From da@securityfocus.com Tue May 4 16:43:16 2004 From: David Ahmad To: bugtraq@securityfocus.com Date: Mon, 3 May 2004 16:50:07 -0600 Subject: [product-security@apple.com: APPLE-SA-2004-05-03 Security Update 2004-05-03] ----- Forwarded message from Apple Product Security ----- From: Apple Product Security Subject: APPLE-SA-2004-05-03 Security Update 2004-05-03 To: Date: Mon, 03 May 2004 14:27:44 -0700 User-Agent: Microsoft-Outlook-Express-Macintosh-Edition/5.02.2022 Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2004-05-03 Security Update 2004-05-03 Security Update 2004-05-03 is now available and contains security enhancements for the following: CoreFoundation: Fixes CAN-2004-0428 to improve the handling of an environment variable. Credit to aaron@vtty.com for reporting this issue. Apache 2: Fixes CAN-2003-0020, CAN-2004-0113 and CAN-2004-0174 by updating to Apache 2 to version 2.0.49. RAdmin: Fixes CAN-2004-0429 to improve the handling of large requests AppleFileServer: Fixes CAN-2004-0430 to improve the handling of long passwords. Credit to Dave G. from @stake for reporting this issue. IPSec: Fixes CAN-2004-0155 and CAN-2004-0403 to improve the security of VPN tunnels. IPSec in Mac OS X is not vulnerable to CAN-2004-0392. Notes: - Security Update 2004-05-03 is available for both Mac OS X 10.3.3 and Mac OS X 10.2.8 - Security Update 2004-04-05 has been incorporated into this update ================================================ Security Update 2004-05-03 may be obtained from: * Software Update pane in System Preferences * Apple's Software Downloads web site: For Mac OS X 10.3.3 "Panther" ============================= http://download.info.apple.com/Mac_OS_X/061-1213.20040503.vngr3/2Z /SecUpd2004-05-03Pan.dmg The download file is named: "SecUpd2004-05-03Pan.dmg" Its SHA-1 digest is: 6f35539668d80ee536305a4146bd982a93706532 For Mac OS X Server 10.3.3 ========================== http://download.info.apple.com/Mac_OS_X/061-1215.20040503.mPp9k/2Z /SecUpdSrvr2004-05-03Pan.dmg The download file is named: "SecUpdSrvr2004-05-03Pan.dmg" Its SHA-1 digest is: 3c7da910601fd36d4cdfb276af4783ae311ac5d7 For Mac OS X 10.2.8 "Jaguar" ============================= http://download.info.apple.com/Mac_OS_X/061-1217.20040503.BmkY5/2Z /SecUpd2004-05-03Jag.dmg The download file is named: "SecUpd2004-05-03Jag.dmg" Its SHA-1 digest is: 11d5f365e0db58b369d85aa909ac6209e2f49945 For Mac OS X Server 10.2.8 ========================== http://download.info.apple.com/Mac_OS_X/061-1219.20040503.Zsw3S/2Z /SecUpdSrvr2004-05-03Jag.dmg The download file is named: "SecUpdSrvr2004-05-03Jag.dmg" Its SHA-1 digest is: 28859a4c88f6e1d1fe253388b233a5732b6e42fb Information will also be posted to the Apple Product Security web site: http://www.apple.com/support/security/security_updates.html This message is signed with Apple's Product Security PGP key, and details are available at: http://www.apple.com/support/security/security_pgp.html -----BEGIN PGP SIGNATURE----- Version: PGP 8.0.2 iQEVAwUBQJa38XeI0z6bzFr0AQKEjAf9HAvSxFVwKjmzZ1ZcqmVWhCfkNA9TIby7 Z9WOeAIhSFX1GVyetjQIeODLBYVj8bACK2fDj+deRv60VC6IQOxQNTSI5EwlkI/O Tnz9q77WwV0IaNugfZHWQglKiH6j5ZhMg9xZUQTEpJChPS6u0NN3J4nhj7diqlbK 4a6N+HLQ4jQvk4hpQoFYRGOVnHzso2SJpKUN5uJ2obTSUw528Gchugr1Uez4/m9G Pb5BZewX877Qc3t1icnlNxSXSru2TIrqef4+ZuJlek5N8lN0oda2KQ7pvkc0/raO oJnLTiJoGFxLV5jLw7PBd7bIRpUJXZa/xtyg1lj8XUf0r5SFGRVwww== =wmAo -----END PGP SIGNATURE----- _______________________________________________ security-announce mailing list | security-announce@lists.apple.com Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/security-announce Do not post admin requests to the list. They will be ignored. ----- End forwarded message ----- -- David Mirza Ahmad Symantec PGP: 0x26005712 8D 9A B1 33 82 3D B3 D0 40 EB AB F0 1E 67 C6 1A 26 00 57 12