Alert GCSA-08126 - Apple Security Update 2008-008 / Mac OS X 10.5.6
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
************************************************************************
Alert ID : GCSA-08126
Data : 17 dicembre 2008
Titolo : Apple Security Update 2008-008 / Mac OS X 10.5.6
************************************************************************
:: Descrizione del problema
Apple ha rilasciato il Security Update 2008-008 per correggere
varie vulnerabilta' che affliggono il sistema operativo Mac OS X
ed alcune applicazioni distribuite insieme al sistema stesso.
L'update aggiorna il sistema alla versione 10.5.6.
L'aggiornamento riguarda sia i sistemi Intel-based
sia quelli PowerPC-based, nelle versioni client e server.
:: Software interessato
Apple Mac OS X versioni 10.4.11 (Tiger) e precedenti
Apple Mac OS X versioni 10.5.5 (Leopard) e precedenti
:: Impatto
Arbitrary code execution
Sensitive information disclosure
Denial of service
Privilege escalation
Cross Site Scripting
:: Soluzione
Applicare il Security Update 2008-008 attraverso lo strumento
'Software Update' (http://support.apple.com/kb/HT1338)
o scaricandolo da Apple Downloads:
Security Update 2008-008 (Client Intel)
http://www.apple.com/downloads/macosx/apple/security_updates/securityupdate2008008clientintel.html
Security Update 2008-008 (Client PPC)
http://www.apple.com/downloads/macosx/apple/security_updates/securityupdate2008008clientppc.html
Security Update 2008-008 (Server Universal)
http://www.apple.com/downloads/macosx/apple/security_updates/securityupdate2008008serveruniversal.html
Security Update 2008-008 (Server PPC)
http://www.apple.com/downloads/macosx/apple/security_updates/securityupdate2008008serverppc.html
Apple Support Downloads
http://support.apple.com/downloads/
:: Riferimenti
Apple - About Security Update 2008-008 / Mac OS X v10.5.6
http://support.apple.com/kb/HT3338
Apple Security Updates
http://support.apple.com/kb/HT1222
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1391
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3170
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3623
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4217
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4218
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4219
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4220
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4221
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4222
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4223
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4224
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4234
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4236
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4237
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4818
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4819
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4820
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4821
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4822
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4823
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4824
Secunia
http://secunia.com/advisories/33179/
US-CERT
http://www.us-cert.gov/cas/techalerts/TA08-350A.html
-----BEGIN PGP SIGNATURE-----
iQCVAwUBSUjfU/OB+SpikaiRAQIdXQP/SBzrtpz8TmCmW5eajMDEf9o+stDDgfOM
AP47IJEKjOROPcSTi5LMKMwrrmjtCZsjDPQBozVV2tIfjVfNgQjr/zJAvo+7xOrR
jOMuy4OMkeWnwtPvf5+MA/NOZiChSw7wkpjBHsrYEhCWoDodb4TMkDDWEg32pbSq
y4wAuXjvfp0=
=XFlg
-----END PGP SIGNATURE-----
Hash: SHA1
************************************************************************
Alert ID : GCSA-08126
Data : 17 dicembre 2008
Titolo : Apple Security Update 2008-008 / Mac OS X 10.5.6
************************************************************************
:: Descrizione del problema
Apple ha rilasciato il Security Update 2008-008 per correggere
varie vulnerabilta' che affliggono il sistema operativo Mac OS X
ed alcune applicazioni distribuite insieme al sistema stesso.
L'update aggiorna il sistema alla versione 10.5.6.
L'aggiornamento riguarda sia i sistemi Intel-based
sia quelli PowerPC-based, nelle versioni client e server.
:: Software interessato
Apple Mac OS X versioni 10.4.11 (Tiger) e precedenti
Apple Mac OS X versioni 10.5.5 (Leopard) e precedenti
:: Impatto
Arbitrary code execution
Sensitive information disclosure
Denial of service
Privilege escalation
Cross Site Scripting
:: Soluzione
Applicare il Security Update 2008-008 attraverso lo strumento
'Software Update' (http://support.apple.com/kb/HT1338)
o scaricandolo da Apple Downloads:
Security Update 2008-008 (Client Intel)
http://www.apple.com/downloads/macosx/apple/security_updates/securityupdate2008008clientintel.html
Security Update 2008-008 (Client PPC)
http://www.apple.com/downloads/macosx/apple/security_updates/securityupdate2008008clientppc.html
Security Update 2008-008 (Server Universal)
http://www.apple.com/downloads/macosx/apple/security_updates/securityupdate2008008serveruniversal.html
Security Update 2008-008 (Server PPC)
http://www.apple.com/downloads/macosx/apple/security_updates/securityupdate2008008serverppc.html
Apple Support Downloads
http://support.apple.com/downloads/
:: Riferimenti
Apple - About Security Update 2008-008 / Mac OS X v10.5.6
http://support.apple.com/kb/HT3338
Apple Security Updates
http://support.apple.com/kb/HT1222
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1391
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3170
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3623
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4217
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4218
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4219
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4220
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4221
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4222
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4223
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4224
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4234
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4236
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4237
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4818
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4819
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4820
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4821
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4822
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4823
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4824
Secunia
http://secunia.com/advisories/33179/
US-CERT
http://www.us-cert.gov/cas/techalerts/TA08-350A.html
-----BEGIN PGP SIGNATURE-----
iQCVAwUBSUjfU/OB+SpikaiRAQIdXQP/SBzrtpz8TmCmW5eajMDEf9o+stDDgfOM
AP47IJEKjOROPcSTi5LMKMwrrmjtCZsjDPQBozVV2tIfjVfNgQjr/zJAvo+7xOrR
jOMuy4OMkeWnwtPvf5+MA/NOZiChSw7wkpjBHsrYEhCWoDodb4TMkDDWEg32pbSq
y4wAuXjvfp0=
=XFlg
-----END PGP SIGNATURE-----