[Mac_crypto] Security Update 2002-11-21 is available

R. A. Hettinga mac_crypto@vmeng.com
Fri, 22 Nov 2002 21:17:28 -0500 

--- begin forwarded text


Status: RO
To: rahettinga@earthlink.net
From: Product Security <product-security@apple.com>
Date: Fri, 22 Nov 2002 14:58:30 -0800
Sender: security-announce-admin@lists.apple.com
Subject: Security Update 2002-11-21 is available

-----BEGIN PGP SIGNED MESSAGE-----

Security Update 2002-11-21 is now available.  It contains BIND version
8.3.4
to address multiple potential vulnerabilities.

CVE IDs:  CAN-2002-1219, CAN-2002-1220, CAN-2002-1221, CAN-2002-0029

Description:  Several of these vulnerabilities may allow remote
attackers
to execute arbitrary code with elevated privileges. The other
vulnerabilities
could allow remote attackers to disrupt the normal operation of DNS
name service
running on servers.

Further information is available at:
    http://www.cert.org/advisories/CA-2002-31.html
    http://www.kb.cert.org/vuls/id/457875

Affected systems:  Systems that have enabled BIND and are using
    BIND versions 8.1, 8.2 to 8.2.6, and 8.3.0 to 8.3.3.

Mitigating Factors:  BIND is not enabled by default on Mac OS X or Mac
OS X Server

System requirements:  Mac OS X 10.2.2

If BIND is enabled on Mac OS X systems prior to 10.2.2, the
recommendation
is to either upgrade to Mac OS X 10.2 Jaguar then apply this Security
Update,
or to update BIND to version 8.3.4 from the ISC site at:
http://www.isc.org/products/BIND/bind8.html

Security Update 2002-11-21 may be obtained from:

   * Software Update pane in System Preferences (for 10.2.2 or later)

   * Apple's Software Downloads web site:
      http://www.info.apple.com/kbnum/n120169

    To help verify the integrity of Security Update 2002-11-21 from the
    Software Downloads web site, the download file is titled:
      SecurityUpd2002-11-21.dmg
      Its SHA-1 digest is:  9137fc5c1b8922475939ec93ab638494ff6e69be

Information will also be posted to the Apple Support website:
http://docs.info.apple.com/article.html?artnum=61798

This message is signed with Apple's Product Security PGP key, and
details are available at:
http://www.apple.com/support/security/security_pgp.html

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.3

iQEVAwUBPd62ayFlYNdE6F9oAQH3DQf+PJNRB5NlLZim8i7hr0ef/obrjGrQ/PNL
mpQ0bdgB7huFpUYw52YJcjIIFeI6XSgyP/QEEFfApy98y5CuEDXnC+raMniokD6D
L4A25nhRByyxOC5lziKjQKLDWIEktQGXSHYr9cq7oIuo66gAxdQbZrT/brubu9sI
p/4g7sO1CuD5P/31RZUdHizG5lbN8dRGNgeh59FYQhpdYMbflrSolFL0FyxVc6aQ
UwYbdnlt+wPiDqqWGL+YKv7GXV/XBk29mty6sLHqExx2bL8CH8ttUpZcFa8H+8VM
yBXHJ0pnsCPrX+Q32o93ibm3HASXG+JcOrIC1kzvqlldSUvni1w6Kw==
=/AHs
-----END PGP SIGNATURE-----
_______________________________________________
security-announce mailing list | security-announce@lists.apple.com
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/security-announce
Do not post admin requests to the list. They will be ignored.

--- end forwarded text


-- 
-----------------
R. A. Hettinga <mailto: rah@ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'