lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-id: <FFC396A1-AD3E-465D-9B6B-5589DB974BD2@lists.apple.com>
Date: Fri, 09 Sep 2011 10:14:50 -0700
From: Apple Product Security <product-security-noreply@...ts.apple.com>
To: security-announce@...ts.apple.com
Subject: APPLE-SA-2011-09-09-1 Security Update 2011-005

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2011-09-09-1 Security Update 2011-005

Security Update 2011-005 is now available and addresses the
following:

Certificate Trust Policy
Available for:  Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7.1, OS X Lion Server v10.7.1
Impact:  An attacker with a privileged network position may intercept
user credentials or other sensitive information
Description:  Fraudulent certificates were issued by multiple
certificate authorities operated by DigiNotar. This issue is
addressed by removing DigiNotar from the list of trusted root
certificates, from the list of Extended Validation (EV) certificate
authorities, and by configuring default system trust settings so that
DigiNotar's certificates, including those issued by other
authorities, are not trusted.


For Mac OS X v10.6.8 and Mac OS X Server v10.6.8
The download file is named: SecUpd2011-005Snow.dmg
Its SHA-1 digest is: 065f5f9a9263a2cd164ea61d1d59c63b1362df0b

For OS X Lion v10.7.1 and OS X Lion Server v10.7.1
The download file is named: SecUpd2011-005Lion.dmg
Its SHA-1 digest is: a2971772c45f53dc251cdcd1dfa21a651c54f03f

Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (Darwin)

iQEcBAEBAgAGBQJOaiLBAAoJEGnF2JsdZQeeglEH/2aD3I9Tka87Fr1YISyZaGwx
iea8gIJ11uvJuZwXzlDLGKjSkh0qhkt0S/Q84YOjGWGvz+kuT3FhL9Rl6KJth0uW
eXShWd6iyQb4f5KHovMgwhRy+5fuk85b2Q7Y4ulwhflcfn4g5pOlRevgfN48C5fx
7W3p3dn8YgfON79rn4Kx4G/3ZaybIo34q1JmdOVfQD1F5UpZ7PDfUUtCu9CRa36U
AYbnNwVcgvCkqAG9vvIMrzd/pG9geljdclW4H8ujVbXKxFa53RB4N1/3fCIEtzmi
WxwucarVfvCvf6Vpvob6rZZx8xf+Nn4hJ8xl0F/SlcnBIzpBFHbspDODRCd/GVM=
=Qz73
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ