P-276: Apple Security Update 2005-007

P-276: Apple Security Update 2005-007 Privacy and Legal Notice INFORMATION BULLETIN P-276: Apple Security Update 2005-007 [Apple Security Update 2005-007] August 16, 2005 20:00 GMT
[REVISED 18 Aug 2005]


PROBLEM:	Apple released a security update that provides fixes for several security issues.
PLATFORM:	Mac OS X v. 10.3.9 Mac OS X Server v10.3.9 Mac OS X v.10.4.2 Mac OS X Server v10.4.2
DAMAGE:	Various security issues were addressed. These issues have several impacts, including denial of service, local privilege escalation, buffer overflow, execution of arbitrary code, and remote system compromise.
SOLUTION:	Apply the security updates.

VULNERABILITY ASSESSMENT:	The risk is HIGH if running Mac OS X Servers. The risk is MEDIUM if not. Some servers are vulnerable to remote system compromise. Non-servers might open malicious files that could lead to arbitrary code execution.

LINKS:
CIAC BULLETIN:	http://www.ciac.org/ciac/bulletins/p-276.shtml
ORIGINAL BULLETIN:	http://docs.info.apple.com/article.html?artnum=302163
CVE/CAN:	http://www.cve.mitre.org/cgi-bin/cvename.cgi?name= CAN-2005-1344, CAN-2004-0942, CAN-2004-0885, CAN-2004-1083, CAN-2004-1084, CAN-2005-2501, CAN-2005-2502, CAN-2005-2503, CAN-2005-2504, CAN-2005-2505, CAN-2005-2506, CAN-2005-2525, CAN-2005-2526, CAN-2005-2507, CAN-2005-2519, CAN-2005-2513, CAN-2004-1189, CAN-2005-1174, CAN-2005-1175, CAN-2005-1689, CAN-2005-2511, CAN-2005-2509, CAN-2005-2512, CAN-2005-0709, CAN-2005-0710, CAN-2005-0711, CAN-2004-0079, CAN-2004-0112, CAN-2005-2514, CAN-2005-2515, CAN-2005-2516, CAN-2005-2517, CAN-2005-2520, CAN-2005-2518, CAN-2005-2510, CAN-2005-1769, CAN-2005-2095, CAN-2005-2521, CAN-2005-2522, CAN-2005-2523, CAN-2005-0605, CAN-2005-2096, CAN-2005-1849

REVISION HISTORY:
   
   08/18/2005 - Security Update 2005-007 v1.1 replaces Security Update 2005-007 
                v1.0 for Tiger systems Mac OS X v10.4.2.  v1.1 also provides a 
                combined 32 and 64 bit version of LibSystem.


Visit Apple's Website directly for their published information:
	
	http://docs.info.apple.com/article.html?artnum=302163

CIAC wishes to acknowledge the contributions of Apple for the information contained in this bulletin.

DOE-CIRC can be contacted at:

    Voice:          +1 866-941-2472 (7 x 24)
    E-mail:          doecirc@doecirc.energy.gov
    World Wide Web:  http://www.doecirc.energy.gov/