[<prev] [next>] [day] [month] [year] [list]
Message-Id: <0200F9A9-6C73-4569-BF3C-AA9CC591878E@lists.apple.com>
Date: Mon, 27 Mar 2017 16:28:36 -0700
From: Apple Product Security <product-security-noreply@...ts.apple.com>
To: security-announce@...ts.apple.com
Subject: [FD] APPLE-SA-2017-03-27-7 macOS Server 5.3
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2017-03-27-7 macOS Server 5.3
macOS Server 5.3 is now available and addresses the following:
Profile Manager
Available for: macOS 10.12.4 and later
Impact: A remote user may be able to cause a denial-of-service
Description: A crafted request may cause a global cache to grow
indefinitely, leading to a denial-of-service. This was addressed by
not caching unknown MIME types.
CVE-2016-0751
Web Server
Available for: macOS 10.12.4 and later
Impact: A remote attacker may be able to cause a denial of service
against the HTTP server via partial HTTP requests
Description: This issue was addressed by adding mod_reqtimeout.
CVE-2007-6750
Wiki Server
Available for: macOS 10.12.4 and later
Impact: A remote attacker may be able to enumerate users
Description: An access issue was addressed through improved
permissions checking.
CVE-2017-2382: Maris Kocins of SEMTEXX LTD
Installation note:
macOS Server 5.3 may be obtained from the Mac App Store.
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
iQIcBAEBCgAGBQJY2Yo7AAoJEIOj74w0bLRGF7wP/jfxkNq1X/N7FcXsboILFYkn
e5i+hnumf2VSjJnR9saAsQAdSxKxeiByq+j4GLVRiLTlcrLLKE03vYlBaDdQTy2U
Y9qQ1HRu6wYwx38y3IQFr5JUQM2BG8yuaodfyQzgSEHUUqNMf0jZFpikub+c3PSh
DNUok50Gq4+ifa389TNIs1BPnFZE1yzvXwbOJomweMbc1qXnyfs9yl+ZhgtI62uI
E7SwLL2dMBnzWJm31VdZ8WPUtsN23LIBl02Jn60mZzERRsJ8q/+v5q1nTdx2BUkp
9dMShg5XS1pmH+NpZfiFoBCeCDLXrUydBUNWlrvuTJKZDzycEwp2NKtOxbCfzF/e
2B7+exz7C1i3sDkBa9ao/ifxQZR+6aXryvHQASI2M5lY3GUvSd4+e5DfXJ38Abar
Od0OIKgVQ6IiXdseC0+NidPlsQiwkTh1jLHHIQzOi5sIo/wp+76XV88qkANBnC2n
8fPsCEXBMt+E3wju5fwLYQlCWz0dALYOtTkoPX7L5/LhBxdyk9YxGn/6OzTosjtC
/uEdg7UB/+AKzN6XWbRHBO6hyfEqhotllD0cOYewP6ArfFf/LYAROPxxqvnZPx5b
6SzWprQPbywXJ4WILWbK94tkelJXy0q9ijfINrGojMwOJ+JcM6FwGot6SmOZEpqZ
WRqXbE4VG2eU2fGJZ/Sw
=a6xp
-----END PGP SIGNATURE-----
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists