Discussione: Apple rilascia l'aggiornamento 10.6.3 di Mac OS X
View Single Post
Old 30-03-2010, 16:25   #16
_StarGate_
Bannato
 
Iscritto dal: Mar 2010
Messaggi: 15
E' Unix...
Quote:
Originariamente inviato da simon71 Guarda i messaggi
L'unica manutenzione che da tempo immemore si pratica sui Mac dopo installazioni/aggiornamenti software....
Cartella Utility/Utility Disco/Verifica e Ripara Permessi....

OSX è un sistema Unix, non scordarlo...
e' Unix..e' una "garanzia" anche sulla sicurezza
Vulnerabilita' patchate con aggiornamento ad Osx 10.6.3

Solo 720MB di Patch.

http://support.apple.com/kb/HT4077


AppKit
CVE-ID: CVE-2010-0056
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8
Impact: Spell checking a maliciously crafted document may lead to an unexpected application termination or arbitrary code execution



Application Firewall
CVE-ID: CVE-2009-2801
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8
Impact: Certain rules in the Application Firewall may become inactive after restart


AFP Server
CVE-ID: CVE-2010-0057
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2
Impact: When guest access is disabled, a remote user may be able to mount AFP shares as a guest


AFP Server
CVE-ID: CVE-2010-0533
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2
Impact: A remote user with guest access to an AFP share may access the contents of world-readable files outside the Public share


Apache
CVE-ID: CVE-2009-3095
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2
Impact: A remote attacker may be able to bypass access control restrictions


ClamAV
CVE-ID: CVE-2010-0058
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8
Impact: ClamAV virus definitions may not receive updates


CoreAudio
CVE-ID: CVE-2010-0059
Available for: Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2
Impact: Playing maliciously crafted audio content may lead to an unexpected application termination or arbitrary code execution


CoreAudio
CVE-ID: CVE-2010-0060
Available for: Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2
Impact: Playing maliciously crafted audio content may lead to an unexpected application termination or arbitrary code execution


CoreMedia
CVE-ID: CVE-2010-0062
Available for: Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2
Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution


CoreTypes
CVE-ID: CVE-2010-0063
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2
Impact: Users are not warned before opening certain potentially unsafe content types


CUPS
CVE-ID: CVE-2010-0393
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2
Impact: A local user may be able to obtain system privileges


curl
CVE-ID: CVE-2009-2417
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2
Impact: A man-in-the-middle attacker may be able to impersonate a trusted server


curl
CVE-ID: CVE-2009-0037
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8
Impact: Using curl with -L may allow a remote attacker to read or write local files


Cyrus IMAP
CVE-ID: CVE-2009-2632
Available for: Mac OS X Server v10.5.8
Impact: A local user may be able to obtain the privileges of the Cyrus user


Cyrus SASL
CVE-ID: CVE-2009-0688
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8
Impact: An unauthenticated remote attacker may cause unexpected application termination or arbitrary code execution


DesktopServices
CVE-ID: CVE-2010-0064
Available for: Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2
Impact: Items copied in the Finder may be assigned an unexpected file owner


DesktopServices
CVE-ID: CVE-2010-0537
Available for: Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2
Impact: A remote attacker may gain access to user data via a multi-stage attack


Disk Images
CVE-ID: CVE-2010-0065
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2
Impact: Mounting a maliciously crafted disk image may lead to an unexpected application termination or arbitrary code execution


Disk Images
CVE-ID: CVE-2010-0497
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2
Impact: Mounting a maliciously crafted disk image may lead to arbitrary code execution


Directory Services
CVE-ID: CVE-2010-0498
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2
Impact: A local user may obtain system privileges


Dovecot
CVE-ID: CVE-2010-0535
Available for: Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2
Impact: An authenticated user may be able to send and receive mail even if the user is not on the SACL of users who are permitted to do so


Event Monitor
CVE-ID: CVE-2010-0500
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2
Impact: A remote attacker may cause arbitrary systems to be added to the firewall blacklist


FreeRADIUS
CVE-ID: CVE-2010-0524
Available for: Mac OS X Server v10.5.8, Mac OS X Server v10.6 through v10.6.2
Impact: A remote attacker may obtain access to a network via RADIUS authentication


FTP Server
CVE-ID: CVE-2010-0501
Available for: Mac OS X Server v10.5.8, Mac OS X Server v10.6 through v10.6.2
Impact: Users may be able to retrieve files outside the FTP root directory


iChat Server
CVE-ID: CVE-2006-1329
Available for: Mac OS X Server v10.5.8, Mac OS X Server v10.6 through v10.6.2
Impact: A remote attacker may be able to cause a denial of service


iChat Server
CVE-ID: CVE-2010-0502
Available for: Mac OS X Server v10.5.8, Mac OS X Server v10.6 through v10.6.2
Impact: Chat messages may not be logged


iChat Server
CVE-ID: CVE-2010-0503
Available for: Mac OS X Server v10.5.8
Impact: An authenticated user may be able to cause an unexpected application termination or arbitrary code execution


iChat Server
CVE-ID: CVE-2010-0504
Available for: Mac OS X Server v10.5.8, Mac OS X Server v10.6 through v10.6.2
Impact: An authenticated user may be able to cause an unexpected application termination or arbitrary code execution


ImageIO
CVE-ID: CVE-2010-0505
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2
Impact: Viewing a maliciously crafted JP2 image may lead to an unexpected application termination or arbitrary code execution


ImageIO
CVE-ID: CVE-2010-0041
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2
Impact: Visiting a maliciously crafted website may result in sending data from Safari's memory to the website


ImageIO
CVE-ID: CVE-2010-0042
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2
Impact: Visiting a maliciously crafted website may result in sending data from Safari's memory to the website


ImageIO
CVE-ID: CVE-2010-0043
Available for: Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2
Impact: Processing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution




Image RAW
CVE-ID: CVE-2010-0506
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8
Impact: Viewing a maliciously crafted NEF image may lead to an unexpected application termination or arbitrary code execution


Image RAW
CVE-ID: CVE-2010-0507
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2
Impact: Viewing a maliciously crafted PEF image may lead to an unexpected application termination or arbitrary code execution


Libsystem
CVE-ID: CVE-2009-0689
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2
Impact: Applications that convert untrusted data between binary floating point and text may be vulnerable to an unexpected application termination or arbitrary code execution


Mail
CVE-ID: CVE-2010-0508
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2
Impact: Rules associated with a deleted mail account remain in effect


Mail
CVE-ID: CVE-2010-0525
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2
Impact: Mail may use a weaker encryption key for outgoing email


Mailman
CVE-ID: CVE-2008-0564
Available for: Mac OS X Server v10.5.8
Impact: Multiple vulnerabilities in Mailman 2.1.9


MySQL
CVE-ID: CVE-2008-4456, CVE-2008-7247, CVE-2009-2446, CVE-2009-4019, CVE-2009-4030
Available for: Mac OS X Server v10.6 through v10.6.2
Impact: Multiple vulnerabilities in MySQL 5.0.82


OS Services
CVE-ID: CVE-2010-0509
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2
Impact: A local user may be able to obtain elevated privileges


Password Server
CVE-ID: CVE-2010-0510
Available for: Mac OS X Server v10.5.8, Mac OS X Server v10.6 through v10.6.2
Impact: A remote attacker may be able to log in with an outdated password


perl
CVE-ID: CVE-2008-5302, CVE-2008-5303
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8
Impact: A local user may cause arbitrary files to be deleted
PHP
CVE-ID: CVE-2009-3557, CVE-2009-3558, CVE-2009-3559, CVE-2009-4017
Available for: Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2
Impact: Multiple vulnerabilities in PHP 5.3.0


PHP
CVE-ID: CVE-2009-3557, CVE-2009-3558, CVE-2009-3559, CVE-2009-4142, CVE-2009-4143
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8
Impact: Multiple vulnerabilities in PHP 5.2.11


Podcast Producer
CVE-ID: CVE-2010-0511
Available for: Mac OS X Server v10.6 through v10.6.2
Impact: An unauthorized user may be able to access a Podcast Composer workflow


Preferences
CVE-ID: CVE-2010-0512
Available for: Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2
Impact: A network user may be able to bypass system login restrictions


PS Normalizer
CVE-ID: CVE-2010-0513
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2
Impact: Viewing a maliciously crafted PostScript file may lead to an unexpected application termination or arbitrary code execution


QuickTime
CVE-ID: CVE-2010-0062
Available for: Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2
Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution


QuickTime
CVE-ID: CVE-2010-0514
Available for: Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2
Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution




QuickTime
CVE-ID: CVE-2010-0515
Available for: Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2
Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution


QuickTime
CVE-ID: CVE-2010-0516
Available for: Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2
Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution


QuickTime
CVE-ID: CVE-2010-0517
Available for: Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2
Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution


QuickTime
CVE-ID: CVE-2010-0518
Available for: Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2
Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution


QuickTime
CVE-ID: CVE-2010-0519
Available for: Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2
Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution


QuickTime
CVE-ID: CVE-2010-0520
Available for: Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2
Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution


QuickTime
CVE-ID: CVE-2010-0526
Available for: Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2
Impact: Viewing a maliciously crafted MPEG file may lead to an unexpected application termination or arbitrary code execution


Ruby
CVE-ID: CVE-2009-2422, CVE-2009-3009, CVE-2009-4214
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2
Impact: Multiple issues in Ruby on Rails


Ruby
CVE-ID: CVE-2009-1904
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2
Impact: Running a Ruby script that uses untrusted input to initialize a BigDecimal object may lead to an unexpected application termination


Server Admin
CVE-ID: CVE-2010-0521
Available for: Mac OS X Server v10.5.8, Mac OS X Server v10.6 through v10.6.2
Impact: A remote attacker may extract information from Open Directory




Server Admin
CVE-ID: CVE-2010-0522
Available for: Mac OS X Server v10.5.8
Impact: A former administrator may have unauthorized access to screen sharing




SMB
CVE-ID: CVE-2009-2906
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2
Impact: A remote attacker may be able to cause a denial of service


Tomcat
CVE-ID: CVE-2009-0580, CVE-2009-0033, CVE-2009-0783, CVE-2008-5515, CVE-2009-0781, CVE-2009-2901, CVE-2009-2902, CVE-2009-2693
Available for: Mac OS X Server v10.5.8, Mac OS X Server v10.6 through v10.6.2
Impact: Multiple vulnerabilities in Tomcat 6.0.18




unzip
CVE-ID: CVE-2008-0888
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8
Impact: Extracting maliciously crafted zip files using the unzip command tool may lead to an unexpected application termination or code execution




vim
CVE-ID: CVE-2008-2712, CVE-2008-4101, CVE-2009-0316
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8
Impact: Multiple vulnerabilities in vim 7.0




Wiki Server
CVE-ID: CVE-2010-0523
Available for: Mac OS X Server v10.5.8
Impact: Uploading a maliciously crafted applet may lead to the disclosure of sensitive information


Wiki Server
CVE-ID: CVE-2010-0534
Available for: Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2
Impact: An authenticated user may bypass weblog creation restrictions


X11
CVE-ID: CVE-2009-2042
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2




X11
CVE-ID: CVE-2003-0063
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2
Impact: Displaying maliciously crafted data within an xterm terminal may lead to arbitrary code execution


xar
CVE-ID: CVE-2010-0055
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8
Impact: A modified package may appear as validly signed
_StarGate_ è offline   Rispondi citando il messaggio o parte di esso
 
1