lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-id: <161A644F-2C6F-4F58-9206-C1BF096897FD@lists.apple.com>
Date: Mon, 20 Aug 2012 14:01:11 -0700
From: Apple Product Security <product-security-noreply@...ts.apple.com>
To: security-announce@...ts.apple.com
Subject: APPLE-SA-2012-08-20-1 Apple Remote Desktop 3.6.1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2012-08-20-1 Apple Remote Desktop 3.6.1

Apple Remote Desktop 3.6.1 is now available and addresses the
following:

Apple Remote Desktop
Available for:  Apple Remote Desktop 3.0 or later
Impact:  Connecting to a third-party VNC server with "Encrypt all
network data" set may lead to information disclosure
Description:  When connecting to a third-party VNC server with
"Encrypt all network data" set, data is not encrypted and no warning
is produced. This issue is addressed by creating an SSH tunnel for
the VNC connection in this configuration, and preventing the
connection if the SSH tunnel cannot be created. This issue does not
affect Apple Remote Desktop 3.5.1 and earlier.
CVE-ID
CVE-2012-0681 : Mark S. C. Smith studying at Central Connecticut
State University

Apple Remote Desktop 3.6.1 may be obtained from Mac App Store,
the Software Update pane in System Preferences, or Apple's Software
Downloads web site: http://www.apple.com/support/downloads/

The download file is named:  "RemoteDesktopAdmin361.dmg"
Its SHA-1 digest is: dd41bab369c7905e79ff3b3adea97904f55d9759

Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQIcBAEBAgAGBQJQMqP5AAoJEPefwLHPlZEwUy8P/3qgEUoJz4NnnJgeyo+3z7Wl
a2/b5yPx5ptTcZiGandRMlrDftbwbOkpwCwJrqIv4czXL5T1J08cxUAW0rN2PzWG
KXCkjYQMRBVQoQftrL8wqNCJW3pPMTz0CGfoPXt2g7cR+9YVFyIwa2PLCVfKOgds
Y8kqlNJXgYwvJC22I3IDRvohsTJi4PYfZnRad3rd97J2nMTNTtYBC7x3MSWXd+z1
dVEV9eBDzK1eovf6n1YrVPLapWOA3+4ssYVGZ+/J9JjfW0RnhXSFZ9Yxnq/j8Zoy
CbQKZ903ncWF/DbliIkGYByO+4Hol2g0ZnFqTeO7d4Dsnf9+AVHqEB1dJJmR6qK/
4TgNVP4IUDpJjemVPFwYI5tFuzsXsjv6MvrLQR1wnFme1691Lc6DOekda8ZWfiRU
taJlCBay9BuuoAtP7jG0T5ZU8nZLUGTCFY2ubs2IM9OBJr1MD7SYuODMwJeivVsv
Ut6jBCGUoo2bBlJpOoCYUnCSpk7OW368WYUHD0LsnqmUkaTtGgQiJuSOs1N9/3wy
4aEvaLak0xsquzDn7SE70lrNPBRBc4/Rliv9jXRSA+xwsK5Rqtji/LHRtWibaOHd
wI5Zyq8/7JtaUWrCrwhAbyUFd3lr7hZFFDERLgpQJkIn6cmS+O6FWi7835vkURIO
n8Cd6teIejPCfMpyd9pf
=PSaI
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ