Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: InfoSec Handlers Diary Blog - Apple patches and updates InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Apple patches and updates

Published: 2009-05-12
Last Updated: 2009-05-12 23:07:09 UTC
by Swa Frantzen (Version: 1)
1 comment(s)

Apple released patches today:

  • Apple OS X 10.5.7 update  / Security update 2009-002

    10.5.7 is an update of the operating system (much like a service pack in the windows world) and contains functionality as well as security updates.

    The security content of this update is:

    • Apache: CVE-2008-2939, CVE-2008-0456
    • ATS: CVE-2009-0154
    • BIND (update to 9.3.6-P1 or 9.4.2-P1): CVE-2009-0025
    • CFNetwork: CVE-2009-0144, CVE-2009-0157
    • CoreGraphics: CVE-2009-0155, CVE-2009-0146, CVE-2009-0147, CVE-2009-0165
    • Cscope: CVE-2009-0148
    • CUPS: CVE-2009-0164
    • Disk Images: CVE-2009-0150, CVE-2009-0149
    • Enscript (update to 1.6.4): CVE-2004-1184, CVE-2004-1185, CVE-2004-1186, CVE-2008-3863
    • Flash Player plug-in (update to or CVE-2009-0519, CVE-2009-0520, CVE-2009-0114
    • Help Viewer: CVE-2009-0942, CVE-2009-0943
    • iChat: CVE-2009-0152
    • International Components for Unicode: CVE-2009-0153
    • IPSec:CVE-2008-3651, CVE-2008-3652
    • Kerberos: CVE-2009-0845, CVE-2009-0846, CVE-2009-0847, CVE-2009-0844
    • Kernel: CVE-2008-1517
    • Launch Services: CVE-2009-0156
    • libxml: CVE-2008-3529
    • Net-SNMP: CVE-2008-4309
    • Network Time: CVE-2009-0021, CVE-2009-0159
    • Networking: CVE-2008-3530
    • OpenSSL: CVE-2008-5077
    • PHP: CVE-2008-3659, CVE-2008-2829, CVE-2008-3660, CVE-2008-2666, CVE-2008-2371, CVE-2008-2665, CVE-2008-3658, CVE-2008-5557 (upgrade to 5.2.8)
    • QuickDraw Manager: CVE-2009-0160, CVE-2009-0010
    • Ruby (a.o. update to 1.8.6-p287): CVE-2008-3443, CVE-2008-3655, CVE-2008-3656, CVE-2008-3657, CVE-2008-3790, CVE-2009-0161
    • Safari: CVE-2009-0162
    • Spotlight: CVE-2009-0944
    • system_cmds
    • telnet: CVE-2009-0158
    • WebKit: CVE-2009-0945
    • X11 (a.o. updates to FreeType 2.3.8, libpng 1.2.35): CVE-2006-0747, CVE-2007-2754, CVE-2008-2383, CVE-2008-1382, CVE-2009-0040, CVE-2009-0946

    as always, this update is all or nothing, o no mixing and matching of what you need more urgently than other.

  • Safari 4 beta
    • libxml:  CVE-2008-3529
    • Safari:  CVE-2009-0162
    • WebKit:  CVE-2009-0945
  • Safari 3.2.3
    • libxml:  CVE-2008-3529
    • Safari:  CVE-2009-0162
    • WebKit:  CVE-2009-0945

Swa Frantzen -- Section 66


1 comment(s)
Diary Archives