Mac OS X Safari Has an Unspecified Security Flaw
|
|
SecurityTracker Alert ID: 1009253
|
|
CVE Reference: CAN-2004-0092
(Links to External Site)
|
Date: Feb 28 2004
|
Impact: Not specified
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Description: A vulnerability was reported in the Mac OS X Safari web browser. The impact was not specified.
In January 2004, Apple reported that a security flaw in Safari required a security enhancement. No details were provided.
|
Impact: The impact was not specified.
|
Solution: The vendor has issued a fix as part of Security Update 2004-01-26, availalble at:
* Software Update pane in System Preferences
* Apple's Software Downloads web site:
Mac OS X 10.3.2 Client
======================
http://www.info.apple.com/kbnum/n120301
The download file is named: "SecurityUpd2004-01-26Pan.dmg"
Its SHA-1 digest is: 8977b3420a6343d53b79f23c409a601d269d87a4
Mac OS X 10.3.2 Server
======================
http://www.info.apple.com/kbnum/n120300
The download file is named:
"SecUpdSrvr2004-01-26Pan.dmg"
Its SHA-1 digest is: 15bfa92c439c6fee1e690703359778cefabf58d7
Mac OS X 10.2.8 Client
======================
http://www.info.apple.com/kbnum/n120302
The download file is named: "SecurityUpd2004-01-26Jag.dmg"
Its SHA-1 digest is: 365401ca71387a45a34ecab5ec7278b62e3089b3
Mac OS X 10.2.8 Server
======================
http://www.info.apple.com/kbnum/n120304
The download file is named: "SecUpdSrvr2004-01-26Jag.dmg"
Its SHA-1 digest
is: 605578cbf0d6005ee5f6b474026b908e47175268
Mac OS X 10.1.5 Client and Server
=================================
http://www.info.apple.com/kbnum/n120303
The download file is named: "SecurityUpd2004-01-26P.dmg"
Its SHA-1 digest is:
7c7f55d675a19957bce3c5aeaa985652a8c59d7b
|
Vendor URL: docs.info.apple.com/article.html?artnum=61798 (Links to External Site)
|
Cause: Not specified
|
Underlying OS: UNIX (OS X)
|
Underlying OS Comments: 10.2.8, 10.3.2
|
Reported By: Apple Product Security <product-security@apple.com>
|
Message History:
None.
|
Source Message Contents
|
Date: Mon, 26 Jan 2004 16:26:51 -0800
From: Apple Product Security <product-security@apple.com>
Subject: APPLE-SA-2004-01-26 Security Update 2004-01-26
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2004-01-26 Security Update 2004-01-26
Security Update 2004-01-26 is now available. It contains security
enhancements for the following:
AFP Server: Improves AFP over the 2003-12-19 security update.
Apache 1.3: Fixes CAN-2003-0542, a buffer overflow in the mod_alias
and mod_rewrite modules of the Apache webserver.
Apache 2: Fixes CAN-2003-0542 and CAN-2003-0789 by updating Apache
2.0.47 to 2.0.48. Installed only on Server systems.
Classic: Fixes CAN-2004-0089 to improve the handling of environment
variables. Credit to Dave G. of @stake for reporting this issue.
Mail: Fixes CAN-2004-0085 and CAN-2004-0086 to deliver security
enhancements to Apple's mail application. Credit to Jim Roepcke
for reporting CAN-2004-0086.
Safari: Fixes CAN-2004-0092 by delivering security enhancements to
the Safari web browser.
System Configuration: Fixes CAN-2004-0087 and CAN-2004-0088 where the
SystemConfiguration subsystem allowed remote non-admin users to
change network setting and make configuration changes to configd.
Credit to Dave G. from @stake for reporting these issues.
Windows File Sharing: Fixes CAN-2004-0090 where Windows file sharing
did not shutdown properly.
================================================
Security Update 2004-01-26 is available for the following systems:
- Mac OS X 10.1.5 "Puma" and Mac OS X Server 10.1.5
- Mac OS X 10.2.8 "Jaguar" and Mac OS X Server 10.2.8
- Mac OS X 10.3.2 "Panther" and Mac OS X Server 10.3.2
The Security Updates web page indicates which fixes are available for
each system, as not all issues apply to each system. Security Update
2003-12-19 has been incorporated into this security update for the
Jaguar and Panther systems.
================================================
Security Update 2004-01-26 may be obtained from:
* Software Update pane in System Preferences
* Apple's Software Downloads web site:
Mac OS X 10.3.2 Client
======================
http://www.info.apple.com/kbnum/n120301
The download file is named: "SecurityUpd2004-01-26Pan.dmg"
Its SHA-1 digest is: 8977b3420a6343d53b79f23c409a601d269d87a4
Mac OS X 10.3.2 Server
======================
http://www.info.apple.com/kbnum/n120300
The download file is named: "SecUpdSrvr2004-01-26Pan.dmg"
Its SHA-1 digest is: 15bfa92c439c6fee1e690703359778cefabf58d7
Mac OS X 10.2.8 Client
======================
http://www.info.apple.com/kbnum/n120302
The download file is named: "SecurityUpd2004-01-26Jag.dmg"
Its SHA-1 digest is: 365401ca71387a45a34ecab5ec7278b62e3089b3
Mac OS X 10.2.8 Server
======================
http://www.info.apple.com/kbnum/n120304
The download file is named: "SecUpdSrvr2004-01-26Jag.dmg"
Its SHA-1 digest is: 605578cbf0d6005ee5f6b474026b908e47175268
Mac OS X 10.1.5 Client and Server
=================================
http://www.info.apple.com/kbnum/n120303
The download file is named: "SecurityUpd2004-01-26P.dmg"
Its SHA-1 digest is: 7c7f55d675a19957bce3c5aeaa985652a8c59d7b
Information will also be posted to the Apple Product Security web
site:
http://www.apple.com/support/security/security_updates.html
This message is signed with Apple's Product Security PGP key, and
details are available at:
http://www.apple.com/support/security/security_pgp.html
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.2
iQEVAwUBQBWwCneI0z6bzFr0AQJq2gf9EnXdvmQv32/FEQ7oD2SMr1CRURt8obxD
/71SE+DFNS07eO8UzExNRy490hkTb8sXEpp9jeDu7hTR00ZH4FpzDX0Ydn5x/LGJ
b/wG2w9WgjVjdBKhykANAb8Pomnrm8sTzQvpfXyQmHr9q7Qt5Idcs7pjaU3UK2J4
gAhe48cBdxktBgjktoNHpZ13oF24yVUi4D0PDEdiab4ZDjJu16sox72+1Us/4cEI
xG5womXWxNXV9iF4wQeubEmsgOG+xKA++wY0At204AyR4i2UCPkynZIB7VvJh+nV
js+l4Ry02jtC+Nj50np3mPRvmLZiaC+zJeB8Vdap7m3yKTwLZ8gpFw==
=2ecE
-----END PGP SIGNATURE-----
_______________________________________________
security-announce mailing list | security-announce@lists.apple.com
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/security-announce
Do not post admin requests to the list. They will be ignored.
|
|
