SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (UNIX)  >   Apple macOS/OS X Vendors:   Apple
Apple Mac OS X Has Unspecified Flaws in Package Installation
SecurityTracker Alert ID:  1010331
SecurityTracker URL:  http://securitytracker.com/id/1010331
CVE Reference:   CVE-2004-0516, CVE-2004-0517   (Links to External Site)
Updated:  Jun 3 2004
Original Entry Date:  May 29 2004
Impact:   Not specified
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): Mac OS X prior to 10.3.4
Description:   A vulnerability was reported in Apple's Mac OS X in package installation. The impact was not specified.

Apple reported that there are two package installation security issues, one involving package installation scripts [CVE: CVE-2004-0516] and the other involving the handling of process IDs during package installation [CVE: CVE-2004-0517].

No further details were provided.

The vendor credits aaron@vtty.com with reporting these isssues.

Impact:   The impact was not specified.
Solution:   Apple has released a fix as part of Mac OS X 10.3.4, available at:

* Software Update pane in System Preferences

* Apple's Software Downloads web site:

Updating from Mac OS X 10.3.3

http://www.apple.com/support/downloads/macosxupdate_10_3_4.html
The download file is named: "MacOSXUpdate10.3.4.dmg"
Its SHA-1 digest is: dd2e1576cfd2792f0c012d552d41556192ce7415

Updating from Mac OS X 10.3 - 10.3.2

http://www.apple.com/support/downloads/macosxcombined1034update.html
The download file is named: "MacOSXUpdateCombo10.3.4.dmg"
Its SHA-1 digest is: 061a2560cdd239e8d60e36678a3ea31d1aef5534

Updating from Mac OS X Server 10.3.3

http://www.apple.com/support/downloads/macosxupdate_10_3_4.html
The download file is named: "MacOSXServerUpdate10.3.4.dmg"
Its SHA-1 digest is: c9d04735eb1b381fe8786cc1424fa734abb28c32

Updating from Mac OS X Server 10.3 - 10.3.2

http://www.apple.com/support/downloads/macosxcombinedserver1034update.html
The download file is named: "MacOSXSrvrUpdCombo10.3.4.dmg"
Its SHA-1 digest is: 2579754ab996c4e070bd3bd7c3789792754e6adc

Vendor URL:  docs.info.apple.com/article.html?artnum=61798 (Links to External Site)
Cause:   Not specified

Message History:   None.


 Source Message Contents

Subject:  APPLE-SA-2004-05-28 Mac OS X 10.3.4


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2004-05-28 Mac OS X Update 10.3.4

Mac OS X Update 10.3.4 is now available and contains security
enhancements for the following:

NFS: Improves logging when tracing system calls.  Credit to David
Brown <dave@spoonguard.org> for reporting this issue.

LoginWindow: Improves the handling of directory services lookups and
console log files.  Credit to aaron@vtty.com for reporting the issue.

Packaging: Improves package installation.  Credit to aaron@vtty.com
for reporting the isssue.

TCP/IP: provides better handling of out-of-sequence TCP packets.

AppleFileServer: Improves the use of SSH and reporting errors.

Terminal: Improves the handling of URLs.  Credit to Rene Puls
<rpuls@gmx.net> for reporting this issue.

Note:  CVE Candidate IDs will be published to the Security Updates
page when available:
http://docs.info.apple.com/article.html?artnum=61798

================================================

Mac OS X 10.3.4 may be obtained from:

* Software Update pane in System Preferences

* Apple's Software Downloads web site:

Updating from Mac OS X 10.3.3
=============================
http://www.apple.com/support/downloads/macosxupdate_10_3_4.html
The download file is named: "MacOSXUpdate10.3.4.dmg"
Its SHA-1 digest is: dd2e1576cfd2792f0c012d552d41556192ce7415

Updating from Mac OS X 10.3 - 10.3.2
====================================
http://www.apple.com/support/downloads/macosxcombined1034update.html
The download file is named: "MacOSXUpdateCombo10.3.4.dmg"
Its SHA-1 digest is: 061a2560cdd239e8d60e36678a3ea31d1aef5534

Updating from Mac OS X Server 10.3.3
====================================
http://www.apple.com/support/downloads/macosxupdate_10_3_4.html
The download file is named: "MacOSXServerUpdate10.3.4.dmg"
Its SHA-1 digest is: c9d04735eb1b381fe8786cc1424fa734abb28c32

Updating from Mac OS X Server 10.3 - 10.3.2
===========================================
http://www.apple.com/support/downloads/macosxcombinedserver1034update.
html
The download file is named: "MacOSXSrvrUpdCombo10.3.4.dmg"
Its SHA-1 digest is: 2579754ab996c4e070bd3bd7c3789792754e6adc

Information will also be posted to the Apple Product Security web
site:
http://docs.info.apple.com/article.html?artnum=61798

This message is signed with Apple's Product Security PGP key, and
details are available at:
http://www.apple.com/support/security/security_pgp.html

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.2

iQEVAwUBQLfX+Jyw5owIz4TQAQK+sgf9H3P1/mVZGdqjnejfIezii+jzQnZZaZuv
tCbePSyLEKrn6evHZvUyEdRVIpcbZAU3ymxCNPgg/Mv5gdln/PAdUSYb/wvtUbxM
CB08zYqpD8IsPS5zay8SotYPJsXw+RagbI4zjB8i+mm9Wep/R/zu/iC0G/3/6ItN
qeD8hTF0spGqSrGR0XAUiIBKmUCvel4KFcvxADwGrjCjCUOleQlwE8+nkdUc3/Cd
53oREzuqsboTjaQOcqAToj9n9JzT9R5Oip0PngkXOloAp8ITKQAj6kLrAYMxTe5l
piMH6xElS8VydC7M1wZchUxYHdhKFtlHC/6fWPP/k2vT/QGyt7+pWA==
=C0Or
-----END PGP SIGNATURE-----
_______________________________________________
security-announce mailing list | security-announce@lists.apple.com
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/security-announce
Do not post admin requests to the list. They will be ignored.


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC