---- Original Message ---- From: Product Security Date: Fri 8/2/02 20:02 To: security-announceat_private Subject: Security Update 2002-08-02 for OpenSSL, Sun RPC, mod_ssl -----BEGIN PGP SIGNED MESSAGE----- Security Update 2002-08-02 is now available. It contains fixes for recent vulnerabilities in: OpenSSL: Fixes security vulnerabilities CAN-2002-0656, CAN-2002-0657, CAN-2002-0655, and CAN-2002-0659. Details are available via: http://www.cert.org/advisories/CA-2002-23.html mod_ssl: Fixes CAN-2002-0653, an off-by-one buffer overflow in the mod_ssl Apache module. Details are available via: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0653 Sun RPC: Fixes CAN-2002-039, a buffer overflow in the Sun RPC XDR decoder. Details are available via: http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=20823 Affected systems: Mac OS X client and Mac OS X Server Note: Mac OS X client is configured by default to have these services turned off, and is only vulnerable if the user has enabled network services which rely on the affected components. It is still recommended for Mac OS X client users to apply this security update to their system. System requirements: Mac OS X 10.1.5 Security Update 2002-08-02 may be obtained from: * Software Update pane in System Preferences * Apple's Software Downloads web site: http://docs.info.apple.com/article.html?artnum=120139 SSL server: https://depot.info.apple.com/security/129403bc5e184e3b7367.html To help verify the integrity of Security Update 2002-08-02 from the Software Downloads web site: The download file is titled: SecurityUpd2002-08-02.dmg Its SHA-1 digest is: 54f6eebe0398181db8f1129403bc5e184e3b7367 Information will also be posted to the Apple Product Security web site: http://www.apple.com/support/security/security_updates.html This message is signed with Apple's Product Security PGP key, and details are available at: http://www.apple.com/support/security/security_pgp.html -----BEGIN PGP SIGNATURE----- Version: PGP 7.0.3 iQEVAwUBPUsLOiFlYNdE6F9oAQGAigf+JV+lazuko1g4oZSNFTd2puXCtOGQ0M8c 2cZ/BdaEBA8jLGrPkhWuvmMwpN9z6G9chnN8s9EXiavcBG5e/ejtTo3ZHoOGP7bg 789zLQLK2JTB75nc0fNyx2CdfHlEIM00v8c2jXySLlnqF+kzwqVnjUL7i2O97Fk5 tWXLc2dWK2Nf2SUk0/yLgfjceZKEPCPXTpuKYuah/w9NwzL+LsbPcfXA/H1f4ngc vRPc2sn2HYu9IJw/BrMEsDlS8IWHf6ozXdZ9qaVCVRrZlsd9gSSmB2Jba4be/MRX FauTTepMF9+JfCkx+2wtpwWhBcXoJnjwIZXOXwbbRjqXHmzzgu8D/Q== =fdGO -----END PGP SIGNATURE----- _______________________________________________ security-announce mailing list | security-announceat_private Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/security- announce Do not post admin requests to the list. They will be ignored.
This archive was generated by hypermail 2b30 : Sat Aug 03 2002 - 10:17:04 PDT