P-049: Apple Security Update 2004-12-02 Privacy and Legal Notice

CIAC INFORMATION BULLETIN

P-049: Apple Security Update 2004-12-02

 December 3, 2004 22:00 GMT
[REVISED 12 Apr 2005]
[REVISED 15 Aug 2006]
PROBLEM: Apple has released fixes for multiple vulnerabilities. Among them are issues with:
- replay problem in mod_digest_apple
- mod_ssl vulnerabilities
- default Apache configurations
- Apple HFS+ filesystem permits multiple data streams
- Modified Apache 2 configurations
- Appkit flaws
- Cyrus IMAP
- HIToolbox
- Kerberos authentication
- Postfix authentication
- PSNormalizer
- QuickTime Streaming Server
- Safari
- Terminal.app
PLATFORM: Mac OS X v10.2.x and v10.3.x
Mac OS X Servers v10.2.x and v10.3.x
Red Hat Desktop (v. 3)
Red Hat Enterprise Linux AS, ES, WS (v. 2.1 & v. 3)
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
DAMAGE: Varies widely due to the quantity of fixes on this security update.
SOLUTION: View Apple's suggestions for each vulnerability and apply appropriate security update.
VULNERABILITY
ASSESSMENT:		 The risk is LOW. These lean more towards being "bug" fixes for Apache as well as other system components.
LINKS:  
  CIAC BULLETIN: http://www.ciac.org/ciac/bulletins/p-049.shtml
  ORIGINAL BULLETIN: (Security Update 2004-12-02)
http://docs.info.apple.com/article.html?artnum=61798
  ADDITIONAL LINKS: Red Hat RHSA-2005:021-09
https://rhn.redhat.com/errata/RHSA-2005-021.html
Sun Alert ID: 102197
http://www.sunsolve.sun.com/search/document.do?assetkey=1-26-102197-1&searchclause=%22category:security%22%2420%22availability,%2420security%22%2420category:security
  CVE/CAN:: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=
CAN-2003-0020 CAN-2003-0987 CAN-2004-0174 CAN-2004-0488
CAN-2004-0492 CAN-2004-0642 CAN-2004-0643 CAN-2004-0644
CAN-2004-0747 CAN-2004-0748 CAN-2004-0751 CAN-2004-0772
CAN-2004-0786 CAN-2004-0803 CAN-2004-0804 CAN-2004-0885
CAN-2004-0886 CAN-2004-0940 CAN-2004-1081 CAN-2004-1082
CAN-2004-1083 CAN-2004-1084 CAN-2004-1085 CAN-2004-1086
CAN-2004-1087 CAN-2004-1088 CAN-2004-1089 CAN-2004-1121
CAN-2004-1122 CAN-2004-1123 
REVISION HISTORY:
04/12/2005 - revised to add a link to Red Hat RHSA-2005:021-09.
08/15/2006 - Sun Alert ID: 102197 updated its Contributing Factors and Resolution sections and changed its "State" to resolved

   

Visit Apple's Website directly for their published information on their 
Security Update 2004-12-02:
 
http://docs.info.apple.com/article.html?artnum=61798
CIAC wishes to acknowledge the contributions of Apple for the information contained in this bulletin.
DOE-CIRC can be contacted at: 
    Voice:          +1 866-941-2472 (7 x 24)
    E-mail:          doecirc@doecirc.energy.gov
    World Wide Web:  http://www.doecirc.energy.gov/