About the security content of OS X Server v5.0.3

Learn about the security content of OS X Server v5.0.3.

For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.

For information about the Apple Product Security PGP Key, see How to use the Apple Product Security PGP Key.

Where possible, CVE IDs are used to reference the vulnerabilities for further information.

To learn about other Security Updates, see Apple Security Updates.

OS X Server v5.0.3

  • apache

    Available for: OS X Yosemite v10.10.5 or later

    Impact: Multiple vulnerabilities in Apache, the most serious of which may allow a remote attacker to cause a denial of service

    Description: Multiple vulnerabilities existed in Apache versions prior to 2.4.16. These issues were addressed by updating Apache to version 2.4.16.

    CVE-ID

    CVE-2013-5704

    CVE-2014-3581

    CVE-2014-3583

    CVE-2014-8109

    CVE-2015-0228

    CVE-2015-0253

    CVE-2015-3183

    CVE-2015-3185

  • BIND

    Available for: OS X Yosemite v10.10.5 or later

    Impact: Multiple vulnerabilities in BIND, the most severe of which may allow a remote attacker to cause a denial of service

    Description: Multiple vulnerabilities existed in BIND versions prior to 9.9.7. These issues were addressed by updating BIND to version 9.9.7.

    CVE-ID

    CVE-2014-8500

    CVE-2015-1349

  • PostgreSQL

    Available for: OS X Yosemite v10.10.5 or later

    Impact: Multiple vulnerabilities in PostgreSQL, the most serious of which may lead to arbitrary code execution

    Description: Multiple vulnerabilities existed in PostgreSQL versions prior to 9.3.9. These issues were addressed by updating PostgreSQL to version 9.3.9.

    CVE-ID

    CVE-2014-0067

    CVE-2014-8161

    CVE-2015-0241

    CVE-2015-0242

    CVE-2015-0243

    CVE-2015-0244

    CVE-2015-3165

    CVE-2015-3166

    CVE-2015-3167

  • Wiki Server

    Available for: OS X Yosemite v10.10.5 or later

    Impact: Multiple XML security issues in Wiki Server

    Description: Multiple XML vulnerabilities existed in Wiki Server based on Twisted. This issue was addressed by removing Twisted.

    CVE-ID

    CVE-2015-5911 : Zachary Jones of WhiteHat Security Threat Research Center

Information about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. Risks are inherent in the use of the Internet. Contact the vendor for additional information. Other company and product names may be trademarks of their respective owners.

Published Date: