SillyDog701

by **Antony** » Wed 01 Mar, 2006 6:22 pm

Apple released Security Update 2006-001 Mac OS X 10.4.5

About Security Update 2006-001 Mac OS X 10.4.5 (PPC)
Security Update 2006-001 is recommended for all users and improves the security of the following components.

apache_mod_php
automount
Bom
Directory Services
iChat
IPSec
LaunchServices
LibSystem
loginwindow
OpenSSH
rsync
Safari
Syndication

For detailed information on this Update, please visit this website: http://docs.info.apple.com/article.html?artnum=61798

Security Update 2006-001 Mac OS X 10.4.5 (PPC) (12.5 MB)
:dl:

Security Update 2006-001 Mac OS X 10.4.5 Client (Intel) (22.5 MB)

UserAgent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/417.9 (KHTML, like Gecko) Safari/417.8

by **J-M** » Wed 01 Mar, 2006 6:32 pm

Serious flaw in Safari browser (see http://sillydog.org/forum/viewtopic.php?t=10910 for details) has been reportedly fixed as well:

Report from SANS Internet Storm Center
http://isc.sans.org/diary.php?storyid=1160

ISC says iChat and Mail are also immune now. Time to patch:
http://www.apple.com/support/downloads/

UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.0; fi-FI; rv:1.7.12) Gecko/20050919 Firefox/1.0.7

by **Antony** » Wed 01 Mar, 2006 6:34 pm

Thanks for confirming Safari and iChat, Mail security related issues, J-M.

UserAgent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/417.9 (KHTML, like Gecko) Safari/417.8

by **Antony** » Wed 01 Mar, 2006 7:35 pm

Security Update 2006-001 for Mac OS X 10.3.9 Panther users is also available.

Security Update 2006-001(10.3.9 Client)

About Security Update 2006-001 (Panther Client)
Security Update 2006-001 is recommended for all users and improves the security of the following components.

apache_mod_php
automount
Bom
Directory Services
IPSec
LibSystem
loginwindow
perl
Safari

Additionally, Security Update 2005-008 and Security Update 2005-009 have been incorporated into this security update.

For detailed information on this Update, please visit this website: http://docs.info.apple.com/article.html?artnum=61798

Security Update 2006-001(10.3.9 Client) (25.3 MB)

UserAgent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/417.9 (KHTML, like Gecko) Safari/417.8

by **J-M** » Thu 02 Mar, 2006 8:52 am

There is an exploit code for "passwd" program temporary file creation vulnerability published too.

Details at
http://www.frsirt.com/english/advisories/2006/0791

-> see The fourth issue...

Code was published at
http://www.frsirt.com/exploits/20060301 ... swd.pl.php

late on Wednesday.

UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.0; fi-FI; rv:1.7.12) Gecko/20050919 Firefox/1.0.7

by **J-M** » Thu 02 Mar, 2006 8:56 am

More information about these security issues has been published at Secunia Advisory SA19064; see
http://secunia.com/advisories/19064/

FrSIRT has its advisory FrSIRT/ADV-2006-0791 located at
http://www.frsirt.com/english/advisories/2006/0791

Both of these have highest severity level in use; Secunia says Extremely Critical (5/5) and FrSIRT Critical Risk (4/4).

UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.0; fi-FI; rv:1.7.12) Gecko/20050919 Firefox/1.0.7

by **Pu7o** » Fri 03 Mar, 2006 4:17 am

The Panther version of the security update seems to bump the Safari useragent to v312.6.

UserAgent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/312.8 (KHTML, like Gecko) Safari/312.6

SillyDog701

Security Update 2006-001 available

Security Update 2006-001 available

Who is online