Fwd: APPLE-SA-2003-03-24 Samba, OpenSSL

From: Bryan Blackburn (blb@pobox.com)
Date: 03/25/03

  • Next message: caf@guarana.org: "Re: Buffer overflows in ircII-based clients"
    Date: Mon, 24 Mar 2003 18:39:31 -0700
    From: Bryan Blackburn <blb@pobox.com>
    To: bugtraq@securityfocus.com

    ----- Forwarded message from Product Security <product-security@apple.com> -----

    Date: Mon, 24 Mar 2003 14:44:36 -0800
    Subject: APPLE-SA-2003-03-24 Samba, OpenSSL
    From: Product Security <product-security@apple.com>
    To: <security-announce@lists.apple.com>
    Message-ID: <BAA4CA53.A2%product-security@apple.com>

    Hash: SHA1

    APPLE-SA-2003-03-24 Samba, OpenSSL

    Security Update 2003-03-24 is now available. It contains fixes for
    recent vulnerabilities in:

       * OpenSSL: Fixes CAN-2003-0147, a timing attack on RSA keys.

       * Samba: Fixes CAN-2003-0085 and CAN-2003-0086 which could allow
    unauthorized remote access to the host system. The built-in Windows
    file sharing in Mac OS X is based on Samba. Windows file sharing is
    off by default in Mac OS X, but it is recommended that all users
    install this Security Update.

    Note: This update only applies the security fixes to the
    currently-shipping 2.2.3 version of Samba on Mac OS X 10.2.4, and the
    Samba version is otherwise unchanged. The presence of the following
    file indicates that the update has been applied:

    Affected systems: Mac OS X 10.2.4 and earlier
                       Mac OS X Server 10.2.4 and earlier

    System requirements: Mac OS X 10.2.4 or Mac OS X Server 10.2.4

    Customers with earlier Mac OS X versions are encouraged to either
    upgrade to Mac OS X 10.2.4, or visit the Samba and OpenSSL web sites
    for information on the available fixes.

    Security Update 2003-03-24 may be obtained from:

      * Software Update pane in System Preferences

      * Apple's Software Downloads web site:

    To help verify the integrity of Security Update 2003-03-24 from the
    Software Downloads web site:

       The download file is titled: SecurityUpd2003-03-24.dmg
       Its SHA-1 digest is: 0a80081453bca85493fcbaccd6adad222b41809e

    Information will also be posted to the Apple Product Security web site:

    This message is signed with Apple's Product Security PGP key, and
    details are available at:

    Version: PGP 8.0

    -----END PGP SIGNATURE-----
    security-announce mailing list | security-announce@lists.apple.com
    Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/security-announce
    Do not post admin requests to the list. They will be ignored.

    ----- End forwarded message -----

  • Next message: caf@guarana.org: "Re: Buffer overflows in ircII-based clients"

    Relevant Pages

    • [product-security@apple.com: APPLE-SA-2004-05-03 Security Update 2004-05-03]
      ... Security Update 2004-05-03 is now available and contains security ... Fixes CAN-2004-0429 to improve the handling of large requests ... IPSec in Mac OS X is not vulnerable to ...
    • Re: Mountail Lion Upgrade - not compatible :-(
      ... Security Update 2012-004 is only available for Snow Leopard. ... Lion and Mountain Lion security updates were part of the 10.7.5 and ... That's exactly how security updates for Mac OS X have always worked, ... Still only fixes the Java bug in 10.6.8 non server, ...
    • TidBITS#798/26-Sep-05
      ... Do you have piles of old Mac stuff you don't use? ... Smasher to access old font suitcases. ... its .Mac service and releases Security Update 2005-008, ...
    • Re: I want to be convinced; convince me.
      ... Mac, but I'm having trouble convincing myself to do it. ... Windows 2000 has been very stable for me for many years, ... But, like I said, I haven't used 10.4 with Samba yet. ... Or is it an post-installation manual install? ...
    • Re: Condivisione..
      ... Vorrei sapere se vi sia modo di accedere alle cartelle di un mac da ... senza installare un server samba sul mac... ... cmq non samba serve. ... Sul sito apple c'e scritto piu o meno di fare come si dice nella ...