In concomitanza a Mac OS X 10.6.2, Apple rilascia il Security Update 2009-006 per Mac OS X 10.5.8, rivolto ad entrambe le versioni client e server.
Security Update 2009-006 migliora la sicurezza di Mac OS X andando a risolvere differenti bug che riguardano i seguenti elementi: AFP Client, Adaptive Firewall, Apache, Apache Portable Runtime, ATS, Certificate Assistant, CoreGraphics, CoreMedia, CUPS, Dictionary, DirectoryService, Disk Images, Dovecot, Event Monitor, fetchmail, FTP Server, Help Viewer, ImageIO, IOKit, IPSec, Kernel, libsecurity, libxml, Login Window, OpenLDAP, OpenSSH, PHP, QuickDraw Manager, QuickLook, QuickTime, FreeRADIUS, Screen Sharing, Spotlight, Subversion.
Security Update 2009-006 è disponibile tramite “Aggiornamento Software” oppure dalle pagine Apple di supporto: versione client (143 MB) e versione server (231 MB). Quest’ultimo aggiornamento di sicurezza porta con sé i precedenti aggiornamenti di sicurezza sino ad oggi rilasciati.
Seguici
melablog è un supplemento alla testata Blogo.it registrata presso il Tribunale di Milano n. 487/06, P. IVA 04699900967. Contatti, Chi siamo, Condizioni di utilizzo, Privacy.
© 2004-2012 Blogo.it, alcuni diritti riservati sotto licenza Creative Commons.
Per informazioni pubblicitarie e progetti speciali su Melablog.it contattare la concessionaria esclusiva Populis Engage.
TheProject
10 nov 2009 - 12:15 - #1CVE-ID: CVE-2009-2819
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8
Impact: Accessing a malicious AFP server may lead to an unexpected system termination or arbitrary code execution with system privileges
Adaptive Firewall
CVE-ID: CVE-2009-2818
Available for: Mac OS X Server v10.5.8, Mac OS X Server v10.6 and v10.6.1
Impact: A brute force or dictionary attack to guess an SSH login password may not be detected by Adaptive Firewal
Apache
CVE-ID: CVE-2009-0023, CVE-2009-1191, CVE-2009-1195, CVE-2009-1890, CVE-2009-1891, CVE-2009-1955, CVE-2009-1956
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 and v10.6.1, Mac OS X Server v10.6 and v10.6.1
Impact: Multiple vulnerabilities in Apache 2.2.11
Apache
CVE-ID: CVE-2009-2823
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 and v10.6.1, Mac OS X Server v10.6 and v10.6.1
Impact: A remote attacker can conduct cross-site scripting attacks against Apache web serve
Apache Portable Runtime
CVE-ID: CVE-2009-0023, CVE-2009-1955, CVE-2009-1956, CVE-2009-2412
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 and v10.6.1, Mac OS X Server v10.6 and v10.6.1
Impact: Applications using Apache Portable Runtime (apr) may be exploited for code execution
CVE-ID: CVE-2009-2824
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8
Impact: Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution
Certificate Assistant
CVE-ID: CVE-2009-2825
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 and v10.6.1, Mac OS X Server v10.6 and v10.6.1
Impact: A user may be misled into accepting a certificate for a different domain
CoreGraphics
CVE-ID: CVE-2009-2826
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8
Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution
CoreMedia
CVE-ID: CVE-2009-2202
Available for: Mac OS X v10.6 and v10.6.1, Mac OS X Server v10.6 and v10.6.1
Impact: Viewing a maliciously crafted H.264 movie may lead to an unexpected application termination or arbitrary code execution
CoreMedia
CVE-ID: CVE-2009-2799
Available for: Mac OS X v10.6 and v10.6.1, Mac OS X Server v10.6 and v10.6.1
Impact: Viewing a maliciously crafted H.264 movie may lead to an unexpected application termination or arbitrary code execution
CUPS
CVE-ID: CVE-2009-2820
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 and v10.6.1, Mac OS X Server v10.6 and v10.6.1
Impact: Acessing a maliciously crafted website or URL may lead to a cross-site scripting or HTTP response splitting attack
Dictionary
CVE-ID: CVE-2009-2831
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8
Impact: A user on the local network may be able to cause arbitrary code execution
DirectoryService
CVE-ID: CVE-2009-2828
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8
Impact: A remote attacker may cause an unexpected application termination or arbitrary code executio
Disk Images
CVE-ID: CVE-2009-2827
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8
Impact: Downloading a maliciously crafted disk image may lead to an unexpected application termination or arbitrary code execution
Dovecot
CVE-ID: CVE-2009-3235
Available for: Mac OS X Server v10.6 and v10.6.1
Impact: A local user may cause an unexpected application termination or arbitrary code execution with system privilege
Event Monitor
CVE-ID: CVE-2009-2829
Available for: Mac OS X Server v10.5.8
Impact: A remote attacker may cause log injection
fetchmail
CVE-ID: CVE-2009-2666
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 and v10.6.1, Mac OS X Server v10.6 and v10.6.1
Impact: fetchmail is updated to 6.3.11
Description: fetchmail has been updated to 6.3.11 to address a man-in-the-middle issue. Further information is available via the fetchmail web site at http://fetchmail.berlios.de/
file
CVE-ID: CVE-2009-2830
Available for: Mac OS X v10.6 and v10.6.1, Mac OS X Server v10.6 and v10.6.1
Impact: Running the file command on a maliciously crafted Common Document Format (CDF) file may lead to an unexpected application termination or arbitrary code executio
FTP Server
CVE-ID: CVE-2009-2832
Available for: Mac OS X Server v10.5.8, Mac OS X Server v10.6 and v10.6.1
Impact: An attacker with access to FTP and the ability to create directories on a system may be able to cause unexpected application termination or arbitrary code execution
Help Viewer
CVE-ID: CVE-2009-2808
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 and v10.6.1, Mac OS X Server v10.6 and v10.6.1
Impact: Using Help Viewer on an untrusted network may result in arbitrary code execution
ImageIO
CVE-ID: CVE-2009-2285
Available for: Mac OS X v10.6 and v10.6.1, Mac OS X Server v10.6 and v10.6.1
Impact: Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution
International Components for Unicode
CVE-ID: CVE-2009-2833
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8
Impact: Applications that use the UCCompareTextDefault API may be vulnerable to an unexpected application termination or arbitrary code execution
IOKit
CVE-ID: CVE-2009-2834
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 and v10.6.1, Mac OS X Server v10.6 and v10.6.1
Impact: A non-privileged user may be able to modify the keyboard firmware
IPSec
CVE-ID: CVE-2009-1574, CVE-2009-1632
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 and v10.6.1, Mac OS X Server v10.6 and v10.6.1
Impact: Multiple vulnerabilities in the racoon daemon may lead to a denial of service
Kernel
CVE-ID: CVE-2009-2835
Available for: Mac OS X v10.6 and v10.6.1, Mac OS X Server v10.6 and v10.6.1
Impact: A local user may cause information disclosure, an unexpected system shutdown, or arbitrary code execution
Launch Services
CVE-ID: CVE-2009-2810
Available for: Mac OS X v10.6 and v10.6.1, Mac OS X Server v10.6 and v10.6.1
Impact: Attempting to open unsafe downloaded content may not lead to a warning
libxml
CVE-ID: CVE-2009-2414, CVE-2009-2416
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 and v10.6.1, Mac OS X Server v10.6 and v10.6.1
Impact: Parsing maliciously crafted XML content may lead to an unexpected application termination
Login Window
CVE-ID: CVE-2009-2836
Available for: Mac OS X v10.6 and v10.6.1, Mac OS X Server v10.6 and v10.6.1
Impact: A user may log in to any account without supplying a password
OpenLDAP
CVE-ID: CVE-2009-2408
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 and v10.6.1, Mac OS X Server v10.6 and v10.6.1
Impact: A man-in-the-middle attacker may be able to impersonate a trusted OpenLDAP server or user even when SSL is being used
OpenLDAP
CVE-ID: CVE-2007-5707, CVE-2007-6698, CVE-2008-0658
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8
Impact: Multiple vulnerabilities in OpenLDAP
OpenSSH
CVE-ID: CVE-2008-5161
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8
Impact: Data in an OpenSSH session may be disclosed
PHP
CVE-ID: CVE-2009-3291, CVE-2009-3292, CVE-2009-3293
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8
Impact: Multiple vulnerabilities in PHP 5.2.10
QuickDraw Manager
CVE-ID: CVE-2009-2837
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 and v10.6.1, Mac OS X Server v10.6 and v10.6.1
Impact: Opening a maliciously crafted PICT image may lead to an unexpected application termination or arbitrary code execution
QuickLook
CVE-ID: CVE-2009-2838
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8
Impact: Downloading a maliciously crafted Microsoft Office file may lead to an unexpected application termination or arbitrary code execution
QuickTime
CVE-ID: CVE-2009-2202
Available for: Mac OS X v10.6 and v10.6.1, Mac OS X Server v10.6 and v10.6.1
Impact: Viewing a maliciously crafted H.264 movie may lead to an unexpected application termination or arbitrary code execution
QuickTime
CVE-ID: CVE-2009-2799
Available for: Mac OS X v10.6 and v10.6.1, Mac OS X Server v10.6 and v10.6.1
Impact: Viewing a maliciously crafted H.264 movie may lead to an unexpected application termination or arbitrary code execution
QuickTime
CVE-ID: CVE-2009-2203
Available for: Mac OS X v10.6 and v10.6.1, Mac OS X Server v10.6 and v10.6.1
Impact: Opening a maliciously crafted MPEG-4 video file may lead to an unexpected application termination or arbitrary code execution
QuickTime
CVE-ID: CVE-2009-2798
Available for: Mac OS X v10.6 and v10.6.1, Mac OS X Server v10.6 and v10.6.1
Impact: Viewing a maliciously crafted FlashPix file may lead to an unexpected application termination or arbitrary code execution
FreeRADIUS
CVE-ID: CVE-2009-3111
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8
Impact: A remote attacker may terminate the operation of the RADIUS service
Screen Sharing
CVE-ID: CVE-2009-2839
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 and v10.6.1, Mac OS X Server v10.6 and v10.6.1
Impact: Accessing a malicious VNC server may lead to an unexpected application termination or arbitrary code execution
Spotlight
CVE-ID: CVE-2009-2840
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8
Impact: A local user may manipulate files with the privileges of another user
Subversion
CVE-ID: CVE-2009-2411
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 and v10.6.1, Mac OS X Server v10.6 and v10.6.1
Impact: Accessing a Subversion repository may lead to an unexpected application termination or arbitrary code execution
TheProject
10 nov 2009 - 12:15 - #2Una strage di falle di sicurezza
la saga Leopard continua
TheProject
10 nov 2009 - 12:15 - #3http://support.apple.com/kb/HT3937
trollone
10 nov 2009 - 12:52 - #4un florilegio di buffer overflow.
melandre
10 nov 2009 - 15:41 - #5Dopo l’aggiornamento e riavvio MacBook impallato…. No spegnimento, No riavvio, ho dovuto forzare lo spegnimento…. strano, mai capitato.
louix
10 nov 2009 - 16:08 - #6Melandre, che versione di sistema oper. e che modello di MacBook bianco hai?
Col mio andato tutto bene.
melandre
10 nov 2009 - 19:06 - #7@ louix
si tratta di un 2,16 GHz Intel Core 2 Duo
Ad ogni modo dopo tutto OK
Ciao
tbwp
10 nov 2009 - 21:23 - #8The_Project
se facessi la stessa cosa con le patch di windows non basterebbero 10 pagine di un blog. Sei zelante con Apple ma di parlare del tuo win te ne guardi bene. Sei un classico POLITICO che attacca attacca senza motivo e solo per farsi bello. Mi sembri Gasparri. Anzi, d’ora in poi il tuo soprannome sarà “Gasparri”. Chiamatelo tutti così :) ciao gasparri.
marcossss
11 nov 2009 - 00:56 - #9ma che gasparri, che win sia peggio lo sappiamo tutti, ma project ha solo spiegato che pure mac ne ha. tutto qua.
eppoi non penso che the project vada a trans :)
TheProject
12 nov 2009 - 13:00 - #10@twbp
ma informati .Quando mai con un aggiornamento mensile Microsoft ha aggiornato coprendo un numero di falle cosi’ mastodontico e catastrofico su di una versione Windows??
MAI..almassimo 15 o 16
ma le conti quante sono queste patchate su osx 10.6.2 ??
nn dite sempre che Osx e’ una cassaforte?? GUARDATI I PACTH SECURITY FIX ANCHE DEI PRECEDENTI UPDATE DI OSX
SONO TUTTI BOLLETTINI DA GUERRA
MA PER FAVORE
STATE COI PIEDI PER TERRA e se nn sapete le cose almeno informatevi prima di sparare a caso