lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-id: <E850235B-9AFE-4013-B065-B210AA563679@lists.apple.com>
Date: Wed, 17 Sep 2014 19:47:15 -0700
From: Apple Product Security <product-security-noreply@...ts.apple.com>
To: security-announce@...ts.apple.com
Subject: APPLE-SA-2014-09-17-6 OS X Server 2.2.3

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2014-09-17-6 OS X Server 2.2.3

OS X Server 2.2.3 is now available and addresses the following:

CoreCollaboration
Available for:  OS X Mountain Lion v10.8.5
Impact:  A remote attacker may be able to execute arbitrary SQL
queries
Description:  A SQL injection issue existed in Wiki Server. This
issue was addressed through additional validation of SQL queries.
CVE-ID
CVE-2014-4424 : Sajjad Pourali (sajjad@...uration.com) of CERT of
Ferdowsi University of Mashhad

OS X Server 2.2.3 may be obtained from the Mac App Store.

Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQIcBAEBAgAGBQJUGkbuAAoJEBcWfLTuOo7tYVMQAKaz8CbU1iJrm+5fvLPnXrBF
eWp0tYCDPcoj1tUJ79+XJplJHsZ2Ezb0bQ8gvNSRLgT32Dw4gtRPmZ9c+/UHMUV6
rbSeF73x4IC6yF56ghbKjTkFJguniaS/k6KWCYhqU2Ew/qya2nJdj/RGS5AICQb3
HVg50yW+jRb5geLOL/+Sd7R+zjg3OZb+Z7h+/ynCI53tGgVB9LzslrI+thNAA2Fz
mAsHtF1Fx6l9F+lbCygJj6sNoBxDJPadBlPPjR7E1C06cCoxlARdz2K74qFONt6+
/zSbWofuszvN23HmY9+JYmIQ7x0wi9Ff7W18Ai5nN2/GCLzOM/lJKHKY2tTG781h
R9g1bX1Q0mB9e+RYqmgwSvdtijFXjtOqNza8X9fBHP5bzArucMaFrhUqCEeSqSfs
6hijGHJzK/buNdIzP2wBceA/EXRAfqUZi8r4FTGLQMqZvath3nhrEP+T2LezBCwS
7foYeCo1AXp6oQDgKA0QUflFZg6eZlLFPngvFQn/7ko+I/K1+RzZwbiwS+61pNva
AaoSTeuzeYKuWIFQU80I+mZ1bwqr60Ns9Q3AtIJlKlu/3+l+G3eOW397SqtqbPdh
jRAsmOpcA6w5afjT1yIlcGis/k3H7VAvuVNu6ZZ6JGdXD+q1O4K9GQA2vqxgBLO8
w5/NX6or7DEXSvpwiLND
=s9TT
-----END PGP SIGNATURE-----


Download attachment "signature.asc" of type "application/pgp-signature" (842 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ