BugTraq
APPLE-SA-2011-09-09-1 Security Update 2011-005 Sep 09 2011 05:14PM
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2011-09-09-1 Security Update 2011-005

Security Update 2011-005 is now available and addresses the
following:

Certificate Trust Policy
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7.1, OS X Lion Server v10.7.1
Impact: An attacker with a privileged network position may intercept
user credentials or other sensitive information
Description: Fraudulent certificates were issued by multiple
certificate authorities operated by DigiNotar. This issue is
addressed by removing DigiNotar from the list of trusted root
certificates, from the list of Extended Validation (EV) certificate
authorities, and by configuring default system trust settings so that
DigiNotar's certificates, including those issued by other
authorities, are not trusted.

For Mac OS X v10.6.8 and Mac OS X Server v10.6.8
The download file is named: SecUpd2011-005Snow.dmg
Its SHA-1 digest is: 065f5f9a9263a2cd164ea61d1d59c63b1362df0b

For OS X Lion v10.7.1 and OS X Lion Server v10.7.1
The download file is named: SecUpd2011-005Lion.dmg
Its SHA-1 digest is: a2971772c45f53dc251cdcd1dfa21a651c54f03f

Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (Darwin)

iQEcBAEBAgAGBQJOaiLBAAoJEGnF2JsdZQeeglEH/2aD3I9Tka87Fr1YISyZaGwx
iea8gIJ11uvJuZwXzlDLGKjSkh0qhkt0S/Q84YOjGWGvz+kuT3FhL9Rl6KJth0uW
eXShWd6iyQb4f5KHovMgwhRy+5fuk85b2Q7Y4ulwhflcfn4g5pOlRevgfN48C5fx
7W3p3dn8YgfON79rn4Kx4G/3ZaybIo34q1JmdOVfQD1F5UpZ7PDfUUtCu9CRa36U
AYbnNwVcgvCkqAG9vvIMrzd/pG9geljdclW4H8ujVbXKxFa53RB4N1/3fCIEtzmi
WxwucarVfvCvf6Vpvob6rZZx8xf+Nn4hJ8xl0F/SlcnBIzpBFHbspDODRCd/GVM=
=Qz73
-----END PGP SIGNATURE-----

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus