AusCERT - AU-2007.0028 -- AusCERT Update - [OSX] - Apple Security Update 2007-09 v1.1

HOME
About AusCERT
Membership
PKI Services
Training
Publications
Sec. Bulletins
Conferences
News & Media
Services
Web Log
Site Map
Site Help
Member login
AU-2007.0028 -- AusCERT Update - [OSX] - Apple Security Update 2007-09 v1.1
Date: 24 December 2007
References: ESB-2008.0054 ESB-2008.0189 ESB-2008.0406

Click here for printable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

AusCERT Update AU-2007.0028 - [OSX]
Apple Security Update 2007-09 v1.1
24 December 2007        AusCERT Update Summary
        ----------------------

Product:              Address Book
                      CFNetwork
                      ColorSync
                      Core Foundation
                      CUPS
                      Desktop Services
                      Flash Player Plug-in
                      GNU Tar
                      iChat
                      IO Storage Family
                      Launch Services
                      Mail
                      perl
                      python
                      Quick Look
                      ruby
                      Safari
                      Samba
                      Shockwave Plug-in
                      SMB
                      Software Update
                      Spin Tracer
                      Spotlight
                      tcpdump
                      XQuery
Publisher:            Apple
Operating System:     Mac OS X
Impact:               Root Compromise
                      Execute Arbitrary Code/Commands
                      Overwrite Arbitrary Files
                      Access Privileged Data
                      Cross-site Scripting
                      Denial of Service
                      Provide Misleading Information
Access:               Remote/Unauthenticated
                      Existing Account
CVE Names:            CVE-2007-6165 CVE-2007-6077 CVE-2007-5863
                      CVE-2007-5861 CVE-2007-5860 CVE-2007-5859
                      CVE-2007-5858 CVE-2007-5857 CVE-2007-5856
                      CVE-2007-5855 CVE-2007-5854 CVE-2007-5853
                      CVE-2007-5851 CVE-2007-5850 CVE-2007-5849
                      CVE-2007-5848 CVE-2007-5847 CVE-2007-5770
                      CVE-2007-5476 CVE-2007-5398 CVE-2007-5380
                      CVE-2007-5379 CVE-2007-5116 CVE-2007-4965
                      CVE-2007-4768 CVE-2007-4767 CVE-2007-4766
                      CVE-2007-4710 CVE-2007-4709 CVE-2007-4708
                      CVE-2007-4572 CVE-2007-4351 CVE-2007-4138
                      CVE-2007-4131 CVE-2007-3876 CVE-2007-3798
                      CVE-2007-1662 CVE-2007-1661 CVE-2007-1660
                      CVE-2007-1659 CVE-2007-1218 CVE-2006-0024

Ref:                  ESB-2007-1019

Original Bulletin:    http://docs.info.apple.com/article.html?artnum=307179

Comment: A new release of the security fix has been released to address
         issues introducted in security update 2007-009.

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Security Update 2007-009 v1.1

Security Update 2007-009 v1.1 is now available for Mac OS X v10.5.1
and Mac OS X v10.4.11.  It addresses an issue introduced in Security
Update 2007-009 that causes an unexpected termination of the Safari
application when browsing to certain web sites.

There is no change to the security content provided in Security
Update 2007-009.  The security content of Security Update 2007-009
and Security Update 2007-009 v1.1 is available via
http://docs.info.apple.com/article.html?artnum=307179

Security Update 2007-009 v1.1 will install over Security Update
2007-009, and its installation is recommended to correct the Safari
issue.

Systems that have not yet installed Security Update 2007-009 only
need to install Security Update 2007-009 v1.1.

Security Update 2007-009 v1.1 may be obtained from the
Software Update pane in System Preferences,
or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/

For Mac OS X v10.5.1
The download file is named:  "SecUpd2007-009.dmg"
Its SHA-1 digest is: 0ba35ef30a525792f1d4015395997b42f524dd38

For Mac OS X v10.4.11 (Universal)
The download file is named:  "SecUpd2007-009Univ.dmg"
Its SHA-1 digest is: 49f52d4f647ea4a1fabef34cccac263bfd03791a

For Mac OS X v10.4.11 (PPC)
The download file is named:  "SecUpd2007-009Ti.dmg"
Its SHA-1 digest is: d1c5c4bc23267dd846bb96e7be69b084579c1bba

Information will also be posted to the Apple Security Updates
web site:
http://docs.info.apple.com/article.html?artnum=61798

This message is signed with Apple's Product Security PGP key,
and details are available at:
http://www.apple.com/support/security/pgp/

- -----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.3 (Build 2932)

iQEVAwUBR2yHqcgAoqu4Rp5tAQiGwQf/Xa8F0NLAhcttdbfOhHwSKY1/Lei5EOdf
y4iA/7GEloHMHwJNk1TiScQSPYdQ1FIvLaucCrdix1QubNdNj1aOReajz3kkpUKB
9cznYdan24Ic5ZeB82eK2nXMaANyRx5egHkir3BjAkg6kGu4AooBh9YXzUeV0sW0
w+YDb2i+90Hih6OGFg8WOFcaHzvttylQ76Q1inbKrnR9yEoleBGz4tsDn4wH6/dI
P/7MqLZnJgJBaQNjGYlR7/nuB1RNS6ZVi766OvZs5p5m1c2/Pr9raEK1DNsaZuZp
Ths7PAtalMPqo94ilQgJbCKMak+CumIgkFtkHUfOjNNtnDBtQwNxZg==
=sHBj
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

If you believe that your computer system has been compromised or attacked in 
any way, we encourage you to let us know by completing the secure National IT 
Incident Reporting Form at:

        http://www.auscert.org.au/render.html?it=3192

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================

-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQCVAwUBR28Q/ih9+71yA2DNAQJzHQQAlmwrt81ldX0WyGXbo2AKDe4psPM+X8t6
+wF0yrOoqthY5WbXxFpKqTnxqgdLXL0kxTgP0ZU9afVy5Lblysn2G3zPmHI7XKKM
zLLyyAdsYll0p8ce5WArIwN2fdN1TtiJLYnsJ7Rd/vKyw2uQYPFuzQA78MDUQhCJ
ZZfIsNfUjyo=
=/fx1
-----END PGP SIGNATURE-----