About the security content of Security Update 2009-002/Mac OS X v10.5.7

This document describes the security content of Security Update 2009-002/Mac OS X v10.5.7, which can be downloaded and installed via Software Update preferences, or from Apple Downloads.

For the protection of our customers, Apple does not disclose, discuss or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To find out more about Apple Product Security, see the Apple Product Security website.

For information about the Apple Product Security PGP Key, see "How to use the Apple Product Security PGP Key."

Where possible, CVE IDs are used to reference the vulnerabilities for further information.

To find out more about other Security Updates, see "Apple Security Updates".

Security Update 2009-002/Mac OS X v10.5.7

  • Apache

    CVE-ID: CVE-2008-2939

    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11

    Impact: visiting a malicious website via a proxy may result in cross-site scripting

    Description: an input validation issue exists in Apache’s handling of FTP proxy requests containing wildcard characters. Visiting a malicious website via an Apache proxy may result in a cross-site scripting attack. This update addresses the issue by applying the Apache patch for version 2.0.63. Further information is available via the Apache website at http://httpd.apache.org/ Apache 2.0.x only comes with Mac OS X Server v10.4.x systems. Mac OS X v10.5.x and Mac OS X Server v10.5.x come with Apache 2.2.x.

  • Apache

    CVE-ID: CVE-2008-2939

    Available for: Mac OS X v10.5 to v10.5.6, Mac OS X Server v10.5 to v10.5.6

    Impact: visiting a malicious website via a proxy may result in cross-site scripting

    Description: an input validation issue exists in Apache 2.2.9’s handling of FTP proxy requests containing wildcard characters. Visiting a malicious website via an Apache proxy may result in a cross-site scripting attack. This update addresses the issue by updating Apache to version 2.2.11. Further information is available via the Apache website at http://httpd.apache.org/

  • Apache

    CVE-ID: CVE-2008-0456

    Available for: Mac OS X v10.5 to v10.5.6, Mac OS X Server v10.5 to v10.5.6

    Impact: websites that allow users to control the name of a served file may be vulnerable to HTTP response injection

    Description: a request forgery issue exists in Apache. Apache does not escape filenames when negotiating the correct content type to send to a remote browser. A user who can publish files with specially crafted names to a website can substitute their own response for any web page hosted on the system. This update addresses the issue by escaping filenames in content negotiation responses.

  • ATS

    CVE-ID: CVE-2009-0154

    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 to v10.5.6, Mac OS X Server v10.5 to v10.5.6

    Impact: viewing or downloading a document containing a maliciously crafted embedded CFF font may lead to arbitrary code execution

    Description: a heap buffer overflow exists in Apple Type Services’ handling of Compact Font Format (CFF) fonts. Viewing or downloading a document containing a maliciously crafted embedded CFF font may lead to arbitrary code execution. This update addresses the issue through improved bounds checking. Credit to Charlie Miller of Independent Security Evaluators working with TippingPoint’s Zero Day Initiative for reporting this issue.

  • BIND

    CVE-ID: CVE-2009-0025

    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 to v10.5.6, Mac OS X Server v10.5 to v10.5.6

    Impact: BIND is susceptible to a spoofing attack if configured to use DNSSEC

    Description: BIND incorrectly checks the return value of the OpenSSL DSA_do_verify function. On systems using the DNS Security Extensions (DNSSEC) protocol, a maliciously crafted DSA certificate could bypass the validation, which may lead to a spoofing attack. By default, DNSSEC is not enabled. This update addresses the issue by updating BIND to version 9.3.6-P1 on Mac OS X v10.4, and version 9.4.3-P1 for Mac OS X v10.5 systems. Further information is available via the ISC website at https://www.isc.org/

  • CFNetwork

    CVE-ID: CVE-2009-0144

    Available for: Mac OS X v10.5 to v10.5.6, Mac OS X Server v10.5 to v10.5.6

    Impact: applications that use CFNetwork may send secure cookies in unencrypted HTTP requests

    Description: an implementation issue exists in CFNetwork’s parsing of Set-Cookie headers, which may result in certain cookies being unexpectedly sent over a non-encrypted connection. This issue affects non-RFC compliant Set-Cookie headers that are accepted for compatibility reasons. This may result in applications that use CFNetwork, such as Safari, sending sensitive information in unencrypted HTTP requests. This update addresses the issue through improved parsing of Set-Cookie headers. This issue does not affect systems prior to Mac OS X v10.5. Credit to Andrew Mortensen of the University of Michigan for reporting this issue.

  • CFNetwork

    CVE-ID: CVE-2009-0157

    Available for: Mac OS X v10.5 to v10.5.6, Mac OS X Server v10.5 to v10.5.6

    Impact: visiting a malicious website may lead to an unexpected application termination or arbitrary code execution

    Description: a heap buffer overflow exists in the handling of overly long HTTP headers in CFNetwork. Visiting a malicious website may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of HTTP headers. This issue does not affect systems prior to Mac OS X v10.5. Credit to Moritz Jodeit of n.runs AG for reporting this issue.

  • CoreGraphics

    CVE-ID: CVE-2009-0145

    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 to v10.5.6, Mac OS X Server v10.5 to v10.5.6

    Impact: opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution

    Description: multiple memory corruption issues exist in CoreGraphics’ handling of PDF files. opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issues through improved bounds and error checking.

  • CoreGraphics

    CVE-ID: CVE-2009-0155

    Available for: Mac OS X v10.5 to v10.5.6, Mac OS X Server v10.5 to v10.5.6

    Impact: opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution

    Description: an integer underflow in CoreGraphics’ handling of PDF files may result in a heap buffer overflow. opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. This issue does not affect systems prior to Mac OS X v10.5. Credit to Barry K. Nathan and Christian Kohlschutter of L3S Research Center for reporting this issue.

  • CoreGraphics

    CVE-ID: CVE-2009-0146, CVE-2009-0147, CVE-2009-0165

    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 to v10.5.6, Mac OS X Server v10.5 to v10.5.6

    Impact: viewing or downloading a PDF file containing a maliciously crafted JBIG2 stream may lead to an unexpected application termination or arbitrary code execution

    Description: multiple heap buffer overflows exist in CoreGraphics’ handling of PDF files containing JBIG2 streams. Viewing or downloading a PDF file containing a maliciously crafted JBIG2 stream may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. Credit to Apple, Alin Rad Pop of Secunia Research, and Will Dormann of CERT/CC for reporting this issue.

  • Cscope

    CVE-ID: CVE-2009-0148

    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 to v10.5.6, Mac OS X Server v10.5 to v10.5.6

    Impact: processing a maliciously crafted source file with Cscope may lead to an unexpected application termination or arbitrary code execution

    Description: a stack buffer overflow exists in Cscope‘s handling of long file system path names. Using Cscope to process a maliciously crafted source file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking.

  • CUPS

    CVE-ID: CVE-2009-0164

    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 to v10.5.6, Mac OS X Server v10.5 to v10.5.6

    Impact: visiting a maliciously crafted website may lead to unauthorised access of the Web Interface of CUPS

    Description: under certain circumstances, the Web Interface of CUPS 1.3.9 and earlier may be accessible to attackers through DNS rebinding attacks. In the default configuration, this may allow a maliciously crafted website to start and stop printers, and access information about printers and jobs. This update addresses the issue by performing additional validation of the Host header. Credit: Apple.

  • Disk Images

    CVE-ID: CVE-2009-0150

    Available for: Mac OS X v10.5 to v10.5.6, Mac OS X Server v10.5 to v10.5.6

    Impact: mounting a maliciously crafted disk image may lead to an unexpected application termination or arbitrary code execution

    Description: a stack buffer overflow exists in the handling of disk images. Mounting a maliciously crafted sparse disk image may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. This issue does not affect systems prior to Mac OS X v10.5. Credit to Tiller Beauchamp of IOActive for reporting this issue.

  • Disk Images

    CVE-ID: CVE-2009-0149

    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 to v10.5.6, Mac OS X Server v10.5 to v10.5.6

    Impact: mounting a maliciously crafted disk image may lead to an unexpected application termination or arbitrary code execution

    Description: multiple memory corruption issues exist in the handling of disk images. Mounting a maliciously crafted sparse disk image may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. Credit: Apple.

  • enscript

    CVE-ID: CVE-2004-1184, CVE-2004-1185, CVE-2004-1186, CVE-2008-3863

    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 to v10.5.6, Mac OS X Server v10.5 to v10.5.6

    Impact: multiple vulnerabilities in enscript

    Description: enscript is updated to version 1.6.4 to address several vulnerabilities, the most serious of which may lead to arbitrary code execution. Further information is available via the gnu website at http://www.gnu.org/software/enscript/

  • Flash Player plug-in

    CVE-ID: CVE-2009-0519, CVE-2009-0520, CVE-2009-0114

    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 to v10.5.6, Mac OS X Server v10.5 to v10.5.6

    Impact: multiple vulnerabilities in Adobe Flash Player plug-in

    Description: multiple issues exist in the Adobe Flash Player plug-in, the most serious of which may lead to arbitrary code execution when viewing a maliciously crafted website. The issues are addressed by updating the Flash Player plug-in on Mac OS v10.5.x systems to version 10.0.22.87, and to version 9.0.159.0 on Mac OS X v10.4.11 systems. Further information is available via the Adobe website at http://www.adobe.com/support/security/bulletins/apsb09-01.html

  • Help Viewer

    CVE-ID: CVE-2009-0942

    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 to v10.5.6, Mac OS X Server v10.5 to v10.5.6

    Impact: accessing a maliciously crafted “help:” URL may lead to arbitrary code execution

    Description: Help Viewer loads Cascading Style Sheets referenced in URL parameters without validating that the referenced style sheets are located within a registered help book. A malicious “help:” URL may be used to invoke arbitrary AppleScript files, which may lead to arbitrary code execution. This update addresses the issue through improved validation of file system paths when loading stylesheets. Credit to Brian Mastenbrook for reporting this issue.

  • Help Viewer

    CVE-ID: CVE-2009-0943

    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 to v10.5.6, Mac OS X Server v10.5 to v10.5.6

    Impact: accessing a maliciously crafted “help:” URL may lead to arbitrary code execution

    Description: Help Viewer does not validate that full paths to HTML documents are within registered help books. A malicious “help:” URL may be used to invoke arbitrary AppleScript files, which may lead to arbitrary code execution. This update addresses the issue through improved validation of “help:” URLs. Credit to Brian Mastenbrook for reporting this issue.

  • iChat

    CVE-ID: CVE-2009-0152

    Available for: Mac OS X v10.5 to v10.5.6, Mac OS X Server v10.5 to v10.5.6

    Impact: iChat AIM communications configured for SSL may downgrade to plaintext

    Description: iChat supports Secure Sockets Layer (SSL) for AOL Instant Messenger and Jabber accounts. iChat automatically disables SSL for AOL Instant Messenger accounts when it is unable to connect, and sends subsequent communications in plain text until SSL is manually re-enabled. A remote attacker with the ability to observe network traffic from an affected system may obtain the contents of AOL Instant Messenger conversations. This update addresses the issue by changing the behaviour of iChat to always attempt to use SSL, and to only use less secure channels if the “Require SSL” preference is not enabled. This issue does not affect systems prior to Mac OS X v10.5, as they do not support SSL for iChat accounts. Credit to Chris Adams for reporting this issue.

  • International Components for Unicode

    CVE-ID: CVE-2009-0153

    Available for: Mac OS X v10.5 to v10.5.6, Mac OS X Server v10.5 to v10.5.6

    Impact: maliciously crafted content may bypass website filters and result in cross-site scripting

    Description: an implementation issue exists in ICU’s handling of certain character encodings. Using ICU to convert invalid byte sequences to Unicode may result in over-consumption, where trailing bytes are considered part of the original character. This may be leveraged by an attacker to bypass filters on websites that attempt to mitigate cross-site scripting. This update addresses the issue through improved handling of invalid byte sequences. This issue does not affect systems prior to Mac OS X v10.5. Credit to Chris Weber of Casaba Security for reporting this issue.

  • IPSec

    CVE-ID: CVE-2008-3651, CVE-2008-3652

    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 to v10.5.6, Mac OS X Server v10.5 to v10.5.6

    Impact: multiple vulnerabilities in the racoon daemon may lead to a denial of service

    Description: multiple memory leaks exist in the racoon daemon in ipsec-tools before 0.7.1, which may lead to a denial of service. This update addresses the issues through improved memory management.

  • Kerberos

    CVE-ID: CVE-2009-0845

    Available for: Mac OS X v10.5 to v10.5.6, Mac OS X Server v10.5 to v10.5.6

    Impact: processing a maliciously crafted authentication packet may lead to a denial of service of a Kerberos-enabled program

    Description: a null pointer dereference issue exists in the Kerberos SPNEGO support. Processing a maliciously crafted authentication packet may lead to a denial of service of a Kerberos-enabled program. This update addresses the issue by adding a check for a null pointer. This issue does not affect systems prior to Mac OS X v10.5.

  • Kerberos

    CVE-ID: CVE-2009-0846, CVE-2009-0847

    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 to v10.5.6, Mac OS X Server v10.5 to v10.5.6

    Impact: processing a maliciously crafted ASN.1 encoded message may lead to a denial of service of a Kerberos-enabled program or arbitrary code execution

    Description: multiple memory corruption issues exist in Kerberos’ handling of ASN.1 encoded messages. Processing a maliciously crafted ASN.1 encoded message may lead to a denial of service of a Kerberos-enabled program or arbitrary code execution. Further information on the issues and the patches applied is available via the MIT Kerberos website at http://web.mit.edu/Kerberos/

  • Kerberos

    CVE-ID: CVE-2009-0844

    Available for: Mac OS X v10.5 to v10.5.6, Mac OS X Server v10.5 to v10.5.6

    Impact: processing a maliciously crafted Kerberos data packet may lead to a denial of service of a Kerberos-enabled program

    Description: an out-of-bounds memory access exists in Kerberos. Processing a maliciously crafted Kerberos data packet may lead to a denial of service of a Kerberos-enabled program. This update addresses the issue through improved bounds checking. This issue does not affect systems prior to Mac OS X v10.5. Credit: Apple.

  • Kernel

    CVE-ID: CVE-2008-1517

    Available for: Mac OS X v10.5 to v10.5.6, Mac OS X Server v10.5 to v10.5.6

    Impact: a local user may obtain system privileges

    Description: an unchecked index issue exists in the kernel’s handling of work queues, which may lead to an unexpected system shutdown or arbitrary code execution with Kernel privileges. This update addresses the issue through improved index checking. Credit to an anonymous researcher working with Verisign iDefense VCP for reporting this issue.

  • Launch Services

    CVE-ID: CVE-2009-0156

    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 to v10.5.6, Mac OS X Server v10.5 to v10.5.6

    Impact: downloading a maliciously crafted Mach-O executable may cause Finder to repeatedly terminate and relaunch

    Description: an out-of-bounds memory read access exists in Launch Services. Downloading a maliciously crafted Mach-O executable may cause the Finder to repeatedly terminate and relaunch. This update addresses the issue through improved bounds checking.

  • libxml

    CVE-ID: CVE-2008-3529

    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 to v10.5.6, Mac OS X Server v10.5 to v10.5.6

    Impact: visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: a heap buffer overflow exists in libxml’s handling of long entity names. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking.

  • Net-SNMP

    CVE-ID: CVE-2008-4309

    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 to v10.5.6, Mac OS X Server v10.5 to v10.5.6

    Impact: a remote attacker may terminate the operation of the SNMP service

    Description: an integer overflow exists in the netsnmp_create_subtree_cache function. By sending a maliciously crafted SNMPv3 packet, an attacker may cause the SNMP server to terminate, denying service to legitimate clients. This update addresses the issue by applying the Net-SNMP patches on Mac OS X v10.4.11 systems, and by updating net_snmp to version 5.4.2.1 on Mac OS X v10.5.x systems. The SNMP service is not enabled by default on Mac OS X or Mac OS X Server.

  • Network Time

    CVE-ID: CVE-2009-0021

    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 to v10.5.6, Mac OS X Server v10.5 to v10.5.6

    Impact: Network Time is susceptible to a spoofing attack if NTP authentication is enabled

    Description: the ntpd daemon incorrectly checks the return value of the OpenSSL EVP_VerifyFinal function. On systems using NTPv4 authentication, this may allow a maliciously crafted signature to bypass the cryptographic signature validation, which may lead to a time spoofing attack. By default, NTP authentication is not enabled. This update addresses the issue by correctly checking the return value of the EVP_VerifyFinal function.

  • Network Time

    CVE-ID: CVE-2009-0159

    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 to v10.5.6, Mac OS X Server v10.5 to v10.5.6

    Impact: using the ntpq command to request peer information from a malicious remote time server may lead to an unexpected application termination or arbitrary code execution

    Description: a stack buffer overflow exists in the ntpq program. When the ntpq program is used to request peer information from a remote time server, a maliciously crafted response may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. Credit: Apple.

  • Networking

    CVE-ID: CVE-2008-3530

    Available for: Mac OS X v10.5 to v10.5.6, Mac OS X Server v10.5 to v10.5.6

    Impact: a remote user may be able to cause an unexpected system shutdown

    Description: when IPv6 support is enabled, IPv6 nodes use ICMPv6 to report errors encountered while processing packets. An implementation issue in the handling of incoming ICMPv6 “Packet Too Big” messages may cause an unexpected system shutdown. This update addresses the issue through improved handling of ICMPv6 messages.

  • OpenSSL

    CVE-ID: CVE-2008-5077

    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 to v10.5.6, Mac OS X Server v10.5 to v10.5.6

    Impact: a man-in-the-middle attacker may be able to impersonate a trusted server or user in applications using OpenSSL for SSL certificate verification

    Description: several functions within the OpenSSL library incorrectly check the result value of the EVP_VerifyFinal function. A man-in-the-middle attacker may be able to impersonate a trusted server or user in applications using OpenSSL for SSL certificate verification for DSA and ECDSA keys. This update addresses the issue by correctly checking the return value of the EVP_VerifyFinal function.

  • PHP

    CVE-ID: CVE-2008-3659, CVE-2008-2829, CVE-2008-3660, CVE-2008-2666, CVE-2008-2371, CVE-2008-2665, CVE-2008-3658, CVE-2008-5557

    Available for: Mac OS X v10.5 to v10.5.6, Mac OS X Server v10.5 to v10.5.6

    Impact: multiple vulnerabilities in PHP 5.2.6

    Description: PHP is updated to version 5.2.8 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. Further information is available via the PHP website at http://www.php.net/

  • QuickDraw Manager

    CVE-ID: CVE-2009-0160

    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 to v10.5.6, Mac OS X Server v10.5 to v10.5.6

    Impact: opening a maliciously crafted PICT image may lead to an unexpected application termination or arbitrary code execution

    Description: a memory corruption issue exists in QuickDraw’s handling of PICT images. Opening a maliciously crafted PICT image may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of PICT images. Credit: Apple.

  • QuickDraw ManagerCVE-ID: CVE-2009-0010Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 to v10.5.6, Mac OS X Server v10.5 to v10.5.6Impact: opening a maliciously crafted PICT image may lead to an unexpected application termination or arbitrary code executionDescription: an integer underflow in the handling of PICT images may result in a heap buffer overflow. Opening a maliciously crafted PICT file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of PICT images. Credit to Damian Put and Sebastian Apelt working with TippingPoint’s Zero Day Initiative, and Chris Ries of Carnegie Mellon University Computing Services for reporting this issue.

  • ruby

    CVE-ID: CVE-2008-3443, CVE-2008-3655, CVE-2008-3656, CVE-2008-3657, CVE-2008-3790

    Available for: Mac OS X v10.5 to v10.5.6, Mac OS X Server v10.5 to v10.5.6

    Impact: multiple vulnerabilities in Ruby 1.8.6

    Description: multiple vulnerabilities exist in Ruby 1.8.6. This update addresses the issues by updating Ruby to version 1.8.6-p287. Further information is available via the Ruby website at http://www.ruby-lang.org/en/security/

  • ruby

    CVE-ID: CVE-2009-0161

    Available for: Mac OS X v10.5 to v10.5.6, Mac OS X Server v10.5 to v10.5.6

    Impact: Ruby programs may accept revoked certificates

    Description: an incomplete error check exists in Ruby’s use of the OpenSSL library. The OpenSSL::OCSP Ruby module may interpret an invalid response as an OCSP validation of the certificate. This update addresses the issue through improved error checking while verifying OCSP responses.

  • Safari

    CVE-ID: CVE-2009-0162

    Available for: Mac OS X v10.5 to v10.5.6, Mac OS X Server v10.5 to v10.5.6

    Impact: accessing a maliciously crafted “feed:” URL may lead to arbitrary code execution

    Description: multiple input validation issues exist in Safari’s handling of “feed:” URLs. Accessing a maliciously crafted “feed:” URL may lead to the execution of arbitrary JavaScript. This update addresses the issues by performing additional validation of “feed:” URLs. These issues do not affect systems prior to Mac OS X v10.5. Credit to Billy Rios of Microsoft Vulnerability Research (MSVR) and Alfredo Melloni for reporting these issues.

  • Spotlight

    CVE-ID: CVE-2009-0944

    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 to v10.5.6, Mac OS X Server v10.5 to v10.5.6

    Impact: downloading a maliciously crafted Microsoft Office file may lead to an unexpected application termination or arbitrary code execution

    Description: multiple memory corruption issues exist in the Mac OS X Microsoft Office Spotlight Importer. Downloading a maliciously crafted Microsoft Office file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of Microsoft Office files.

  • system_cmds

    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 to v10.5.6, Mac OS X Server v10.5 to v10.5.6

    Impact: the “login” command always runs the default shell with normal priority

    Description: the “login” command starts an interactive shell after a local user has been authenticated. The priority level for the interactive shell is reset to the system default, which can cause the shell to run with an unexpectedly high priority. This update addresses the issue by respecting the priority setting of the calling process if the caller is the superuser or the user who was successfully logged in.

  • telnet

    CVE-ID: CVE-2009-0158

    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 to v10.5.6, Mac OS X Server v10.5 to v10.5.6

    Impact: connecting to a TELNET server with a very long canonical name in its DNS address record may lead to an unexpected application termination or arbitrary code execution

    Description: a stack buffer overflow exists in telnet command. Connecting to a TELNET server with a very long canonical name in its DNS address record may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. Credit: Apple.

  • Terminal

    CVE-ID: CVE-2009-1717

    Available for: Mac OS X v10.5 to v10.5.6, Mac OS X Server v10.5 to v10.5.6

    Impact: using Terminal to connect to a remote system may lead to an unexpected application termination or arbitrary code execution

    Description: an integer overflow in the handling of Terminal window sizes may result in a heap buffer overflow. Using Terminal to connect to a remote system, for example by opening a “telnet:” URL, may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by limiting Terminal window widths to 2048 characters. This issue does not affect systems prior to Mac OS X v10.5. Credit to Rob King of TippingPoint DVLabs for reporting the issue.

  • WebKit

    CVE-ID: CVE-2009-0945

    Available for: Mac OS X v10.5 to v10.5.6, Mac OS X Server v10.5 to v10.5.6

    Impact: visiting a maliciously crafted website may lead to arbitrary code execution

    Description: a memory corruption issue exists in WebKit’s handling of SVGList objects. Visiting a maliciously crafted website may lead to arbitrary code execution. This update addresses the issue through improved bounds checking. For Mac OS X v10.4.11 and Mac OS X Server v10.4.11, updating to Safari 3.2.3 will address this issue. Credit to Nils working with TippingPoint’s Zero Day Initiative for reporting this issue.

  • X11

    CVE-ID: CVE-2006-0747, CVE-2007-2754

    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11

    Impact: multiple vulnerabilities in FreeType v2.1.4

    Description: multiple vulnerabilities exist in FreeType v2.1.4, the most serious of which may lead to arbitrary code execution when processing a maliciously crafted font. This update addresses the issues by updating FreeType to version 2.3.8. Further information is available via the FreeType website at http://www.freetype.org/ The issues are already addressed in systems running Mac OS X v10.5.6.

  • X11

    CVE-ID: CVE-2008-2383

    Available for: Mac OS X v10.5 to v10.5.6, Mac OS X Server v10.5 to v10.5.6

    Impact: displaying maliciously crafted data within an xterm terminal may lead to arbitrary code execution

    Description: the xterm program supports a command sequence known as DECRQSS that can be used to return information about the current terminal. The information returned is sent as terminal input similar to keyboard input by a user. Within an xterm terminal, displaying maliciously crafted data containing such sequences may result in command injection. This update addresses the issue by performing additional validation of the output data. This issue does not affect systems prior to Mac OS X v10.5.

  • X11

    CVE-ID: CVE-2008-1382, CVE-2009-0040

    Available for: Mac OS X v10.5 to v10.5.6, Mac OS X Server v10.5 to v10.5.6

    Impact: multiple vulnerabilities in libpng version 1.2.26

    Description: multiple vulnerabilities exist in libpng version 1.2.26, the most serious of which may lead to arbitrary code execution. This update addresses the issues by updating libpng to version 1.2.35. Further information is available via the libpng website at http://www.libpng.org/pub/png/libpng.html These issues do not affect systems prior to Mac OS X v10.5.

  • X11

    CVE-ID: CVE-2009-0946

    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 to v10.5.6, Mac OS X Server v10.5 to v10.5.6

    Impact: multiple vulnerabilities in FreeType v2.3.8

    Description: multiple integer overflows exist in FreeType v2.3.8, which may lead to an unexpected application termination or arbitrary code execution. This update addresses the issues through improved bounds checking. Credit to Tavis Ormandy of the Google Security Team for reporting these issues.

Important: Mention of third-party websites and products is for informational purposes only and constitutes neither an endorsement nor a recommendation. Apple assumes no responsibility with regard to the selection, performance or use of information or products found at third-party websites. Apple only provides this as a convenience to our users. Apple has not tested the information found on these sites and makes no representations regarding its accuracy or reliability. There are risks inherent in the use of any information or products found on the internet, and Apple assumes no responsibility in this regard. Please understand that a third-party site is independent from Apple and that Apple has no control over the content on that website. Please contact the vendor for additional information.

Published Date: