Alert GCSA-08028 - Apple Security Update 2008-002
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-08028
Data : 21 Marzo 2008
Titolo : Apple Security Update 2008-002
******************************************************************
:: Descrizione del problema
Apple ha rilasciato il Security Update 2008-002 per correggere
varie vulnerabilta' che affliggono il sistema operativo Mac OS X
ed alcune applicazioni distribuite insieme al sistema stesso.
:: Software interessato:
Apple Mac OS X versioni precedenti alla 10.4.11 compresa e v. 10.5.2
Apple Mac OS X Server versioni precedenti alla 10.4.11 e v. 10.5.1
* AFP Client
* AFP Server
* Apache
* AppKit
* Application Firewall
* CFNetwork
* ClamAV
* CoreFoundation
* CoreServices
* CUPS
* curl
* Emacs
* file
* Foundation
* Help Viewer
* Image Raw
* Kerberos
* libc
* mDNSResponder
* notifyd
* OpenSSH
* pax
* PHP
* Podcast Producer
* Preview
* Printing
* System Configuration
* UDF
* Wiki Server
* X11
:: Impatto
denial-of-service
diffusione di informazioni sensibili
bypass delle restrizioni di sicurezza
compromissione di un sistema vulnerabile
esecuzione di codice arbitrario
:: Soluzioni
Applicare il Security Update 2008-002 attraverso lo strumento
'Software Update' o scaricarlo da Apple Downloads:
Security Update 2008-002 v1.0 (PPC):
http://www.apple.com/support/downloads/securityupdate2008002v10ppc.html
Security Update 2008-002 v1.0 (Universal):
http://www.apple.com/support/downloads/securityupdate2008002v10universal.html
Security Update 2008-002 v1.0 (Leopard):
http://www.apple.com/support/downloads/securityupdate2008002v10leopard.html
Security Update 2008-002 v1.0 Server (Leopard):
http://www.apple.com/support/download...ityupdate2008002v10serverleopard.html
Security Update 2008-002 v1.0 Server (PPC):
http://www.apple.com/support/downloads/securityupdate2008002v10serverppc.html
Security Update 2008-002 v1.0 Server (Universal):
http://www.apple.com/support/download...yupdate2008002v10serveruniversal.html
:: Riferimenti
Apple - About the Security Update 2008-002
http://docs.info.apple.com/article.html?artnum=307562
FrSirt
http://www.frsirt.com/english/advisories/2008/0924
Secunia
http://secunia.com/advisories/29420/
Security Focus
http://www.securityfocus.com/bid/28365
http://www.securityfocus.com/bid/28344
http://www.securityfocus.com/bid/28345
http://www.securityfocus.com/bid/28343
http://www.securityfocus.com/bid/28340
http://www.securityfocus.com/bid/28339
http://www.securityfocus.com/bid/28341
http://www.securityfocus.com/bid/28323
US-CERT - Technical Cyber Security Alert TA08-079A
http://www.us-cert.gov/cas/techalerts/TA08-079A.html
Mitre's CVE ID:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3352
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3334
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3747
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5793
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6481
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0897
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0898
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3725
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1659
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1660
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1661
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1662
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1745
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1997
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2445
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2799
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3378
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3799
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3847
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4510
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4560
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4568
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4752
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4766
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4767
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4768
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4887
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4990
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5000
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5266
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5267
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5268
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5795
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5958
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5971
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6109
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6203
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6335
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6336
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6337
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6388
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6421
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6427
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6428
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6429
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0005
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0006
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0044
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0045
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0046
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0047
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0048
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0049
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0050
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0051
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0052
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0053
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0054
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0055
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0056
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0058
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0059
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0060
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0062
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0063
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0318
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0596
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0728
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0882
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0987
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0988
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0989
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0990
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0992
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0993
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0994
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0995
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0996
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0998
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0999
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1000
-----BEGIN PGP SIGNATURE-----
iQCVAwUBR+O+WvOB+SpikaiRAQKJvQP+MH2W3CNU2dw/MjsGZZa2GLxuB2N2NdZV
Jng33kySrkoe6bC9jLYsmceojHmcJwQZAc9SnolVYJg0n8rOYC8akiFOu3y1KsaO
ePApi28u234hhjS4p4pH+HarilyGkc2eMx5ySuLh+Mr1P4l3RakPNfJ4fbtZ9g9p
OkNdo8JI26M=
=8Rjl
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-08028
Data : 21 Marzo 2008
Titolo : Apple Security Update 2008-002
******************************************************************
:: Descrizione del problema
Apple ha rilasciato il Security Update 2008-002 per correggere
varie vulnerabilta' che affliggono il sistema operativo Mac OS X
ed alcune applicazioni distribuite insieme al sistema stesso.
:: Software interessato:
Apple Mac OS X versioni precedenti alla 10.4.11 compresa e v. 10.5.2
Apple Mac OS X Server versioni precedenti alla 10.4.11 e v. 10.5.1
* AFP Client
* AFP Server
* Apache
* AppKit
* Application Firewall
* CFNetwork
* ClamAV
* CoreFoundation
* CoreServices
* CUPS
* curl
* Emacs
* file
* Foundation
* Help Viewer
* Image Raw
* Kerberos
* libc
* mDNSResponder
* notifyd
* OpenSSH
* pax
* PHP
* Podcast Producer
* Preview
* Printing
* System Configuration
* UDF
* Wiki Server
* X11
:: Impatto
denial-of-service
diffusione di informazioni sensibili
bypass delle restrizioni di sicurezza
compromissione di un sistema vulnerabile
esecuzione di codice arbitrario
:: Soluzioni
Applicare il Security Update 2008-002 attraverso lo strumento
'Software Update' o scaricarlo da Apple Downloads:
Security Update 2008-002 v1.0 (PPC):
http://www.apple.com/support/downloads/securityupdate2008002v10ppc.html
Security Update 2008-002 v1.0 (Universal):
http://www.apple.com/support/downloads/securityupdate2008002v10universal.html
Security Update 2008-002 v1.0 (Leopard):
http://www.apple.com/support/downloads/securityupdate2008002v10leopard.html
Security Update 2008-002 v1.0 Server (Leopard):
http://www.apple.com/support/download...ityupdate2008002v10serverleopard.html
Security Update 2008-002 v1.0 Server (PPC):
http://www.apple.com/support/downloads/securityupdate2008002v10serverppc.html
Security Update 2008-002 v1.0 Server (Universal):
http://www.apple.com/support/download...yupdate2008002v10serveruniversal.html
:: Riferimenti
Apple - About the Security Update 2008-002
http://docs.info.apple.com/article.html?artnum=307562
FrSirt
http://www.frsirt.com/english/advisories/2008/0924
Secunia
http://secunia.com/advisories/29420/
Security Focus
http://www.securityfocus.com/bid/28365
http://www.securityfocus.com/bid/28344
http://www.securityfocus.com/bid/28345
http://www.securityfocus.com/bid/28343
http://www.securityfocus.com/bid/28340
http://www.securityfocus.com/bid/28339
http://www.securityfocus.com/bid/28341
http://www.securityfocus.com/bid/28323
US-CERT - Technical Cyber Security Alert TA08-079A
http://www.us-cert.gov/cas/techalerts/TA08-079A.html
Mitre's CVE ID:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3352
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3334
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3747
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5793
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6481
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0897
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0898
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3725
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1659
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1660
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1661
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1662
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1745
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1997
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2445
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2799
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3378
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3799
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3847
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4510
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4560
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4568
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4752
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4766
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4767
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4768
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4887
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4990
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5000
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5266
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5267
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5268
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5795
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5958
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5971
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6109
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6203
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6335
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6336
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6337
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6388
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6421
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6427
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6428
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6429
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0005
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0006
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0044
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0045
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0046
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0047
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0048
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0049
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0050
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0051
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0052
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0053
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0054
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0055
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0056
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0058
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0059
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0060
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0062
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0063
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0318
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0596
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0728
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0882
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0987
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0988
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0989
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0990
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0992
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0993
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0994
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0995
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0996
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0998
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0999
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1000
-----BEGIN PGP SIGNATURE-----
iQCVAwUBR+O+WvOB+SpikaiRAQKJvQP+MH2W3CNU2dw/MjsGZZa2GLxuB2N2NdZV
Jng33kySrkoe6bC9jLYsmceojHmcJwQZAc9SnolVYJg0n8rOYC8akiFOu3y1KsaO
ePApi28u234hhjS4p4pH+HarilyGkc2eMx5ySuLh+Mr1P4l3RakPNfJ4fbtZ9g9p
OkNdo8JI26M=
=8Rjl
-----END PGP SIGNATURE-----