From blb@pobox.com Tue Mar 4 20:51:41 2003 From: Bryan Blackburn To: Bugtraq Date: Mon, 3 Mar 2003 17:46:50 -0700 Subject: Fwd: APPLE-SA-2003-03-03 sendmail ----- Forwarded message from Product Security ----- Return-Path: Date: Mon, 03 Mar 2003 14:09:17 -0800 Subject: APPLE-SA-2003-03-03 sendmail From: Product Security To: Message-ID: Mime-version: 1.0 Content-type: text/plain; charset="US-ASCII" Content-transfer-encoding: 7bit List-Subscribe: , -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2003-03-03 sendmail Security Update 2003-03-03 is now available. It contains fixes for the following potential security issues: * Sendmail: Fixes CAN-2002-1337 where a remote attacker could gain elevated privileges on affected hosts. Sendmail is not enabled by default on Mac OS X, so only those systems which have explictly enabled sendmail are vulnerable. All customers of Mac OS X, however, are encouraged to apply this update. * OpenSSL: Fixes CAN-2003-0078, where it is theoretically possible for a third-party to extract the original plaintext of encrypted messages sent over the network. Security Update 2003-03-03 applies this fix for Mac OS X 10.2.4, and customers of earlier Mac OS X versions may obtain the patch from the OpenSSL web site: http://www.openssl.org/ Security Update 2003-03-03 may be obtained from: * Software Update pane in System Preferences (updating from Mac OS X 10.1.5 and 10.2.4) - OR - * Apple's Software Downloads web site: Updating from Mac OS X 10.2.4: http://www.info.apple.com/kbnum/n120195 The download file is named: "1024SecUpd2003-03-03.dmg" Its SHA-1 digest is: 2eb722f340d4e57aa79bb5422b94d556888cbf38 Security Update 2003-03-03 for Mac OS X 10.1.5 is planned to be available on March 4. Information is also posted to the Apple Support web site: http://docs.info.apple.com/article.html?artnum=61798 This message is signed with Apple's Product Security PGP key, and details are available at: http://www.apple.com/support/security/security_pgp.html -----BEGIN PGP SIGNATURE----- Version: PGP 8.0 iQEVAwUBPmOrFyFlYNdE6F9oAQKKGwf+M/zZAtIErkTeyAvWvJ/JpltKxCpMDsTv vl0MBWLg/qtF6ZJdFOkwybpvMMzGK67B6MACH+42NMLPVA61iRLX551B5AYaG9Vv oBzDff89eMPxl+xcx+JK9mgkXRPkpSWw0XZxvLXagjhfWXlGAZbEF399os+/TTQF xvWOV4X6/v0D1KPmbOPmgRiOzjprS4cmDrI/LcKVkWFDLJVmDJ2LqoomIQmvldZQ wC3X/xrIqN0UUI368xfi8MTIIGwQmyNLG4SfqMU1GmyldsNCrRbj0PyQcunfUtmL pYmN6Lui5HI1QshnEQGrB4pcIpzdUrDsQIkW8yVfVMVHibkN/sTXlw== =0V8+ -----END PGP SIGNATURE----- _______________________________________________ security-announce mailing list | security-announce@lists.apple.com Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/security-announce Do not post admin requests to the list. They will be ignored. ----- End forwarded message -----