About the security content of OS X Server v2.2.2

This document describes the security content of OS X Server v2.2.2.

For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.

For information about the Apple Product Security PGP Key, see "How to use the Apple Product Security PGP Key."

Where possible, CVE IDs are used to reference the vulnerabilities for further information.

To learn about other Security Updates, see "Apple Security Updates".

OS X Server v2.2.2

• ClamAV

  Available for: OS X Mountain Lion v10.8 or later

  Impact: Multiple vulnerabilities in ClamAV

  Description: Multiple vulnerabilities existed in ClamAV, the most serious of which may lead to arbitrary code execution. This update addresses the issues by updating ClamAV to version 0.97.8.

  CVE-ID

  CVE-2013-2020

  CVE-2013-2021

• PostgreSQL

  Available for: OS X Mountain Lion v10.8 or later

  Impact: Multiple vulnerabilities in PostgreSQL

  Description: Multiple vulnerabilities existed in PostgreSQL, the most serious of which may lead to data corruption or privilege escalation. This update addresses the issues by updating PostgreSQL to version 9.2.4

  CVE-ID

  CVE-2013-1899

  CVE-2013-1900

  CVE-2013-1901

• Wiki Server

  Available for: OS X Mountain Lion v10.8 or later

  Impact: Multiple vulnerabilities in Wiki Server

  Description: Multiple cross-site scripting issues existed in Wiki Server. These issues were addressed by improved encoding of HTML output.

  CVE-ID

  CVE-2013-1034 : David Hoyt of Hoyt LLC Research