Fwd: APPLE-SA-2003-03-24 Samba, OpenSSL Mar 25 2003 01:39AM
Bryan Blackburn (blb pobox com)
----- Forwarded message from Product Security <product-security (at) apple (dot) com [email concealed]> -----

Date: Mon, 24 Mar 2003 14:44:36 -0800
Subject: APPLE-SA-2003-03-24 Samba, OpenSSL
From: Product Security <product-security (at) apple (dot) com [email concealed]>
To: <security-announce (at) lists.apple (dot) com [email concealed]>
Message-ID: <BAA4CA53.A2%product-security (at) apple (dot) com [email concealed]>

Hash: SHA1

APPLE-SA-2003-03-24 Samba, OpenSSL

Security Update 2003-03-24 is now available. It contains fixes for
recent vulnerabilities in:

* OpenSSL: Fixes CAN-2003-0147, a timing attack on RSA keys.

* Samba: Fixes CAN-2003-0085 and CAN-2003-0086 which could allow
unauthorized remote access to the host system. The built-in Windows
file sharing in Mac OS X is based on Samba. Windows file sharing is
off by default in Mac OS X, but it is recommended that all users
install this Security Update.

Note: This update only applies the security fixes to the
currently-shipping 2.2.3 version of Samba on Mac OS X 10.2.4, and the
Samba version is otherwise unchanged. The presence of the following
file indicates that the update has been applied:

Affected systems: Mac OS X 10.2.4 and earlier
Mac OS X Server 10.2.4 and earlier

System requirements: Mac OS X 10.2.4 or Mac OS X Server 10.2.4

Customers with earlier Mac OS X versions are encouraged to either
upgrade to Mac OS X 10.2.4, or visit the Samba and OpenSSL web sites
for information on the available fixes.

Security Update 2003-03-24 may be obtained from:

* Software Update pane in System Preferences

* Apple's Software Downloads web site:

To help verify the integrity of Security Update 2003-03-24 from the
Software Downloads web site:

The download file is titled: SecurityUpd2003-03-24.dmg
Its SHA-1 digest is: 0a80081453bca85493fcbaccd6adad222b41809e

Information will also be posted to the Apple Product Security web site:

This message is signed with Apple's Product Security PGP key, and
details are available at:

Version: PGP 8.0

security-announce mailing list | security-announce (at) lists.apple (dot) com [email concealed]
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/security-announce
Do not post admin requests to the list. They will be ignored.

----- End forwarded message -----

[ reply ]


Privacy Statement
Copyright 2010, SecurityFocus