Apple Security Advisory 2014-09-17-6 - OS X Server 2.2.3 is now available and addresses an arbitrary SQL query execution vulnerability.
a9934bf17a18ac0288c3bd42cf64254dacedd0f050986f96151544d2c3334fdb
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2014-09-17-6 OS X Server 2.2.3
OS X Server 2.2.3 is now available and addresses the following:
CoreCollaboration
Available for: OS X Mountain Lion v10.8.5
Impact: A remote attacker may be able to execute arbitrary SQL
queries
Description: A SQL injection issue existed in Wiki Server. This
issue was addressed through additional validation of SQL queries.
CVE-ID
CVE-2014-4424 : Sajjad Pourali (sajjad@securation.com) of CERT of
Ferdowsi University of Mashhad
OS X Server 2.2.3 may be obtained from the Mac App Store.
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJUGkbuAAoJEBcWfLTuOo7tYVMQAKaz8CbU1iJrm+5fvLPnXrBF
eWp0tYCDPcoj1tUJ79+XJplJHsZ2Ezb0bQ8gvNSRLgT32Dw4gtRPmZ9c+/UHMUV6
rbSeF73x4IC6yF56ghbKjTkFJguniaS/k6KWCYhqU2Ew/qya2nJdj/RGS5AICQb3
HVg50yW+jRb5geLOL/+Sd7R+zjg3OZb+Z7h+/ynCI53tGgVB9LzslrI+thNAA2Fz
mAsHtF1Fx6l9F+lbCygJj6sNoBxDJPadBlPPjR7E1C06cCoxlARdz2K74qFONt6+
/zSbWofuszvN23HmY9+JYmIQ7x0wi9Ff7W18Ai5nN2/GCLzOM/lJKHKY2tTG781h
R9g1bX1Q0mB9e+RYqmgwSvdtijFXjtOqNza8X9fBHP5bzArucMaFrhUqCEeSqSfs
6hijGHJzK/buNdIzP2wBceA/EXRAfqUZi8r4FTGLQMqZvath3nhrEP+T2LezBCwS
7foYeCo1AXp6oQDgKA0QUflFZg6eZlLFPngvFQn/7ko+I/K1+RzZwbiwS+61pNva
AaoSTeuzeYKuWIFQU80I+mZ1bwqr60Ns9Q3AtIJlKlu/3+l+G3eOW397SqtqbPdh
jRAsmOpcA6w5afjT1yIlcGis/k3H7VAvuVNu6ZZ6JGdXD+q1O4K9GQA2vqxgBLO8
w5/NX6or7DEXSvpwiLND
=s9TT
-----END PGP SIGNATURE-----