Aggiornamento Sicurezza

[Peterpan]

E' in arrivo un aggiornamento di sicurezza: cito da TUAW.

Apple has just posted its latest security update. This update addresses a boatload of possible vulnerabilities including a number of core unix utilities as well as iChat and VPN. Without further ado, here's a quick rundown of the fixes and the vulnerabilities:

Alias Manager. Impact: Users may be misled into opening a substituted file

BIND. Impact: Multiple vulnerabilities in BIND, the most serious of which is remote denial of service

CoreGraphics. Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution

crontabs. Impact: The daily /tmp cleanup script may lead to a denial of service

fetchmail. Impact: fetchmail password disclosure may be possible

file. Impact: Running the file command on a maliciously crafted file may lead to an unexpected application termination or arbitrary code execution

iChat. Impact: An attacker on the local network may be able to cause a denial of service or arbitrary code execution

mDNSResponder. Impact: An attacker on the local network may be able to cause a denial of service or arbitrary code execution

PPP. Impact: A local user may obtain system privileges

ruby. Impact: Denial of service vulnerabilities in the Ruby CGI library

screen. Impact: Multiple denial of service vulnerabilities in GNU Screen

texinfo. Impact: A vulnerability in texinfo may allow arbitrary files to be overwritten

VPN. Impact: A local user may obtain system privileges

[avrobay]

Grazie

Scarichiamo!

Security Update 2007-005 è consigliato a tutti gli utenti e migliora la sicurezza dei seguenti componenti:

bind
CarbonCore
CoreGraphics
crontabs
fetchmail
file
iChat
mDNSResponder
PPP
ruby
screen
texinfo
VPN

A questo aggiornamento è stato incorporato l'aggiornamento Security Update 2007-004.

Per informazioni dettagliate su questo aggiornamento, consulta il sito web: http://docs.info.apple.com/article.html?artnum=61798-it.

[meigel]

Grazie della segnalazione... procedo!

Edit: il riavvio è stato "doppio" e piuttosto lungo (iMac G5 10.4.9)

[Truzzo]

Riavvio mooooolto lento. Vi dirò di più, dopo cinque minuti di rotella che girava, ho dovuto effettuare uno shout down. (MBP 15" 10.4.9)

[avrobay]

Tutto ok (a parte il doppio riavvio-coccolone) sul G4

[Roxx]

anche io 2 riavvii , MacBook Pro 2,16 2 G ram, vecchio di un mese

[maverick]

anche io due riavvi,e anche un pò lenti,imac intel core duo 1,83ghz

[LordSteve]

Security Update 2007-005 v1.1 (Universal)

Security Update 2007-005 v1.1 (PPC)


Versione 1.1 del Security Update 2007-005!

[iGodness]

Security Update 2007-006

What's New

WebCore

CVE-ID: CVE-2007-2401

Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9 or later, Mac OS X Server v10.4.9 or later

Impact: Visiting a malicious website may allow cross-site requests

Description: An HTTP injection issue exists in XMLHttpRequest when serializing headers into an HTTP request. By enticing a user to visit a maliciously crafted web page, an attacker could conduct cross-site scripting attacks. This update addresses the issue by performing additional validation of header parameters. Credit to Richard Moore of Westpoint Ltd. for reporting this issue.

WebKit

CVE-ID: CVE-2007-2399

Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9 or later, Mac OS X Server v10.4.9 or later

Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

Description: An invalid type conversion when rendering frame sets could lead to memory corruption. Visiting a maliciously crafted web page may lead to an unexpected application termination or arbitrary code execution. Credit to Rhys Kidd of Westnet for reporting this issue.

This document describes Security Update 2007-006, which can be downloaded and installed via Software Update preferences, or from Apple Downloads.

[simulacron]

Scaricato l'aggiornamento 2007-6.......