BugTraq
APPLE-SA-2014-10-16-4 OS X Server v3.2.2 Oct 17 2014 12:09AM
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2014-10-16-4 OS X Server v3.2.2

OS X Server v3.2.2 is now available and addresses the following:

Server
Available for: OS X Mavericks v10.9.5 or later
Impact: An attacker may be able to decrypt data protected by SSL
Description: There are known attacks on the confidentiality of SSL
3.0 when a cipher suite uses a block cipher in CBC mode. An attacker
could force the use of SSL 3.0, even when the server would support a
better TLS version, by blocking TLS 1.0 and higher connection
attempts. This issue was addressed by disabling SSL 3.0 support in
Web Server, Calendar & Contacts Server, and Remote Administration.
CVE-ID
CVE-2014-3566 : Bodo Moeller, Thai Duong, and Krzysztof Kotowicz of
Google Security Team

OS X Server v3.2.2 may be obtained from the Mac App Store.

Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQIcBAEBAgAGBQJUQCJGAAoJEBcWfLTuOo7tyI0P/imLx5IYlrtwP9X6sCUaRNfa
cjjI5T5ooRX1g83wc3sBGJnUaY5TYEpL8+aVdW0hL/Q8l+DCbvbTHDK1hcxNoPX7
NsXgLFjKd56/mupWbx5beAjOA8Xey6F4tubYFNSppUEk0X9DKyVVmHNxPUnf/mTG
F0opjTmLX9hJVsVvGGncBd24HxnkZJXvjd5Dfi+r/CBv1tFaL3ermZlnrba1cCaP
mtZ06TAONykDYXN3GypSHZKedUIsMyQuuz+GDR2CC8Gw3P4sbbCfNkR2HNGFXPSt
EG58UIdNqbbfDoTg3gR/u8e7XUrqQzSP/fq2lG1qraFpirodb67UKueVvOS1pqZQ
HXJzLV5zSOx1GRLRp2hxQ7htILQGPE6alBnuqTKpe3cDxJ4h5HbZBdDIQNlLK2/y
YxcCwt9AdmHr2BP2AmAE6X3jxTVbfCWxT+1ddTj+FX29DYRYSJHE4XTXAus6m4NI
0uIVGv3OnmLA4r+7IGECQlMmPec0hkkWJV3otwIT83In1WMNlz85Q4Ypjo4jYfWW
lEvnN15Pn8opiyHY62vPCufuroPklK1K6pIMIyFFJBGA2GVk1jqF9gNgIYqYwhMC
meaHWPu1wD82eRUBmTVHiNfKtqLx8MALBfp8uaklrfpnafrqxxuhS4ZjCEA0YU14
NqlhvAS6z144pQkwp1dt
=UMhr
-----END PGP SIGNATURE-----

-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org

iQIcBAEBAgAGBQJUQF5EAAoJEBcWfLTuOo7tt4EP/j0ToviYYGO4F6P/bg4TEmLe
e9QfolGYJENbIHeciXrM+ZgdgkgcazOA4yhjyS6zox6RUIVn4QACqqdMJ5P2Zluh
CBdym3JzWHirLQGV+4fJ4n62/i7ID3QNGSgz0wE8WnfEtOg4C73wKM5EYZswEVfL
0ZGZspZKgMjRKSigWMc7GXPeo7dfA94wdTKnR7BYkCcHxyDon1Av3Ra4NNR7FMQ7
H6BLj/jlxHacI6UHcUDOQU+t5ExnFH3GtqLtu2g+7eyg05mqSEowmwcF6/MsWF/r
WeMy9G4q5orbgORJpey3RTiRWpktKmjufGXAx/mx4/ONt1qVr7nWU5Z3BfAB2sBw
nzwGf2sJ5Ql406GV0tzEczymRFww2Xm774OeyPif5gkjiJgoY9DCEPbjWwGvewDQ
DKUMconnDqMuw7+lBEQCWr7LudAABtjfjvpOll30kppkV3qL/6w376vPfcupEhH5
ByjWkjIp4mZByKqpAwILTd/RlDWLPs65aFtA7npvjCuas74aW3tprd0bHMP+RbS7
71+lEhckzS9nuf/oiaI2953zawvFP2T6vDO2+33bAaPWRj6PN0ovsxTvLNvQH25G
2+023Ovj/vqDLGm+MlmEWoCzMEwI8gTRMTPfVKWk61Sl5vjFvoOVDjnbu2W3/Qxf
O19J+2oKUAAjJS6f5wRs
=R91X
-----END PGP SIGNATURE-----

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus