Alert GCSA-08008 Apple Mac OS X v10.5.2 e Security Update 2008-001
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
************************************************************************
Alert ID : GCSA-08008
Data : 12 febbraio 2008
Titolo : Apple Mac OS X v10.5.2 e Security Update 2008-001
************************************************************************
:: Descrizione del problema
Apple ha rilasciato il Security Update 2008-001 per correggere
varie vulnerabilta' che affliggono il sistema operativo Mac OS X
ed alcune applicazioni distribuite insieme al sistema stesso.
Contemporaneamente Apple ha rilasciato anche il Mac OS X 10.5.2 Update
che, oltre alle fix di sicurezza, contiene altre patch e miglioramenti.
:: Software interessato
Apple Mac OS X v10.4.11 (Tiger) e precedenti
Apple Mac OS X v10.5.1 (Leopard) e precedenti
Apple Mac OS X Server v10.4.11 (Tiger) e precedenti
Apple Mac OS X Server v10.5.1 (Leopard) e precedenti
* Directory Services
* Foundation
* Launch Services
* Mail
* NFS
* Open Directory
* Parental Controls
* Samba
* Terminal
* X11
L'aggiornamento riguarda sia i sistemi Intel-based
sia quelli PowerPC-based.
:: Impatto
Security Bypass
Accesso ad informazioni sensibili
Privilege escalation
Denial of Service
Esecuzione remota di codice arbitrario
:: Soluzione
Aggiornare a Mac OS X 10.5.2
Mac OS X 10.5.2 Combo Update
http://www.apple.com/support/downloads/macosx1052comboupdate.html
Mac OS X Server 10.5.2 Combo Update
http://www.apple.com/support/downloads/macosxserver1052comboupdate.html
oppure applicare il Security Update 2008-001 attraverso lo strumento
'Software Update'
http://docs.info.apple.com/article.html?artnum=106704
o scaricarlo da Apple Downloads
Security Update 2008-001 (Universal)
http://www.apple.com/support/downloads/securityupdate2008001universal.html
Security Update 2008-001 (PPC)
http://www.apple.com/support/downloads/securityupdate2008001ppc.html
:: Riferimenti
Apple - About the Security Update 2008-001
http://docs.info.apple.com/article.html?artnum=307430
Apple - About the Mac OS X 10.5.2 Update
http://docs.info.apple.com/article.html?artnum=307109
APPLE-SA-2008-02-11 Mac OS X v10.5.2 and Security Update 2008-001
http://lists.apple.com/archives/security-announce/2008//Feb/msg00002.html
Apple security updates
http://docs.info.apple.com/article.html?artnum=61798
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0355
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4568
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6015
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0035
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0037
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0038
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0039
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0040
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0041
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0042
Securityfocus Bugtraq ID
http://www.securityfocus.com/bid/27736
Secunia
http://secunia.com/advisories/28891/
FrSirt
http://www.frsirt.com/english/advisories/2008/0495
-----BEGIN PGP SIGNATURE-----
iQCVAwUBR7GqO/OB+SpikaiRAQJjMwP9G+yi1DpWXl44/1fNyrcA/R7wzg5DMJYv
+AjVY38HCDUSbPE+iPSLIRpFoLGlpc8yP91jyiDYcAWLLxPUT+Kv06WpF4+Cv8kW
aLs8SPxUdxJ8gtA2TodlY4DXxTFgabFG4vG2ukT50n1KeEB11QaOs6B/78eKAngl
+1qxShJpr1Q=
=RdWN
-----END PGP SIGNATURE-----
Hash: SHA1
************************************************************************
Alert ID : GCSA-08008
Data : 12 febbraio 2008
Titolo : Apple Mac OS X v10.5.2 e Security Update 2008-001
************************************************************************
:: Descrizione del problema
Apple ha rilasciato il Security Update 2008-001 per correggere
varie vulnerabilta' che affliggono il sistema operativo Mac OS X
ed alcune applicazioni distribuite insieme al sistema stesso.
Contemporaneamente Apple ha rilasciato anche il Mac OS X 10.5.2 Update
che, oltre alle fix di sicurezza, contiene altre patch e miglioramenti.
:: Software interessato
Apple Mac OS X v10.4.11 (Tiger) e precedenti
Apple Mac OS X v10.5.1 (Leopard) e precedenti
Apple Mac OS X Server v10.4.11 (Tiger) e precedenti
Apple Mac OS X Server v10.5.1 (Leopard) e precedenti
* Directory Services
* Foundation
* Launch Services
* NFS
* Open Directory
* Parental Controls
* Samba
* Terminal
* X11
L'aggiornamento riguarda sia i sistemi Intel-based
sia quelli PowerPC-based.
:: Impatto
Security Bypass
Accesso ad informazioni sensibili
Privilege escalation
Denial of Service
Esecuzione remota di codice arbitrario
:: Soluzione
Aggiornare a Mac OS X 10.5.2
Mac OS X 10.5.2 Combo Update
http://www.apple.com/support/downloads/macosx1052comboupdate.html
Mac OS X Server 10.5.2 Combo Update
http://www.apple.com/support/downloads/macosxserver1052comboupdate.html
oppure applicare il Security Update 2008-001 attraverso lo strumento
'Software Update'
http://docs.info.apple.com/article.html?artnum=106704
o scaricarlo da Apple Downloads
Security Update 2008-001 (Universal)
http://www.apple.com/support/downloads/securityupdate2008001universal.html
Security Update 2008-001 (PPC)
http://www.apple.com/support/downloads/securityupdate2008001ppc.html
:: Riferimenti
Apple - About the Security Update 2008-001
http://docs.info.apple.com/article.html?artnum=307430
Apple - About the Mac OS X 10.5.2 Update
http://docs.info.apple.com/article.html?artnum=307109
APPLE-SA-2008-02-11 Mac OS X v10.5.2 and Security Update 2008-001
http://lists.apple.com/archives/security-announce/2008//Feb/msg00002.html
Apple security updates
http://docs.info.apple.com/article.html?artnum=61798
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0355
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4568
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6015
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0035
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0037
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0038
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0039
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0040
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0041
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0042
Securityfocus Bugtraq ID
http://www.securityfocus.com/bid/27736
Secunia
http://secunia.com/advisories/28891/
FrSirt
http://www.frsirt.com/english/advisories/2008/0495
-----BEGIN PGP SIGNATURE-----
iQCVAwUBR7GqO/OB+SpikaiRAQJjMwP9G+yi1DpWXl44/1fNyrcA/R7wzg5DMJYv
+AjVY38HCDUSbPE+iPSLIRpFoLGlpc8yP91jyiDYcAWLLxPUT+Kv06WpF4+Cv8kW
aLs8SPxUdxJ8gtA2TodlY4DXxTFgabFG4vG2ukT50n1KeEB11QaOs6B/78eKAngl
+1qxShJpr1Q=
=RdWN
-----END PGP SIGNATURE-----