CNET también está disponible en español.

Ir a español

Don't show this again

Computers

Apple releases Security Updates for Panther and Jaguar

Apple releases Security Updates for Panther and Jaguar

Yesterday Apple released Security Updates for both Panther and Panther Server (OS X 10.3) and Jaguar and Jaguar Server(OS X 10.2). Both are available via Software Update or the Web. (Note that the Jaguar Update requires OS X 10.2.8, which means that if you still haven't updated to OS X 10.2.8, you'll need to do so to take advantage of this Security Update.)

Security Update 2003-11-19 for Panther provides the following updated components:

  • OpenSSLzlib: Fixes CAN-2003-0851. Parsing particular malformed ASN.1 sequences are now handled in a more secure manner.
  • zlib "gzprintf()" function: Addresses CAN-2003-0107. While there were no functions in Mac OS X that used the vulnerable gzprintf() function, the underlying issue in zlib has been fixed to protect any third-party applications that may potentially use this library.

UPDATE: The Panther update appears to bump the Safari version number to 1.1.1.

Security Update 2003-11-19 for Jaguar 10.2.8 provides the following updated components:

  • gm4: Fixes CAN-2001-1411. A format string vulnerability in the gm4 utility. No setuid root programs relied on gm4 and this fix is a preventive measure against a possible future exploit.
  • groff: Fixes VU#399883 where the groff component pic contained a format-string vulnerability.
  • Mail w/CRAM-MD5 authentication: Fixes CAN-2003-0881. The Mac OS X Mail application will no longer fall back to plain text login when an account is configured to use MD5 Challenge Response.
  • OpenSSL: Fixes CAN-2003-0851. Parsing particular malformed ASN.1 sequences are now handled in a more secure manner.
  • Personal File Sharing: Fixes CAN-2003-0878. When Personal File Sharing is enabled, the slpd daemon can no longer create a root-owned file in the /tmp directory to gain elevated privileges.
  • QuickTime for Java: Fixes CAN-2003-0871. A potential vulnerability that could allow unauthorized access to a system.
  • zlib "gzprintf()" function: Addresses CAN-2003-0107. While there were no functions in Mac OS X that used the vulnerable gzprintf() function, the underlying issue in zlib has been fixed to protect any third-party applications that may potentially use this library.

It appears as though these two updates fix a number of the issues that generated various security advisories in late October and early November.

Resources
  • Security Update 2003-11-19...
  • Security Update 2003-11-19...
  • More from Late-Breakers