Threat Level: green Handler on Duty: Rick Wanner

SANS ISC: Apple Mac OS X security patch bundle 2006-002 SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Apple Mac OS X security patch bundle 2006-002
Apple released some more security patches today for Mac OS X in a bundle called 2006-002.
Fix for an XSS scripting vulnerability in archives by flagging the documents as unsafe.
Fix for a vulnerability allowing arbitrary code execution by clicking on crafted email messages
Additional checks on top of those in the previous update.
  • Various non security rated regression fixes in a.o.  apache_mod_php (still based on PHP 4.4.1, not on the latest 4.4.2) and rsync.
It's interesting to note that rsync reports it's version after patching as:
$ rsync --version
rsync  version 2.5.5  protocol version 26
Copyright (C) 1996-2002 by Andrew Tridgell and others
«http://rsync.samba.org/»
Capabilities: 64-bit files, socketpairs, hard links, symlinks, batchfiles, 
              no IPv6, 32-bit system inums, 64-bit internal inums

rsync comes with ABSOLUTELY NO WARRANTY.  This is free software, and you
are welcome to redistribute it under certain conditions.  See the GNU
General Public Licence for details.
While a quick visit to http://rsync.samba.org/ shows there have been quite a few versions and fixed vulnerabilities in the mean time.

--
Swa Frantzen - Section 66
 Swa

760 Posts
Mar 13th 2006
Thread locked Subscribe Mar 13th 2006
1 decade ago

Sign Up for Free or Log In to start participating in the conversation!