Alert GCSA-08050 - Apple Security Update 2008-003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-08050
Data : 30 Maggio 2008
Titolo : Apple Security Update 2008-003
******************************************************************
:: Descrizione del problema
Apple ha rilasciato il Security Update 2008-003 per correggere
varie vulnerabilta' che affliggono il sistema operativo Mac OS X
ed alcune applicazioni distribuite insieme al sistema stesso.
:: Software interessato:
Apple Mac OS X versioni precedenti alla 10.5.3
Apple Mac OS X Server versioni precedenti alla 10.4.11
* AFP Server
* Apache
* AppKit
* Apple Pixlet Video
* ATS
* CFNetwork
* ClamAV
* CoreFoundation
* CoreGraphics
* CoreTypes
* CUPS
* Flash Player Plugin
* Help Viewer
* iCal
* International Components for Unicode
* Image Capture
* ImageIO
* Kernel
* LoginWindow
* Mail
* ruby
* Single Sign-On
* Wiki Server
:: Impatto
denial-of-service
system shutdown
diffusione di informazioni sensibili
bypass delle restrizioni di sicurezza
compromissione di un sistema vulnerabile
esecuzione di codice arbitrario
:: Soluzioni
Applicare il Security Update 2008-003 attraverso lo strumento
'Software Update' o scaricarlo da Apple Downloads:
Security Update 2008-003 (PPC):
http://www.apple.com/support/downloads/securityupdate2008003ppc.html
Security Update 2008-003 Server (PPC):
http://www.apple.com/support/downloads/securityupdate2008003serverppc.html
Security Update 2008-003 Server (Universal):
http://www.apple.com/support/downloads/securityupdate2008003serveruniversal.html
Security Update 2008-003 (Intel):
http://www.apple.com/support/downloads/securityupdate2008003intel.html
Mac OS X 10.5.3 Combo Update:
http://www.apple.com/support/downloads/macosx1053comboupdate.html
Mac OS X 10.5.3 Update:
http://www.apple.com/support/downloads/macosx1053update.html
Mac OS X Server 10.5.3 Combo Update:
http://www.apple.com/support/downloads/macosxserver1053comboupdate.html
Mac OS X Server 10.5.3 Update:
http://www.apple.com/support/downloads/macosxserver1053update.html
:: Riferimenti
Apple - About the Security Update 2008-003
http://support.apple.com/kb/HT1897
FrSirt
http://www.frsirt.com/english/advisories/2008/1697/
Secunia
http://secunia.com/advisories/29420/
Security Focus
http://www.securityfocus.com/bid/29412
http://www.securityfocus.com/bid/26840
http://www.securityfocus.com/bid/28632
http://www.securityfocus.com/bid/28633
http://www.securityfocus.com/bid/28629
US-CERT - Technical Cyber Security Alert TA08-079A
http://www.uscert.gov/cas/techalerts/TA08-150A.htmll
Mitre's CVE ID:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1027
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3352
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3357
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3747
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1863
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3847
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4465
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5000
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6388
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1028
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1577
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1575
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1580
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1030
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1031
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1032
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1033
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5275
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6243
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6637
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6019
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0071
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1655
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1654
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1034
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1035
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1036
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1571
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1572
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1573
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5266
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1574
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0177
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6359
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1576
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6612
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1578
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1579
-----BEGIN PGP SIGNATURE-----
iQCVAwUBSD/ThPOB+SpikaiRAQKM0AP+I+7pqLzEvml60vYoS1NGShPkzeDJ56+B
3ebFulYr3X9S9FmfJQKj4K600evHUxDYMW/MfSSiMxjuM26rFECEH8GnSl2EhOQd
cbrbZO+fOpAjbGqOKtwnOdiANPNBlfoIi/EhVdiliJJ5NrAvMJxqXotwELVnW40w
wKVrbBabFAk=
=muD4
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-08050
Data : 30 Maggio 2008
Titolo : Apple Security Update 2008-003
******************************************************************
:: Descrizione del problema
Apple ha rilasciato il Security Update 2008-003 per correggere
varie vulnerabilta' che affliggono il sistema operativo Mac OS X
ed alcune applicazioni distribuite insieme al sistema stesso.
:: Software interessato:
Apple Mac OS X versioni precedenti alla 10.5.3
Apple Mac OS X Server versioni precedenti alla 10.4.11
* AFP Server
* Apache
* AppKit
* Apple Pixlet Video
* ATS
* CFNetwork
* ClamAV
* CoreFoundation
* CoreGraphics
* CoreTypes
* CUPS
* Flash Player Plugin
* Help Viewer
* iCal
* International Components for Unicode
* Image Capture
* ImageIO
* Kernel
* LoginWindow
* ruby
* Single Sign-On
* Wiki Server
:: Impatto
denial-of-service
system shutdown
diffusione di informazioni sensibili
bypass delle restrizioni di sicurezza
compromissione di un sistema vulnerabile
esecuzione di codice arbitrario
:: Soluzioni
Applicare il Security Update 2008-003 attraverso lo strumento
'Software Update' o scaricarlo da Apple Downloads:
Security Update 2008-003 (PPC):
http://www.apple.com/support/downloads/securityupdate2008003ppc.html
Security Update 2008-003 Server (PPC):
http://www.apple.com/support/downloads/securityupdate2008003serverppc.html
Security Update 2008-003 Server (Universal):
http://www.apple.com/support/downloads/securityupdate2008003serveruniversal.html
Security Update 2008-003 (Intel):
http://www.apple.com/support/downloads/securityupdate2008003intel.html
Mac OS X 10.5.3 Combo Update:
http://www.apple.com/support/downloads/macosx1053comboupdate.html
Mac OS X 10.5.3 Update:
http://www.apple.com/support/downloads/macosx1053update.html
Mac OS X Server 10.5.3 Combo Update:
http://www.apple.com/support/downloads/macosxserver1053comboupdate.html
Mac OS X Server 10.5.3 Update:
http://www.apple.com/support/downloads/macosxserver1053update.html
:: Riferimenti
Apple - About the Security Update 2008-003
http://support.apple.com/kb/HT1897
FrSirt
http://www.frsirt.com/english/advisories/2008/1697/
Secunia
http://secunia.com/advisories/29420/
Security Focus
http://www.securityfocus.com/bid/29412
http://www.securityfocus.com/bid/26840
http://www.securityfocus.com/bid/28632
http://www.securityfocus.com/bid/28633
http://www.securityfocus.com/bid/28629
US-CERT - Technical Cyber Security Alert TA08-079A
http://www.uscert.gov/cas/techalerts/TA08-150A.htmll
Mitre's CVE ID:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1027
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3352
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3357
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3747
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1863
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3847
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4465
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5000
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6388
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1028
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1577
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1575
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1580
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1030
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1031
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1032
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1033
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5275
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6243
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6637
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6019
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0071
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1655
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1654
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1034
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1035
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1036
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1571
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1572
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1573
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5266
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1574
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0177
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6359
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1576
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6612
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1578
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1579
-----BEGIN PGP SIGNATURE-----
iQCVAwUBSD/ThPOB+SpikaiRAQKM0AP+I+7pqLzEvml60vYoS1NGShPkzeDJ56+B
3ebFulYr3X9S9FmfJQKj4K600evHUxDYMW/MfSSiMxjuM26rFECEH8GnSl2EhOQd
cbrbZO+fOpAjbGqOKtwnOdiANPNBlfoIi/EhVdiliJJ5NrAvMJxqXotwELVnW40w
wKVrbBabFAk=
=muD4
-----END PGP SIGNATURE-----