----- Forwarded message from Product Security <product-securityat_private> ----- Date: Mon, 24 Mar 2003 14:44:36 -0800 Subject: APPLE-SA-2003-03-24 Samba, OpenSSL From: Product Security <product-securityat_private> To: <security-announceat_private> Message-ID: <BAA4CA53.A2%product-securityat_private> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2003-03-24 Samba, OpenSSL Security Update 2003-03-24 is now available. It contains fixes for recent vulnerabilities in: * OpenSSL: Fixes CAN-2003-0147, a timing attack on RSA keys. * Samba: Fixes CAN-2003-0085 and CAN-2003-0086 which could allow unauthorized remote access to the host system. The built-in Windows file sharing in Mac OS X is based on Samba. Windows file sharing is off by default in Mac OS X, but it is recommended that all users install this Security Update. Note: This update only applies the security fixes to the currently-shipping 2.2.3 version of Samba on Mac OS X 10.2.4, and the Samba version is otherwise unchanged. The presence of the following file indicates that the update has been applied: /Library/Receipts/SecurityUpd2003-03-24.pkg Affected systems: Mac OS X 10.2.4 and earlier Mac OS X Server 10.2.4 and earlier System requirements: Mac OS X 10.2.4 or Mac OS X Server 10.2.4 Customers with earlier Mac OS X versions are encouraged to either upgrade to Mac OS X 10.2.4, or visit the Samba and OpenSSL web sites for information on the available fixes. Security Update 2003-03-24 may be obtained from: * Software Update pane in System Preferences * Apple's Software Downloads web site: http://www.info.apple.com/kbnum/n120199 To help verify the integrity of Security Update 2003-03-24 from the Software Downloads web site: The download file is titled: SecurityUpd2003-03-24.dmg Its SHA-1 digest is: 0a80081453bca85493fcbaccd6adad222b41809e Information will also be posted to the Apple Product Security web site: http://www.apple.com/support/security/security_updates.html This message is signed with Apple's Product Security PGP key, and details are available at: http://www.apple.com/support/security/security_pgp.html -----BEGIN PGP SIGNATURE----- Version: PGP 8.0 iQEVAwUBPn+J9yFlYNdE6F9oAQLn5wgAovbpUeGt5l94+F0uo+bbF6Qfb/WVG5Kk 3sciromi3Jo/UnAGWyloFU/o1DZeyqqBgZiqGucwXC2T6M9mkIlf2qSFchkWcyBm atau0h0ey1gd7KNrfXszwb41jxal4WqYw/rg2h0Dgf+gKZ+ZKd5DDFTuIbCu9jWO vB7+mW3WJ2zopRjXwEwOTkZApq2wH0DEUbK+R3Qg7B0LvLwKnOK6ATHbN7p2Y7zi itVYrEcNR5bPDBVu1rzv5TiwoqNrDjBpuuTRvekpK5eugXRCHXhjlZ+XimafvKrj RwnD3zM+E+vPeDiEL0/dnY+sQ3zyadZxZO8NyFFtmOQEMj/ANeot/A== =065h -----END PGP SIGNATURE----- _______________________________________________ security-announce mailing list | security-announceat_private Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/security-announce Do not post admin requests to the list. They will be ignored. ----- End forwarded message -----
This archive was generated by hypermail 2b30 : Tue Mar 25 2003 - 07:50:37 PST