Threat Level: green Handler on Duty: Pasquale Stirparo

SANS ISC: InfoSec Handlers Diary Blog - Apple Mac OS X security patch bundle 2006-002 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Apple Mac OS X security patch bundle 2006-002

Published: 2006-03-13
Last Updated: 2006-03-14 17:17:02 UTC
by Swa Frantzen (Version: 1)
0 comment(s)
Apple released some more security patches today for Mac OS X in a bundle called 2006-002.
Fix for an XSS scripting vulnerability in archives by flagging the documents as unsafe.
Fix for a vulnerability allowing arbitrary code execution by clicking on crafted email messages
Additional checks on top of those in the previous update.
  • Various non security rated regression fixes in a.o.  apache_mod_php (still based on PHP 4.4.1, not on the latest 4.4.2) and rsync.
It's interesting to note that rsync reports it's version after patching as:
$ rsync --version
rsync  version 2.5.5  protocol version 26
Copyright (C) 1996-2002 by Andrew Tridgell and others
«http://rsync.samba.org/»
Capabilities: 64-bit files, socketpairs, hard links, symlinks, batchfiles,
no IPv6, 32-bit system inums, 64-bit internal inums

rsync comes with ABSOLUTELY NO WARRANTY. This is free software, and you
are welcome to redistribute it under certain conditions. See the GNU
General Public Licence for details.
While a quick visit to http://rsync.samba.org/ shows there have been quite a few versions and fixed vulnerabilities in the mean time.

--
Swa Frantzen - Section 66
Keywords:
0 comment(s)
Diary Archives