Alert GCSA-07127 Apple Mac OS X Security Update 2007-009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
************************************************************************
Alert ID : GCSA-07127
Data : 20 Dicembre 2007
Titolo : Apple Mac OS X Security Update 2007-009
************************************************************************
:: Descrizione del problema
Apple ha rilasciato il Security Update 2007-009 per correggere
varie vulnerabilta' che affliggono il sistema operativo Mac OS X
ed alcune applicazioni distribuite insieme al sistema stesso.
:: Software interessato
Apple Mac OS X versione 10.4.11 (Tiger) e precedenti
Apple Mac OS X versione 10.5.1 (Leopard) e precedenti
Apple Mac OS X Server versione 10.4.11 (Tiger) e precedenti
Apple Mac OS X Server versione 10.5.1 (Leopard) e precedenti
* Address Book * python
* CFNetwork * Quick Look
* ColorSync * ruby
* Core Foundation * Safari
* CUPS * Safari RSS
* Desktop Services * Samba
* Flash Player Plug-in * Shockwave Plug-in
* GNU Tar * SMB
* iChat * Software Update
* IO Storage Family * Spin Tracer
* Launch Services * Spotlight
* Mail * tcpdump
* perl * XQuery
L'aggiornamento riguarda sia i sistemi Intel-based
sia quelli PowerPC-based.
:: Impatto
Esecuzione remota di codice arbitrario
Accesso ad informazioni sensibili
Denial of Service
:: Soluzione
Applicare l'aggiornamento attraverso lo strumento 'Software Update'
http://docs.info.apple.com/article.html?artnum=106704
o scaricandolo da Apple Downloads
http://www.apple.com/support/downloads/
:: Riferimenti
Apple - About Security Update 2007-009
http://docs.info.apple.com/article.html?artnum=307179
APPLE-SA-2007-12-17 Security Update 2007-009
http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html
Apple security updates
http://docs.info.apple.com/article.html?artnum=61798
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4708
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4709
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4710
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5847
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5848
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4351
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5849
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5850
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5476
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4131
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5851
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5853
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5854
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6165
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5855
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5116
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4965
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5856
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5857
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5770
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5379
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5380
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6077
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5858
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5859
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4572
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5398
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0024
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3876
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5863
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5860
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5861
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1218
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3798
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1659
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1660
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1661
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1662
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4766
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4767
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4768
Securityfocus Bugtraq ID
http://www.securityfocus.com/bid/26910
http://www.securityfocus.com/bid/26908
http://www.securityfocus.com/bid/26510
US-CERT
http://www.us-cert.gov/cas/techalerts/TA07-352A.html
http://www.us-cert.gov:80/cas/alerts/SA07-352A.html
CIAC Advisory
http://www.ciac.org/ciac/bulletins/s-090.shtml
Secunia
http://secunia.com/advisories/28136/
FrSirt
http://www.frsirt.com/english/advisories/2007/4238
-----BEGIN PGP SIGNATURE-----
iQCVAwUBR2o5ifOB+SpikaiRAQJgjwQAlwMwh8VngI9XnsGqaARTcLgyAQuYpTis
V9T548iYVuLp52lysdJZX2a/WVH8thWiUz7H4gQR/j1Emh6fZG9DfsAe9MJuIL2w
4MCjwTn1XRYzg8u1S+9WD4jyd8Q9q9ha4+lV2+3G8o30lt9fzE8Wuj0KhsdHmvPb
uNIgcGwZDQo=
=33V0
-----END PGP SIGNATURE-----
Hash: SHA1
************************************************************************
Alert ID : GCSA-07127
Data : 20 Dicembre 2007
Titolo : Apple Mac OS X Security Update 2007-009
************************************************************************
:: Descrizione del problema
Apple ha rilasciato il Security Update 2007-009 per correggere
varie vulnerabilta' che affliggono il sistema operativo Mac OS X
ed alcune applicazioni distribuite insieme al sistema stesso.
:: Software interessato
Apple Mac OS X versione 10.4.11 (Tiger) e precedenti
Apple Mac OS X versione 10.5.1 (Leopard) e precedenti
Apple Mac OS X Server versione 10.4.11 (Tiger) e precedenti
Apple Mac OS X Server versione 10.5.1 (Leopard) e precedenti
* Address Book * python
* CFNetwork * Quick Look
* ColorSync * ruby
* Core Foundation * Safari
* CUPS * Safari RSS
* Desktop Services * Samba
* Flash Player Plug-in * Shockwave Plug-in
* GNU Tar * SMB
* iChat * Software Update
* IO Storage Family * Spin Tracer
* Launch Services * Spotlight
* Mail * tcpdump
* perl * XQuery
L'aggiornamento riguarda sia i sistemi Intel-based
sia quelli PowerPC-based.
:: Impatto
Esecuzione remota di codice arbitrario
Accesso ad informazioni sensibili
Denial of Service
:: Soluzione
Applicare l'aggiornamento attraverso lo strumento 'Software Update'
http://docs.info.apple.com/article.html?artnum=106704
o scaricandolo da Apple Downloads
http://www.apple.com/support/downloads/
:: Riferimenti
Apple - About Security Update 2007-009
http://docs.info.apple.com/article.html?artnum=307179
APPLE-SA-2007-12-17 Security Update 2007-009
http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html
Apple security updates
http://docs.info.apple.com/article.html?artnum=61798
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4708
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4709
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4710
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5847
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5848
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4351
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5849
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5850
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5476
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4131
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5851
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5853
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5854
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6165
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5855
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5116
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4965
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5856
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5857
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5770
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5379
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5380
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6077
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5858
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5859
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4572
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5398
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0024
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3876
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5863
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5860
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5861
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1218
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3798
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1659
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1660
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1661
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1662
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4766
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4767
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4768
Securityfocus Bugtraq ID
http://www.securityfocus.com/bid/26910
http://www.securityfocus.com/bid/26908
http://www.securityfocus.com/bid/26510
US-CERT
http://www.us-cert.gov/cas/techalerts/TA07-352A.html
http://www.us-cert.gov:80/cas/alerts/SA07-352A.html
CIAC Advisory
http://www.ciac.org/ciac/bulletins/s-090.shtml
Secunia
http://secunia.com/advisories/28136/
FrSirt
http://www.frsirt.com/english/advisories/2007/4238
-----BEGIN PGP SIGNATURE-----
iQCVAwUBR2o5ifOB+SpikaiRAQJgjwQAlwMwh8VngI9XnsGqaARTcLgyAQuYpTis
V9T548iYVuLp52lysdJZX2a/WVH8thWiUz7H4gQR/j1Emh6fZG9DfsAe9MJuIL2w
4MCjwTn1XRYzg8u1S+9WD4jyd8Q9q9ha4+lV2+3G8o30lt9fzE8Wuj0KhsdHmvPb
uNIgcGwZDQo=
=33V0
-----END PGP SIGNATURE-----