Aggiornamento Sicurezza
Aggiornamento Sicurezza
E' in arrivo un aggiornamento di sicurezza: cito da TUAW.
Apple has just posted its latest security update. This update addresses a boatload of possible vulnerabilities including a number of core unix utilities as well as iChat and VPN. Without further ado, here's a quick rundown of the fixes and the vulnerabilities:
Alias Manager. Impact: Users may be misled into opening a substituted file
BIND. Impact: Multiple vulnerabilities in BIND, the most serious of which is remote denial of service
CoreGraphics. Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution
crontabs. Impact: The daily /tmp cleanup script may lead to a denial of service
fetchmail. Impact: fetchmail password disclosure may be possible
file. Impact: Running the file command on a maliciously crafted file may lead to an unexpected application termination or arbitrary code execution
iChat. Impact: An attacker on the local network may be able to cause a denial of service or arbitrary code execution
mDNSResponder. Impact: An attacker on the local network may be able to cause a denial of service or arbitrary code execution
PPP. Impact: A local user may obtain system privileges
ruby. Impact: Denial of service vulnerabilities in the Ruby CGI library
screen. Impact: Multiple denial of service vulnerabilities in GNU Screen
texinfo. Impact: A vulnerability in texinfo may allow arbitrary files to be overwritten
VPN. Impact: A local user may obtain system privileges
Apple has just posted its latest security update. This update addresses a boatload of possible vulnerabilities including a number of core unix utilities as well as iChat and VPN. Without further ado, here's a quick rundown of the fixes and the vulnerabilities:
Alias Manager. Impact: Users may be misled into opening a substituted file
BIND. Impact: Multiple vulnerabilities in BIND, the most serious of which is remote denial of service
CoreGraphics. Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution
crontabs. Impact: The daily /tmp cleanup script may lead to a denial of service
fetchmail. Impact: fetchmail password disclosure may be possible
file. Impact: Running the file command on a maliciously crafted file may lead to an unexpected application termination or arbitrary code execution
iChat. Impact: An attacker on the local network may be able to cause a denial of service or arbitrary code execution
mDNSResponder. Impact: An attacker on the local network may be able to cause a denial of service or arbitrary code execution
PPP. Impact: A local user may obtain system privileges
ruby. Impact: Denial of service vulnerabilities in the Ruby CGI library
screen. Impact: Multiple denial of service vulnerabilities in GNU Screen
texinfo. Impact: A vulnerability in texinfo may allow arbitrary files to be overwritten
VPN. Impact: A local user may obtain system privileges
Chi non accetta critiche o discussioni e fa tutto per evitarle è un cialtrone, digli di smettere !!!
Grazie 
Scarichiamo!
Security Update 2007-005 è consigliato a tutti gli utenti e migliora la sicurezza dei seguenti componenti:
bind
CarbonCore
CoreGraphics
crontabs
fetchmail
file
iChat
mDNSResponder
PPP
ruby
screen
texinfo
VPN
A questo aggiornamento è stato incorporato l'aggiornamento Security Update 2007-004.
Per informazioni dettagliate su questo aggiornamento, consulta il sito web: http://docs.info.apple.com/article.html?artnum=61798-it.
Scarichiamo!
Security Update 2007-005 è consigliato a tutti gli utenti e migliora la sicurezza dei seguenti componenti:
bind
CarbonCore
CoreGraphics
crontabs
fetchmail
file
iChat
mDNSResponder
PPP
ruby
screen
texinfo
VPN
A questo aggiornamento è stato incorporato l'aggiornamento Security Update 2007-004.
Per informazioni dettagliate su questo aggiornamento, consulta il sito web: http://docs.info.apple.com/article.html?artnum=61798-it.
Chi copia è un cialtrone. Digli di smettere! - Gianni Cresci
Re: Aggiornamento Sicurezza
Grazie della segnalazione... procedo!
Edit: il riavvio è stato "doppio" e piuttosto lungo (iMac G5 10.4.9)
Edit: il riavvio è stato "doppio" e piuttosto lungo (iMac G5 10.4.9)
If your kids want to paint their bedrooms, as a favor to me, let ‘em do it.
Randy Pausch
Randy Pausch
Riavvio mooooolto lento. Vi dirò di più, dopo cinque minuti di rotella che girava, ho dovuto effettuare uno shout down. (MBP 15" 10.4.9)
Memento gAudere Semper
---------------------------------------
Ciò che nella vita reale mi ha sempre e ovunque ostacolato è stata la mia incapacità di farmi un'idea autentica della meschinità e della bassezza degli uomini. (A. Schopenhauer)
---------------------------------------
Ciò che nella vita reale mi ha sempre e ovunque ostacolato è stata la mia incapacità di farmi un'idea autentica della meschinità e della bassezza degli uomini. (A. Schopenhauer)
Tutto ok (a parte il doppio riavvio-coccolone) sul G4
Chi copia è un cialtrone. Digli di smettere! - Gianni Cresci
Security Update 2007-005 v1.1 (Universal)
Security Update 2007-005 v1.1 (PPC)
Versione 1.1 del Security Update 2007-005!
Security Update 2007-005 v1.1 (PPC)
Versione 1.1 del Security Update 2007-005!
Security Update 2007-006
What's New
WebCore
CVE-ID: CVE-2007-2401
Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9 or later, Mac OS X Server v10.4.9 or later
Impact: Visiting a malicious website may allow cross-site requests
Description: An HTTP injection issue exists in XMLHttpRequest when serializing headers into an HTTP request. By enticing a user to visit a maliciously crafted web page, an attacker could conduct cross-site scripting attacks. This update addresses the issue by performing additional validation of header parameters. Credit to Richard Moore of Westpoint Ltd. for reporting this issue.
WebKit
CVE-ID: CVE-2007-2399
Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9 or later, Mac OS X Server v10.4.9 or later
Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Description: An invalid type conversion when rendering frame sets could lead to memory corruption. Visiting a maliciously crafted web page may lead to an unexpected application termination or arbitrary code execution. Credit to Rhys Kidd of Westnet for reporting this issue.
This document describes Security Update 2007-006, which can be downloaded and installed via Software Update preferences, or from Apple Downloads.
What's New
WebCore
CVE-ID: CVE-2007-2401
Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9 or later, Mac OS X Server v10.4.9 or later
Impact: Visiting a malicious website may allow cross-site requests
Description: An HTTP injection issue exists in XMLHttpRequest when serializing headers into an HTTP request. By enticing a user to visit a maliciously crafted web page, an attacker could conduct cross-site scripting attacks. This update addresses the issue by performing additional validation of header parameters. Credit to Richard Moore of Westpoint Ltd. for reporting this issue.
WebKit
CVE-ID: CVE-2007-2399
Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9 or later, Mac OS X Server v10.4.9 or later
Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Description: An invalid type conversion when rendering frame sets could lead to memory corruption. Visiting a maliciously crafted web page may lead to an unexpected application termination or arbitrary code execution. Credit to Rhys Kidd of Westnet for reporting this issue.
This document describes Security Update 2007-006, which can be downloaded and installed via Software Update preferences, or from Apple Downloads.
-
simulacron
- Mac Peer Aficionado
- Posts: 335
- Joined: Sun Dec 04, 2005 8:28 pm
