-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

         National Cyber Alert System

   Technical Cyber Security Alert TA08-043B


Apple Updates for Multiple Vulnerabilities

   Original release date: February 12, 2008
   Last revised: --
   Source: US-CERT


Systems Affected

     * Apple Mac OS X versions prior to and including 10.4.11 and 10.5.1
     * Apple Mac OS X Server versions prior to and including 10.4.11 and
       10.5.1

   These vulnerabilities affect both Intel and PowerPC platforms


Overview

   Apple has released Security Update 2008-001 and OS X version 10.5.2 to
   correct multiple vulnerabilities affecting Apple Mac OS X and Mac OS X
   Server.  Attackers could exploit these vulnerabilities to execute
   arbitrary code, gain access to sensitive information, or cause a
   denial of service.


I. Description

   Apple Security Update 2008-001 and Apple Mac OS X version 10.5.2
   address a number of vulnerabilities affecting Apple Mac OS X and OS X
   Server versions prior to and including 10.4.11 and 10.5.1. Further
   details are available in the US-CERT Vulnerability Notes Database.

   The update also addresses vulnerabilities in other vendors' products
   that ship with Apple OS X or OS X Server. These products include Samba
   and X11.


II. Impact

   The impacts of these vulnerabilities vary. Potential consequences
   include arbitrary code execution, sensitive information disclosure,
   and denial of service.


III. Solution

Install updates from Apple

   Install Apple Security Update 2008-001 or Apple Mac OS X version
   10.5.2.  These and other updates are available via Software Update or
   via Apple Downloads.


IV. References

     * US-CERT Vulnerability Notes for Apple Security Update 2008-001 -
       <http://www.kb.cert.org/vuls/byid?searchview&query=apple_security_update_2008_001>

     * About the security content of Mac OS X 10.5.2 and Security Update2008-001 - 
       <http://docs.info.apple.com/article.html?artnum=307430>

     * About the Mac OS X 10.5.2 Update -
       <http://docs.info.apple.com/article.html?artnum=307109>

     * Mac OS X: Updating your software -
       <http://docs.info.apple.com/article.html?artnum=106704>

     * Apple - Support - Downloads -
       <http://www.apple.com/support/downloads/>

     * X.org Foundataion Security Advisories -
       <http://www.x.org/wiki/Development/Security>

     * Samba Security Releases -
       <http://www.samba.org/samba/history/security.html>

 ____________________________________________________________________

   The most recent version of this document can be found at:

     <http://www.us-cert.gov/cas/techalerts/TA08-043B.html>
 ____________________________________________________________________

   Feedback can be directed to US-CERT Technical Staff. Please send
   email to <cert@cert.org> with "TA08-043B Feedback VU#774345" in the
   subject.
 ____________________________________________________________________

   For instructions on subscribing to or unsubscribing from this
   mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
 ____________________________________________________________________

   Produced 2008 by US-CERT, a government organization.

   Terms of use:

     <http://www.us-cert.gov/legal.html>
 ____________________________________________________________________


Revision History

   February 12, 2008: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iQEVAwUBR7HyXPRFkHkM87XOAQLgawf/WfBp5mjT+DZriprWRqe1HM4Z9SSe/5Dg
jMgSlX1j/YJC7FgZfjJvriQ+yXeOnhwvKggfTbkJWej+0AeRbyIUFWD/ZTh2Qylp
/1vBehJW9nhT2yMT65/gT/MnbArN11AILkfSGr4W6xLPMR2zq0HsrP2SxYlAVkSO
PPlo0KhWWATcjHjJEacdmry4fR6iv6xA0gFjWN6i18VX5LSMOEyO3LpDt+Rk8fet
r7Pwi/QEr/nipEEw8R8Jg9+LT8dqQL1t+yhTa5pV1rceuEb3Cz67paHAqRneldW9
SAl/TPznmYCCMHqyOfHdRBUVvOxI09OPjHYkf7ghv5e06LqbfVMZug==
=qwP5
-----END PGP SIGNATURE-----