Mac OS X アップデート 10.5.6がソフトウェアアップデート経由で出ています。
Mac OS X アップデート 10.5.6 190 MB以下、Apple Product Securityからのメールを長いので項目のみ引用。
10.5.6 アップデートは、Mac OS X Leopard を使用しているすべてのユーザにお勧めします。お使いの Mac の安定性、互換性、およびセキュリティを向上させるオペレーティングシステムの全般的な修正が含まれています。
このアップデートについて詳しくは、次の Web サイトを参照してください:http://support.apple.com/kb/HT3194?viewlocale=ja_JP
セキュリティアップデートについて詳しくは、次の Web サイトを参照してください:http://support.apple.com/kb/HT1222?viewlocale=ja_JP
APPLE-SA-2008-12-15 Security Update 2008-008 / Mac OS X v10.5.6
Security Update 2008-008 / Mac OS X v10.5.6 is now available and addresses the following issues:
ATS
CVE-ID: CVE-2008-4236
Available for: Mac OS X v10.5 through v10.5.5, Mac OS X Server v10.5 through v10.5.5
Impact: Viewing or downloading a PDF file containing a maliciously crafted embedded font may lead to a denial of service
BOM
CVE-ID: CVE-2008-4217
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.5, Mac OS X Server v10.5 through v10.5.5
Impact: Downloading or viewing a maliciously crafted CPIO archive may lead to arbitrary code execution or unexpected application termination
CoreGraphics
CVE-ID: CVE-2008-3623
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.5, Mac OS X Server v10.5 through v10.5.5
Impact: Viewing a maliciously crafted image may lead to an unexpected application termination or arbitrary code execution
CoreServices
CVE-ID: CVE-2008-3170
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.5, Mac OS X Server v10.5 through v10.5.5
Impact: Visiting a maliciously crafted website may lead to the disclosure of user credentials
CoreTypes
CVE-ID: CVE-2008-4234
Available for: Mac OS X v10.5 through v10.5.5, Mac OS X Server v10.5 through v10.5.5
Impact: Attempting to launch unsafe downloaded content may not lead to a warning
Flash Player Plug-in
CVE-ID: CVE-2008-4818, CVE-2008-4819, CVE-2008-4820, CVE-2008-4821, CVE-2008-4822, CVE-2008-4823, CVE-2008-4824
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.5, Mac OS X Server v10.5 through v10.5.5
Impact: Multiple vulnerabilities in Adobe Flash Player plug-in
Kernel
CVE-ID: CVE-2008-4218
Available for: Mac OS X v10.5 through v10.5.5, Mac OS X Server v10.5 through v10.5.5
Impact: A local user may obtain system privileges
Kernel
CVE-ID: CVE-2008-4219
Available for: Mac OS X v10.5 through v10.5.5, Mac OS X Server v10.5 through v10.5.5
Impact: Running an executable that links dynamic libraries on an NFS share may lead to an unexpected system shutdown
Libsystem
CVE-ID: CVE-2008-4220
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.5, Mac OS X Server v10.5 through v10.5.5
Impact: Applications that use the inet_net_pton API may be vulnerable to arbitrary code execution or an unexpected application termination
Libsystem
CVE-ID: CVE-2008-4221
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.5, Mac OS X Server v10.5 through v10.5.5
Impact: Applications that use the strptime API may be vulnerable to arbitrary code execution or unexpected application termination
Libsystem
CVE-ID: CVE-2008-1391
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.5, Mac OS X Server v10.5 through v10.5.5
Impact: Applications that use the strfmon API may be exposed to an unexpected application termination or arbitrary code execution
Managed Client
CVE-ID: CVE-2008-4237
Available for: Mac OS X v10.5 through v10.5.5, Mac OS X Server v10.5 through v10.5.5
Impact: The managed screen saver settings are not applied
network_cmds
CVE-ID: CVE-2008-4222
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.5, Mac OS X Server v10.5 through v10.5.5
Impact: A remote attacker may be able to cause a denial of service if Internet Sharing is enabled
Podcast Producer
CVE-ID: CVE-2008-4223
Available for: Mac OS X Server v10.5 through v10.5.5
Impact: A remote attacker may be able to access the administrative functions of Podcast Producer
UDF
CVE-ID: CVE-2008-4224
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.5, Mac OS X Server v10.5 through v10.5.5
Impact: Opening an ISO file may lead to an unexpected system shutdown
Security Update 2008-008 and Mac OS X v10.5.6 may be obtained from the Software Update pane in System Preferences, or Apple's Software Downloads web site: http://www.apple.com/support/downloads/
The Software Update utility will present the update that applies to your system configuration. Only one is needed, either Security Update 2008-008 or Mac OS X v10.5.6.
For Mac OS X v10.5.5
The download file is named: "MacOSXUpd10.5.6.dmg"
Its SHA-1 digest is: 684f67524a92b4314a4bdd52498fb3b6af8f9ded
For Mac OS X v10.5 - v10.5.4
The download file is named: "MacOSXUpdCombo10.5.6.dmg"
Its SHA-1 digest is: 09de4ac2c5591ab75d51ef37dc70f9e5630150d4
For Mac OS X Server v10.5.5
The download file is named: "MacOSXServerUpd10.5.6.dmg"
Its SHA-1 digest is: bd14ab94b9bcc896da1613ac761171b54286bcac
For Mac OS X Server v10.5 - v10.5.4
The download file is named: "MacOSXServerUpdCombo10.5.6.dmg"
Its SHA-1 digest is: e20d8d458be3ec51b0083ff823ce27def00dbca7
For Mac OS X v10.4.11 (Intel)
The download file is named: "SecUpd2008-008Intel.dmg"
Its SHA-1 digest is: 651e592fad1bd158a76459a81d2ebede1f3bedea
For Mac OS X v10.4.11 (PowerPC)
The download file is named: "SecUpd2008-008PPC.dmg"
Its SHA-1 digest is: 9bb2aa7fcc924715b6442e808fc778789f359906
For Mac OS X Server v10.4.11 (Universal)
The download file is named: "SecUpdSrvr2008-008Univ.dmg"
Its SHA-1 digest is: 21702064037150cdeb9d708304ee91eb254c7371
For Mac OS X Server v10.4.11 (PowerPC)
The download file is named: "SecUpdSrvr2008-008PPC.dmg"
Its SHA-1 digest is: d0e4720051ea27b8edf0ab2a124d6e9f0e16534c
Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222