Fiber
Banned
.
Osx 10.5.7 Update patch security Fix
http://support.apple.com/kb/HT3549
CVE-ID: CVE-2009-0154 Impact: Viewing or downloading a document containing a maliciously crafted embedded CFF font may lead to arbitrary code execution
Impact: BIND is susceptible to a spoofing attack if configured to use DNSSEC
Impact: Applications that use CFNetwork may send secure cookies in unencrypted HTTP requests
Impact: Visiting a malicious website may lead to an unexpected application termination or arbitrary code execution
Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution
Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution
Impact: Viewing or downloading a PDF file containing a maliciously crafted JBIG2 stream may lead to an unexpected application termination or arbitrary code execution
Impact: Processing a maliciously crafted source file with Cscope may lead to an unexpected application termination or arbitrary code execution
Impact: Visitin a maliciously crafted web site may lead to unauthorized access of the Web Interface of CUPS
Impact: Mounting a maliciously crafted disk image may lead to an unexpected application termination or arbitrary code execution
Impact: Mounting a maliciously crafted disk image may lead to an unexpected application termination or arbitrary code execution
Impact: Multiple vulnerabilities in enscript
Impact: Multiple vulnerabilities in Adobe Flash Player plug-in
Impact: Accessing a maliciously crafted "help:" URL may lead to arbitrary code execution
Impact: Accessing a maliciously crafted "help:" URL may lead to arbitrary code execution
Impact: iChat AIM communications configured for SSL may downgrade to plaintext
Impact: Maliciously crafted content may bypass website filters and result in cross-site scripting
Impact: Multiple vulnerabilities in the racoon daemon may lead to a denial of service
Impact: Processing a maliciously crafted authentication packet may lead to a denial of service of a Kerberos-enabled program
Impact: Processing a maliciously crafted ASN.1 encoded message may lead to a denial of service of a Kerberos-enabled program or arbitrary code execution
Impact: Processing a maliciously crafted Kerberos data packet may lead to a denial of service of a Kerberos-enabled program
Kernel
CVE-ID: CVE-2008-1517
Available for: Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6
Impact: A local user may obtain system privileges
Launch Services
CVE-ID: CVE-2009-0156
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6
Impact: Downloading a maliciously crafted Mach-O executable may cause Finder to repeatedly terminate and relaunch
Impact: A remote attacker may terminate the operation of the SNMP service
Impact: Network Time is susceptible to a spoofing attack if NTP authentication is enabled
Network Time
CVE-ID: CVE-2009-0159
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6
Impact: Using the ntpq command to request peer information from a malicious remote time server may lead to an unexpected application termination or arbitrary code execution
Networking
CVE-ID: CVE-2008-3530
Available for: Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6
Impact: A remote user may be able to cause an unexpected system shutdown
Impact: A man-in-the-middle attacker may be able to impersonate a trusted server or user in applications using OpenSSL for SSL certificate verification
Impact: Multiple vulnerabilities in PHP 5.2.6
QuickDraw Manager
CVE-ID: CVE-2009-0160
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6
Impact: Opening a maliciously crafted PICT image may lead to an unexpected application termination or arbitrary code execution
ruby
CVE-ID: CVE-2008-3443, CVE-2008-3655, CVE-2008-3656, CVE-2008-3657, CVE-2008-3790
Available for: Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6
Impact: Multiple vulnerabilities in Ruby 1.8.6
Safari
CVE-ID: CVE-2009-0162
Available for: Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6
Impact: Accessing a maliciously crafted "feed:" URL may lead to arbitrary code execution
Spotlight
CVE-ID: CVE-2009-0944
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6
Impact: Downloading a maliciously crafted Microsoft Office file may lead to an unexpected application termination or arbitrary code execution
system_cmds
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6
Impact: The "login" command always runs the default shell with normal priority
Impact: Connecting to a TELNET server with a very long canonical name in its DNS address record may lead to an unexpected application termination or arbitrary code execution
WebKit
CVE-ID: CVE-2009-0945
Available for: Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6
Impact: Visiting a maliciously crafted website may lead to arbitrary code execution
X11
CVE-ID: CVE-2008-2383
Available for: Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6
Impact: Displaying maliciously crafted data within an xterm terminal may lead to arbitrary code execution
Impact: Multiple vulnerabilities in libpng version 1.2.26
Impact: Multiple vulnerabilities in FreeType v2.3.8
SAFARI 3.2.3
Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Impact: Accessing a maliciously crafted "feed:" URL may lead to arbitrary code execution
Impact: Visiting a maliciously crafted website may lead to arbitrary code execution
Osx 10.5.7 Update patch security Fix
http://support.apple.com/kb/HT3549
CVE-ID: CVE-2009-0154 Impact: Viewing or downloading a document containing a maliciously crafted embedded CFF font may lead to arbitrary code execution
Impact: BIND is susceptible to a spoofing attack if configured to use DNSSEC
Impact: Applications that use CFNetwork may send secure cookies in unencrypted HTTP requests
Impact: Visiting a malicious website may lead to an unexpected application termination or arbitrary code execution
Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution
Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution
Impact: Viewing or downloading a PDF file containing a maliciously crafted JBIG2 stream may lead to an unexpected application termination or arbitrary code execution
Impact: Processing a maliciously crafted source file with Cscope may lead to an unexpected application termination or arbitrary code execution
Impact: Visitin a maliciously crafted web site may lead to unauthorized access of the Web Interface of CUPS
Impact: Mounting a maliciously crafted disk image may lead to an unexpected application termination or arbitrary code execution
Impact: Mounting a maliciously crafted disk image may lead to an unexpected application termination or arbitrary code execution
Impact: Multiple vulnerabilities in enscript
Impact: Multiple vulnerabilities in Adobe Flash Player plug-in
Impact: Accessing a maliciously crafted "help:" URL may lead to arbitrary code execution
Impact: Accessing a maliciously crafted "help:" URL may lead to arbitrary code execution
Impact: iChat AIM communications configured for SSL may downgrade to plaintext
Impact: Maliciously crafted content may bypass website filters and result in cross-site scripting
Impact: Multiple vulnerabilities in the racoon daemon may lead to a denial of service
Impact: Processing a maliciously crafted authentication packet may lead to a denial of service of a Kerberos-enabled program
Impact: Processing a maliciously crafted ASN.1 encoded message may lead to a denial of service of a Kerberos-enabled program or arbitrary code execution
Impact: Processing a maliciously crafted Kerberos data packet may lead to a denial of service of a Kerberos-enabled program
Kernel
CVE-ID: CVE-2008-1517
Available for: Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6
Impact: A local user may obtain system privileges
Launch Services
CVE-ID: CVE-2009-0156
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6
Impact: Downloading a maliciously crafted Mach-O executable may cause Finder to repeatedly terminate and relaunch
Impact: A remote attacker may terminate the operation of the SNMP service
Impact: Network Time is susceptible to a spoofing attack if NTP authentication is enabled
Network Time
CVE-ID: CVE-2009-0159
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6
Impact: Using the ntpq command to request peer information from a malicious remote time server may lead to an unexpected application termination or arbitrary code execution
Networking
CVE-ID: CVE-2008-3530
Available for: Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6
Impact: A remote user may be able to cause an unexpected system shutdown
Impact: A man-in-the-middle attacker may be able to impersonate a trusted server or user in applications using OpenSSL for SSL certificate verification
Impact: Multiple vulnerabilities in PHP 5.2.6
QuickDraw Manager
CVE-ID: CVE-2009-0160
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6
Impact: Opening a maliciously crafted PICT image may lead to an unexpected application termination or arbitrary code execution
ruby
CVE-ID: CVE-2008-3443, CVE-2008-3655, CVE-2008-3656, CVE-2008-3657, CVE-2008-3790
Available for: Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6
Impact: Multiple vulnerabilities in Ruby 1.8.6
Safari
CVE-ID: CVE-2009-0162
Available for: Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6
Impact: Accessing a maliciously crafted "feed:" URL may lead to arbitrary code execution
Spotlight
CVE-ID: CVE-2009-0944
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6
Impact: Downloading a maliciously crafted Microsoft Office file may lead to an unexpected application termination or arbitrary code execution
system_cmds
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6
Impact: The "login" command always runs the default shell with normal priority
Impact: Connecting to a TELNET server with a very long canonical name in its DNS address record may lead to an unexpected application termination or arbitrary code execution
WebKit
CVE-ID: CVE-2009-0945
Available for: Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6
Impact: Visiting a maliciously crafted website may lead to arbitrary code execution
X11
CVE-ID: CVE-2008-2383
Available for: Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6
Impact: Displaying maliciously crafted data within an xterm terminal may lead to arbitrary code execution
Impact: Multiple vulnerabilities in libpng version 1.2.26
Impact: Multiple vulnerabilities in FreeType v2.3.8
SAFARI 3.2.3
Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Impact: Accessing a maliciously crafted "feed:" URL may lead to arbitrary code execution
Impact: Visiting a maliciously crafted website may lead to arbitrary code execution
