sirius IT, Jean-Luc Giraud of Citrix, and Aaron Sigel of vtty.com for reporting this issue. ClamAV CVE-ID: CVE-2010-0098, CVE-2010-1311 Available for: Mac OS X Server v10.5.8, Mac OS X Server v10.6.4 Impact: Multiple vulnerabilities in ClamAV Description: Multiple vulnerabilities exist in ClamAV, the most serious of which may lead to arbitrary code execution. This update addresses the issues by updating ClamAV to version 0.96.1. ClamAV is distributed only with Mac OS X Server systems. Further information is available via the ClamAV website at http://www.clamav.net/ CoreGraphics CVE-ID: CVE-2010-1801 Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.4, Mac OS X Server v10.6.4 Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow exists in CoreGraphics' handling of PDF files. Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit to Rodrigo Rubira Branco from the Check Point Vulnerability Discovery Team (VDT) for reporting this issue. libsecurity CVE-ID: CVE-2010-1802 Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.4, Mac OS X Server v10.6.4 Impact: An attacker in a privileged network position who can obtain a domain name that differs only in the last characters from the name of a legitimate domain may impersonate hosts in that domain Description: An issue exists in the handling of certificate host names. For host names containing three or more components, the last characters are not properly compared. In the case of a name containing exactly three components, only the last character is not checked. For example, if an attacker in a privileged network position could obtain a certificate for www.example.con the attacker can impersonate www.example.com. This issue is addressed through improved handling of certificate host names. Credit to Peter Speck for reporting this issue. PHP CVE-ID: CVE-2010-1205 Available for: Mac OS X v10.6.4, Mac OS X Server v10.6.4 Impact: Loading a maliciously crafted PNG image may lead to an unexpected application termination or arbitary code execution Description: A buffer overflow exists in PHP's libpng library. Loading a maliciously crafted PNG image may lead to an unexpected application termination or arbitary code execution. This issue is addressed by updating libpng within PHP to version 1.4.3. This issue does not affect systems prior to Mac OS X v10.6. PHP CVE-ID: CVE-2010-1129, CVE-2010-0397, CVE-2010-2225, CVE-2010-2531, CVE-2010-2484 Available for: Mac OS X v10.6.4, Mac OS X Server v10.6.4 Impact: Multiple vulnerabilities in PHP 5.3.1 Description: PHP is updated to version 5.3.2 to address multiple vulnerabilities, the most serious of which may lead to arbitary code execution. Further information is available via the PHP website at http://www.php.net/ Samba CVE-ID: CVE-2010-2063 Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.4, Mac OS X Server v10.6.4 Impact: An unauthenticated remote attacker may cause a denial of service or arbitrary code execution Description: A buffer overflow exists in Samba. An unauthenticated remote attacker may cause a denial of service or arbitrary code execution by sending a maliciously crafted packet. This issue is addressed by performing additional validation of packets in Samba. Security Update 2010-005 may be obtained from the Software Update pane in System Preferences, or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ For Mac OS X v10.6.4 The download file is named: SecUpd2010-005Snow.dmg Its SHA-1 digest is: 0f849caddd3b61383dabf423848f9f8059f4656e For Mac OS X Server v10.6.4 The download file is named: SecUpdSrvr2010-005.dmg Its SHA-1 digest is: 0a089a7c367ae2f38149ad1f535cc5ff078d3f15 For Mac OS X v10.5.8 The download file is named: SecUpd2010-005.dmg Its SHA-1 digest is: 22912e8c3756c03ea7565c7689b05952bae0bb50 For Mac OS X Server v10.5.8 The download file is named: SecUpdSrvr2010-005.dmg Its SHA-1 digest is: f2accfece4593b7a2658f65b2076c3b83227ff8c Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ - -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (Darwin) iQEcBAEBAgAGBQJMc/7GAAoJEGnF2JsdZQeeypMIAJhchg9dd+oAtJz8hpchV+y5 UxfXFMkbGA7UnSFwEY/18UqMnrU98eFhbsRI2wVTte4W0oXbSCvCTqaGIkbTXJv8 6VO3SHWR6qWaU2JGqgtycKAd/uktgJoMz/HGJJdfYwEzvXISQSDqMCGbh4EI9RSC raIOS7PHFRhia/MkdnHZ+AAQik9Ols+pS9l3UwN19p34/U/vSWe04uZKqAAF4g4w NWkq7y583lfWinyWKqtq+mmytAVrfKD//+gqK4C5CjFPRy2q4AsAhyHqC1WoWSEy L4ShL/3I1d0oam8AGnRsCB3rIJOFN+ba/BnDuw+Aeq3HzYNAHGhit8LihKjZV/A= =FU0L - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iD8DBQFMdH04/iFOrG6YcBERAliCAKCqDpnpMWupwvaMTc8Q5dG/bWy5SwCgj0OK OglR4xzSX2SYV1eWwFKlWKo= =McVA -----END PGP SIGNATURE-----