Fwd: APPLE-SA-2003-03-03 sendmail

From: Bryan Blackburn (blbat_private)
Date: Mon Mar 03 2003 - 16:46:50 PST

  • Next message: Muhammad Faisal Rauf Danka: "Fwd: CERT Advisory CA-2003-07 Remote Buffer Overflow in Sendmail" 

    ----- Forwarded message from Product Security <product-securityat_private> -----

Return-Path: <security-announce-adminat_private>
Date: Mon, 03 Mar 2003 14:09:17 -0800
Subject: APPLE-SA-2003-03-03 sendmail
From: Product Security <product-securityat_private>
To: <security-announceat_private>
Message-ID: <BA89128D.8A%product-securityat_private>
Mime-version: 1.0
Content-type: text/plain; charset="US-ASCII"
Content-transfer-encoding: 7bit
List-Subscribe: <http://www.lists.apple.com/mailman/listinfo/security-announce>,
	<mailto:security-announce-requestat_private?subject=subscribe>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2003-03-03 sendmail

Security Update 2003-03-03 is now available.  It contains fixes for the
following potential security issues:

* Sendmail:  Fixes CAN-2002-1337 where a remote attacker could gain
elevated privileges on affected hosts.  Sendmail is not enabled by
default on Mac OS X, so only those systems which have explictly enabled
sendmail are vulnerable.  All customers of Mac OS X, however, are
encouraged to apply this update.

* OpenSSL:  Fixes CAN-2003-0078, where it is theoretically possible for
a third-party to extract the original plaintext of encrypted messages
sent over the network.  Security Update 2003-03-03 applies this fix for
Mac OS X 10.2.4, and customers of earlier Mac OS X versions may obtain
the patch from the OpenSSL web site:
http://www.openssl.org/

Security Update 2003-03-03 may be obtained from:

   * Software Update pane in System Preferences
      (updating from Mac OS X 10.1.5 and 10.2.4)

   - OR -

   * Apple's Software Downloads web site:
   
     Updating from Mac OS X 10.2.4:
        http://www.info.apple.com/kbnum/n120195
     The download file is named: "1024SecUpd2003-03-03.dmg"
     Its SHA-1 digest is: 2eb722f340d4e57aa79bb5422b94d556888cbf38

Security Update 2003-03-03 for Mac OS X 10.1.5 is planned to be
available on March 4.

Information is also posted to the Apple Support web site:
http://docs.info.apple.com/article.html?artnum=61798

This message is signed with Apple's Product Security PGP key, and
details are available at:
http://www.apple.com/support/security/security_pgp.html

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0

iQEVAwUBPmOrFyFlYNdE6F9oAQKKGwf+M/zZAtIErkTeyAvWvJ/JpltKxCpMDsTv
vl0MBWLg/qtF6ZJdFOkwybpvMMzGK67B6MACH+42NMLPVA61iRLX551B5AYaG9Vv
oBzDff89eMPxl+xcx+JK9mgkXRPkpSWw0XZxvLXagjhfWXlGAZbEF399os+/TTQF
xvWOV4X6/v0D1KPmbOPmgRiOzjprS4cmDrI/LcKVkWFDLJVmDJ2LqoomIQmvldZQ
wC3X/xrIqN0UUI368xfi8MTIIGwQmyNLG4SfqMU1GmyldsNCrRbj0PyQcunfUtmL
pYmN6Lui5HI1QshnEQGrB4pcIpzdUrDsQIkW8yVfVMVHibkN/sTXlw==
=0V8+
-----END PGP SIGNATURE-----
_______________________________________________
security-announce mailing list | security-announceat_private
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/security-announce
Do not post admin requests to the list. They will be ignored.


----- End forwarded message -----

    This archive was generated by hypermail 2b30 : Tue Mar 04 2003 - 07:05:02 PST