Apple Mac OS X security patch bundle 2006-002

Published: 2006-03-13. Last Updated: 2006-03-14 17:17:02 UTC
by Swa Frantzen (Version: 1)

0 comment(s)

Apple released some more security patches today for Mac OS X in a bundle called 2006-002.

CoreTypes: CVE-2006-0400

Fix for an XSS scripting vulnerability in archives by flagging the documents as unsafe.

Mail: CVE-2006-0396

Fix for a vulnerability allowing arbitrary code execution by clicking on crafted email messages

Safari, LaunchServices, CoreTypes: CVE-2006-0397, CVE-2006-0398, CVE-2006-0399

Additional checks on top of those in the previous update.

Various non security rated regression fixes in a.o. apache_mod_php (still based on PHP 4.4.1, not on the latest 4.4.2) and rsync.

It's interesting to note that rsync reports it's version after patching as:

$ rsync --version
rsync� version 2.5.5� protocol version 26
Copyright (C) 1996-2002 by Andrew Tridgell and others
�http://rsync.samba.org/�
Capabilities: 64-bit files, socketpairs, hard links, symlinks, batchfiles, 
              no IPv6, 32-bit system inums, 64-bit internal inums

rsync comes with ABSOLUTELY NO WARRANTY.  This is free software, and you
are welcome to redistribute it under certain conditions.  See the GNU
General Public Licence for details.

While a quick visit to http://rsync.samba.org/ shows there have been quite a few versions and fixed vulnerabilities in the mean time.

--
Swa Frantzen - Section 66

Keywords:

0 comment(s)

Internet Storm Center

Apple Mac OS X security patch bundle 2006-002

Comments