Security update 2004-12-02

Security update 2004-12-02

Post by Michelle S » Sat, 04 Dec 2004 07:54:01


Security Update 2004-12-02 delivers a number of security enhancements
and is recommended for all Macintosh users. This update includes the
following components:

Apache
AppKit
HIToolbox
Kerberos
Postfix
PSNormalizer
Safari
Terminal


For detailed information on this Update, please visit this website:
http://www.info.apple.com/kbnum/n61798

Security Update 2004-12-02
? Apache
Available for: Mac OS X Server v10.3.6, Mac OS X Server v10.2.8
CVE-ID: CAN-2004-1082
Impact: Apache mod_digest_apple authentication is vulnerable to replay
attacks.
Description: The Mac OS X Server specific mod_digest_apple is based on
Apache's mod_digest. Multiple corrections for a replay problem in
mod_digest were made in versions 1.3.31 and 1.3.32 of Apache
(CAN-2003-0987). This update corrects the replay problem in
mod_digest_apple authentication using the modifications made to Apache
1.3.32.


? Apache
Available for: Mac OS X v10.3.6, Mac OS X Server v10.3.6, Mac OS X
v10.2.8, Mac OS X Server v10.2.8
CVE-ID: CAN-2003-0020, CAN-2003-0987, CAN-2004-0174, CAN-2004-0488,
CAN-2004-0492, CAN-2004-0885, CAN-2004-0940
Impact: Multiple vulnerabilities in Apache and mod_ssl including local
privilege escalation, remote denial of service and in some modified
configurations execution of arbitrary code.
Description: The Apache Group fixed a number of vulnerabilities between
versions 1.3.29 and 1.3.33. The Apache Group security page for Apache
1.3 is located at http://www.apacheweek.com/features/security-13. The
previously installed version of Apache was 1.3.29. The default
installation of Apache does not enable mod_ssl. This update fixes all of
applicable issues by updating Apache to version 1.3.33 and the companion
mod_ssl to version 2.8.22.


? Apache
Available for: Mac OS X v10.3.6, Mac OS X Server v10.3.6, Mac OS X
v10.2.8, Mac OS X Server v10.2.8
CVE-ID: CAN-2004-1083
Impact: Apache configurations did not fully block access to ".DS_Store"
files or those starting with ".ht".
Description: A default Apache configuration blocks access to files
starting with ".ht" in a case sensitive way. The Apple HFS+ filesystem
performs file access in a case insensitive way. The Finder may also
create .DS_Store files containing the names of files in locations used
to serve web pages. This update modifies the Apache configuration to
restricts access to all files beginning with ".ht" or ".DS_S" regardless
of capitalization. More...


? Apache
Available for: Mac OS X v10.3.6, Mac OS X Server v10.3.6, Mac OS X
v10.2.8, Mac OS X Server v10.2.8
CVE-ID: CAN-2004-1084
Impact: File data and resource fork content can be retrieved via HTTP
bypassing normal Apache file handlers.
Description: The Apple HFS+ filesystem permits files to have multiple
data streams. These data streams can be directly accessed using special
filenames. A specially crafted HTTP request can bypass an Apache file
handler and directly access file data or resource fork content. This
update modifies the Apache configuration to deny requests for file data
or resource fork content via their special filenames. For more
information, see this document. Credit to NetSec for reporting this
issue.


? Apache 2
Available for: Mac OS X Server v10.3.6, Mac OS X Server v10.2.8
CVE-ID: CAN-2004-0747, CAN-2004-0786, CAN-2004-0751, CAN-2004-0748
Impact: Modified Apache 2
 
 
 

Security update 2004-12-02

Post by M-M » Sat, 04 Dec 2004 10:43:37

Thanks for the heads-up.

Time to change your x-face. You lost.

m-m

 
 
 

Security update 2004-12-02

Post by richard sc » Sat, 04 Dec 2004 11:09:30


We all lost, but some of us haven't realized it yet. There's still time
to impeach the little bastard.

ObMacContent: eh, why bother.
 
 
 

Security update 2004-12-02

Post by mike » Sat, 04 Dec 2004 11:24:21


Has the right to express an anti-Bush opinion been taken away already?

--
Mike Rosenberg
< http://www.yqcomputer.com/ > Macintosh consulting services for NE Florida
< http://www.yqcomputer.com/ > Tribute to Humphrey Bogart
Toyota Prius fans: Check out alt.autos.toyota.prius
 
 
 

Security update 2004-12-02

Post by Keeper of » Sat, 04 Dec 2004 11:29:57

In article <1go6qz0.144o88y98piz4N% XXXX@XXXXX.COM >, Mike




Depends. What about the right to express a pro-Bush one?

--
"No urban night is like the night [in NYC]...here is our poetry, for we have
pulled down the stars to our will."
- Ezra Pound, poet and critic, 9/18/1912, reflecting on New York City
 
 
 

Security update 2004-12-02

Post by mike » Sat, 04 Dec 2004 11:45:16


I've seen quite a few examples of people being told to get rid of an
anti-Bush signature and new an x-face, but I haven't once seen anyone
being told to get rid of a pro-Bush one.

--
Mike Rosenberg
< http://www.yqcomputer.com/ > Macintosh consulting services for NE Florida
< http://www.yqcomputer.com/ > Tribute to Humphrey Bogart
Toyota Prius fans: Check out alt.autos.toyota.prius
 
 
 

Security update 2004-12-02

Post by Keeper of » Sat, 04 Dec 2004 11:47:42

In article <1go6sd2.ev8rxg1j2374sN% XXXX@XXXXX.COM >, Mike




So far...

--
"No urban night is like the night [in NYC]...here is our poetry, for we have
pulled down the stars to our will."
- Ezra Pound, poet and critic, 9/18/1912, reflecting on New York City
 
 
 

Security update 2004-12-02

Post by M-M » Sat, 04 Dec 2004 11:53:39

In article < XXXX@XXXXX.COM >,



Impeach? HA!

Earth to richard schumacher...

m-m
 
 
 

Security update 2004-12-02

Post by Bev A. Kup » Sat, 04 Dec 2004 12:03:08

On Fri, 03 Dec 2004 01:43:37 GMT,



No, the United States of America did.

--
Many a smale maketh a grate -- Geoffrey Chaucer
 
 
 

Security update 2004-12-02

Post by richard sc » Sat, 04 Dec 2004 12:17:23


Security update completed, rebooted, no problem mon.
 
 
 

Security update 2004-12-02

Post by Tim McNama » Sat, 04 Dec 2004 12:58:15

M-M < XXXX@XXXXX.COM > writes:



Why not? If Bill Clinton can be impeached for lying about a *** ,
George W. Bush can be impeached for starting a war based on lies and
costing upwards of 130,000 lives, being an economic nincompoop and
creating the most massive deficit spending in human history, and
generally lying to the American people at every turn and failing to
uphold his oath of office.

But fortunately for George, the Republican majority in Congress is in
cahoots with him and the Democrats are idiots. So he's safe from
impeachment for at least two years. Two years after that and it'll be
President Schwarzenegger's turn.
 
 
 

Security update 2004-12-02

Post by Mike » Sat, 04 Dec 2004 13:58:06

In article < XXXX@XXXXX.COM >,




No, the minority lost. The majority won. Get over it already.

Mike
 
 
 

Security update 2004-12-02

Post by Michelle S » Sat, 04 Dec 2004 14:22:23

In article
< XXXX@XXXXX.COM >,



The X-face remains. That guy needs to be impeached for the sake of the
nation and of the world.

--
Stop Mad Cowboy Disease: Impeach the son of a Bush.
 
 
 

Security update 2004-12-02

Post by Michelle S » Sat, 04 Dec 2004 14:24:08

In article < XXXX@XXXXX.COM >,



It would take a constitutional amendment for him to be eligible to be
president.

--
Stop Mad Cowboy Disease: Impeach the son of a Bush.
 
 
 

Security update 2004-12-02

Post by M-M » Sat, 04 Dec 2004 14:44:06

In article < XXXX@XXXXX.COM >,



I found your picture, Michelle:

http://www.yqcomputer.com/
atic-party.jpg

m-m