Fwd: APPLE-SA-2003-03-24 Samba, OpenSSL

• Previous message: bugzillaat_private: "[Full-Disclosure] [RHSA-2003:095-02] New samba packages fix security vulnerabilities"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

----- Forwarded message from Product Security <product-securityat_private> -----

Date: Mon, 24 Mar 2003 14:44:36 -0800
Subject: APPLE-SA-2003-03-24 Samba, OpenSSL
From: Product Security <product-securityat_private>
To: <security-announceat_private>
Message-ID: <BAA4CA53.A2%product-securityat_private>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2003-03-24 Samba, OpenSSL

Security Update 2003-03-24 is now available.  It contains fixes for
recent vulnerabilities in:

   * OpenSSL:  Fixes CAN-2003-0147, a timing attack on RSA keys.

   * Samba:  Fixes CAN-2003-0085 and CAN-2003-0086 which could allow
unauthorized remote access to the host system.  The built-in Windows
file sharing in Mac OS X is based on Samba.  Windows file sharing is
off by default in Mac OS X, but it is recommended that all users
install this Security Update.

Note:  This update only applies the security fixes to the
currently-shipping 2.2.3 version of Samba on Mac OS X 10.2.4, and the
Samba version is otherwise unchanged.  The presence of the following
file indicates that the update has been applied:
/Library/Receipts/SecurityUpd2003-03-24.pkg


Affected systems:  Mac OS X 10.2.4 and earlier
                   Mac OS X Server 10.2.4 and earlier

System requirements:  Mac OS X 10.2.4 or Mac OS X Server 10.2.4

Customers with earlier Mac OS X versions are encouraged to either
upgrade to Mac OS X 10.2.4, or visit the Samba and OpenSSL web sites
for information on the available fixes.

Security Update 2003-03-24 may be obtained from:

  * Software Update pane in System Preferences

  * Apple's Software Downloads web site:
      http://www.info.apple.com/kbnum/n120199

To help verify the integrity of Security Update 2003-03-24 from the
Software Downloads web site:

   The download file is titled:  SecurityUpd2003-03-24.dmg
   Its SHA-1 digest is:  0a80081453bca85493fcbaccd6adad222b41809e

Information will also be posted to the Apple Product Security web site:
http://www.apple.com/support/security/security_updates.html

This message is signed with Apple's Product Security PGP key, and
details are available at:
http://www.apple.com/support/security/security_pgp.html

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0

iQEVAwUBPn+J9yFlYNdE6F9oAQLn5wgAovbpUeGt5l94+F0uo+bbF6Qfb/WVG5Kk
3sciromi3Jo/UnAGWyloFU/o1DZeyqqBgZiqGucwXC2T6M9mkIlf2qSFchkWcyBm
atau0h0ey1gd7KNrfXszwb41jxal4WqYw/rg2h0Dgf+gKZ+ZKd5DDFTuIbCu9jWO
vB7+mW3WJ2zopRjXwEwOTkZApq2wH0DEUbK+R3Qg7B0LvLwKnOK6ATHbN7p2Y7zi
itVYrEcNR5bPDBVu1rzv5TiwoqNrDjBpuuTRvekpK5eugXRCHXhjlZ+XimafvKrj
RwnD3zM+E+vPeDiEL0/dnY+sQ3zyadZxZO8NyFFtmOQEMj/ANeot/A==
=065h
-----END PGP SIGNATURE-----
_______________________________________________
security-announce mailing list | security-announceat_private
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/security-announce
Do not post admin requests to the list. They will be ignored.


----- End forwarded message -----

• Next message: Sir Mordred: "@(#)Mordred Labs advisory - Integer overflow in PHP socket_iovec_alloc() function"
• Previous message: bugzillaat_private: "[Full-Disclosure] [RHSA-2003:095-02] New samba packages fix security vulnerabilities"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Mar 25 2003 - 07:50:37 PST