lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20030304004650.GZ561@kosh.withay.com>
Date: Mon, 3 Mar 2003 17:46:50 -0700
From: Bryan Blackburn <blb@...ox.com>
To: Bugtraq <bugtraq@...urityfocus.com>
Subject: Fwd: APPLE-SA-2003-03-03 sendmail


----- Forwarded message from Product Security <product-security@...le.com> -----

Return-Path: <security-announce-admin@...ts.apple.com>
Date: Mon, 03 Mar 2003 14:09:17 -0800
Subject: APPLE-SA-2003-03-03 sendmail
From: Product Security <product-security@...le.com>
To: <security-announce@...ts.apple.com>
Message-ID: <BA89128D.8A%product-security@...le.com>
Mime-version: 1.0
Content-type: text/plain; charset="US-ASCII"
Content-transfer-encoding: 7bit
List-Subscribe: <http://www.lists.apple.com/mailman/listinfo/security-announce>,
	<mailto:security-announce-request@...ts.apple.com?subject=subscribe>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2003-03-03 sendmail

Security Update 2003-03-03 is now available.  It contains fixes for the
following potential security issues:

* Sendmail:  Fixes CAN-2002-1337 where a remote attacker could gain
elevated privileges on affected hosts.  Sendmail is not enabled by
default on Mac OS X, so only those systems which have explictly enabled
sendmail are vulnerable.  All customers of Mac OS X, however, are
encouraged to apply this update.

* OpenSSL:  Fixes CAN-2003-0078, where it is theoretically possible for
a third-party to extract the original plaintext of encrypted messages
sent over the network.  Security Update 2003-03-03 applies this fix for
Mac OS X 10.2.4, and customers of earlier Mac OS X versions may obtain
the patch from the OpenSSL web site:
http://www.openssl.org/

Security Update 2003-03-03 may be obtained from:

   * Software Update pane in System Preferences
      (updating from Mac OS X 10.1.5 and 10.2.4)

   - OR -

   * Apple's Software Downloads web site:
   
     Updating from Mac OS X 10.2.4:
        http://www.info.apple.com/kbnum/n120195
     The download file is named: "1024SecUpd2003-03-03.dmg"
     Its SHA-1 digest is: 2eb722f340d4e57aa79bb5422b94d556888cbf38

Security Update 2003-03-03 for Mac OS X 10.1.5 is planned to be
available on March 4.

Information is also posted to the Apple Support web site:
http://docs.info.apple.com/article.html?artnum=61798

This message is signed with Apple's Product Security PGP key, and
details are available at:
http://www.apple.com/support/security/security_pgp.html

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0

iQEVAwUBPmOrFyFlYNdE6F9oAQKKGwf+M/zZAtIErkTeyAvWvJ/JpltKxCpMDsTv
vl0MBWLg/qtF6ZJdFOkwybpvMMzGK67B6MACH+42NMLPVA61iRLX551B5AYaG9Vv
oBzDff89eMPxl+xcx+JK9mgkXRPkpSWw0XZxvLXagjhfWXlGAZbEF399os+/TTQF
xvWOV4X6/v0D1KPmbOPmgRiOzjprS4cmDrI/LcKVkWFDLJVmDJ2LqoomIQmvldZQ
wC3X/xrIqN0UUI368xfi8MTIIGwQmyNLG4SfqMU1GmyldsNCrRbj0PyQcunfUtmL
pYmN6Lui5HI1QshnEQGrB4pcIpzdUrDsQIkW8yVfVMVHibkN/sTXlw==
=0V8+
-----END PGP SIGNATURE-----
_______________________________________________
security-announce mailing list | security-announce@...ts.apple.com
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/security-announce
Do not post admin requests to the list. They will be ignored.


----- End forwarded message -----


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ