| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 14 Dec 2020 17:18:11 -0800 From: Apple Product Security via Fulldisclosure <fulldisclosure@...lists.org> To: security-announce@...ts.apple.com Subject: [FD] APPLE-SA-2020-12-14-9 macOS Server 5.11 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2020-12-14-9 macOS Server 5.11 macOS Server 5.11 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT211932. Profile Manager Available for: macOS Big Sur Impact: Processing a maliciously crafted URL may lead to an open redirect or cross site scripting Description: An issue existed in the parsing of URLs. This issue was addressed with improved input validation. CVE-2020-9995: Rajpal Arora (@whacktohack), Rohan Sharma (r0hanSH) Additional recognition macOS Server We would like to acknowledge Patrick Schlangen for their assistance. Installation note: macOS Server 5.11 may be obtained from the Mac App Store. Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAl/YBp0ACgkQZcsbuWJ6 jjDv2xAAjUAACv8tKX8uZA+7Kuq4FibiTyb/B3arSkN5SJA99T6AsThRauddvn96 RAZw2J8/BkgCLHEo+rB1DXHLoiq94IiECMCWUtSKk8fgMovEL/g+iO96+iwQBC/G ZNBvM88bvfvoEhXfgGxAG3oclNInz0QlvY6bMhyDz4/CUfS+YlQb9ujzYV2EWfin LBfKGOR4q8V7Hsnl6CC/4nx2TKaniKKp6hYnztftIcCDw5eJinIq8O476CyCUoaT 9UqTGUxw51Se0oc490xdufVi/7dSrmbJbiWA6KrJj58IcC6e6VU+ziByhkpX9udh qBuFVWxynrJVgsxagYA7x/kvaEG+oDc+Otf4h6ARJOQnM/+UeizqDKbRJZjSwd2y Efr+C92p3qM7OkQYAmBLUub1pgMLbNhlIZvb/4555Bp7s27fEuzlKniIK5406Zro zcQ+4G3pG6rG02WAHiAV6dPvDqp+YeCdt8g4zOw7iofDulYz5rDPinfm3bKd2oes wOnsK+JqNfmSAbSakrNKC3Ab/UHMkchji38QSScnMHdh0secKRHEcystdy4WKSVy 4ylKpkDnVnOhyYvkuMhZXSpuxKdO9bZqd1m5Usr6PR9Gf4WQTfgoyyzXP3g3u/zx WIsYeR7e7VzR3+EGpgPKmhrbiBfL9eVkceQo1jR0Zzkw1QFsIgI= =UWhb -----END PGP SIGNATURE----- _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists