Bugtraq mailing list archives
APPLE-SA-2013-02-04-1 OS X Server v2.2.1
From: Apple Product Security <product-security-noreply () lists apple com>
Date: Mon, 04 Feb 2013 14:45:21 -0800
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2013-02-04-1 OS X Server v2.2.1 OS X Server v2.2.1 is now available and addresses the following: Profile Manager Available for: OS X Mountain Lion v10.8 or later Impact: A remote attacker may be able to cause arbitrary code execution Description: A type casting issue existed in Ruby on Rails' handling of XML parameters. This issue was addressed by disabling XML parameters in the Rails implementation used by Profile Manager. CVE-ID CVE-2013-0156 Wiki Server Available for: OS X Mountain Lion v10.8 or later Impact: A remote attacker may be able to cause arbitrary code execution Description: A type casting issue existed in Ruby on Rails' handling of XML parameters. This issue was addressed by disabling XML parameters in the Rails implementation used by Wiki Server. CVE-ID CVE-2013-0156 Wiki Server Available for: OS X Mountain Lion v10.8 or later Impact: A remote attacker may be able to cause arbitrary code execution Description: A type casting issue existed in Ruby on Rails' handling of JSON data. This issue was addressed by switching to using the JSONGem backend for JSON parsing. CVE-ID CVE-2013-0333 OS X Server v2.2.1 may be obtained from Mac App Store. Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJRDIF0AAoJEPefwLHPlZEwu+0QALAQjISSEnNzyaYURMyyBjDX B7xa8fR+no5kVcXWa6rOiVajTgMra2PN1SWolM45NMealeDmAooumuktXt/tEgp4 umobB5BHUt8PS8H0f19xoPNKMKsk4140yHsIlkyExKXfu5a4D35umPSPc8vuUZx+ nieClNL44GC4+8b14Tgkbhkg0MJwhTjcggU6pjlT6niqUqQH2jrPXdcr4MZ/ONtQ vvikiZA6rOPWNYs24b4HvOYMY/GSGorOaKshrQNivCh3awG70zXfQJCc7Igcxw82 mv34FRXgq6p3pAnigewQBkCGDeVn51COpd4umDzaUjkwZ9uyFuOtAzdJZ9hzVHd/ +q10PIjdH10P8nDj6Ykky/7LxjeAdFiX6GANR04qNVPzhVjVvLjEO/CKjXUQHpsm lf8z0/U3CieIKFLyOVbBpyWabVfo3N678suhoaxvZeBANNJgNzJg27uomVvW9gNl EzrZg081xBVl2ydYYRcewRBKW/Ectxz+U3OsTcedjuXIfIMihpXDm8SEilgSow3l w6TXsfaCriWmr+KQVXCQvUICyUUQcqxF7Tcos9It9RmjymtlUskw+T2hkmENIi2d 2Qg2I92gpVuOAnU0JZCWL8+oMXQGzm+qY5CWAx2iYKILUoGjUXweUI7khR6Mparr EoPnPQxbWOTl/z8O9WFf =0rrj -----END PGP SIGNATURE-----
Current thread:
- APPLE-SA-2013-02-04-1 OS X Server v2.2.1 Apple Product Security (Feb 05)