Security Update 2009-001 1.0がソフトウェア・アップデート経由で出ています。
Security Update 2009-001 1.0 44.1 MB以下、Apple Product Securityからのメールを項目とImpactのみ引用。
すべてのユーザに、Security Update 2009-001 を適用して、Mac OS X のセキュリティを強化することを推奨します。これまでの改良箇所も今回のセキュリティアップデートに含まれています。
このアップデートのセキュリティに関する内容について詳しくは、次の Web サイトを参照してください:http://support.apple.com/kb/HT1222?viewlocale=ja_JP
APPLE-SA-2009-02-12 Security Update 2009-001
Security Update 2009-001 is now available and addresses the following:
AFP Server
CVE-ID: CVE-2009-0142
Available for: Mac OS X v10.5.6, Mac OS X Server v10.5.6
Impact: A user with the ability to connect to AFP Server may be a able to trigger a denial of service
Apple Pixlet Video
CVE-ID: CVE-2009-0009
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.6, Mac OS X Server v10.5.6
Impact: Opening a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution
CarbonCore
CVE-ID: CVE-2009-0020
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.6, Mac OS X Server v10.5.6
Impact: Opening a file with a maliciously crafted resource fork may
lead to an unexpected application termination or arbitrary code execution
CFNetwork
Available for: Mac OS X v10.5.6, Mac OS X Server v10.5.6
Impact: Restores proper operation of cookies with null expiration times
CFNetwork
Available for: Mac OS X v10.5.6, Mac OS X Server v10.5.6
Impact: Restores proper operation of session cookies across applications
Certificate Assistant
CVE-ID: CVE-2009-0011
Available for: Mac OS X v10.5.6, Mac OS X Server v10.5.6
Impact: A local user may manipulate files with the privileges of another user running Certificate Assistant
ClamAV
CVE-ID: CVE-2008-5050, CVE-2008-5314
Available for: Mac OS X Server v10.4.11, Mac OS X Server v10.5.6
Impact: Multiple vulnerabilities in ClamAV 0.94
CoreText
CVE-ID: CVE-2009-0012
Available for: Mac OS X v10.5.6, Mac OS X Server v10.5.6
Impact: Viewing maliciously crafted Unicode content may lead to an unexpected application termination or arbitrary code execution
CUPS
CVE-ID: CVE-2008-5183
Available for: Mac OS X v10.5.6, Mac OS X Server v10.5.6
Impact: Visiting a maliciously crafted website may lead to an unexpected application termination
DS Tools
CVE-ID: CVE-2009-0013
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.6, Mac OS X Server v10.5.6
Impact: Passwords supplied to dscl are exposed to other local users
fetchmail
CVE-ID: CVE-2007-4565, CVE-2008-2711
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.6, Mac OS X Server v10.5.6
Impact: Multiple vulnerabilities in fetchmail 6.3.8
Folder Manager
CVE-ID: CVE-2009-0014
Available for: Mac OS X v10.5.6, Mac OS X Server v10.5.6
Impact: Other local users may access the Downloads folder
FSEvents
CVE-ID: CVE-2009-0015
Available for: Mac OS X v10.5.6, Mac OS X Server v10.5.6
Impact: Using the FSEvents framework, a local user may be able to see filesystem activity that would otherwise not be available
Network Time
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.6, Mac OS X Server v10.5.6
Impact: The Network Time service configuration has been updated
perl
CVE-ID: CVE-2008-1927
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.6, Mac OS X Server v10.5.6
Impact: Using regular expressions containing UTF-8 characters may lead to an unexpected application termination or arbitrary code execution
Printing
CVE-ID: CVE-2009-0017
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.6, Mac OS X Server v10.5.6
Impact: A local user may obtain system privileges
python
CVE-ID: CVE-2008-1679, CVE-2008-1721, CVE-2008-1887, CVE-2008-2315, CVE-2008-2316, CVE-2008-3142, CVE-2008-3144, CVE-2008-4864, CVE-2007-4965, CVE-2008-5031
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.6, Mac OS X Server v10.5.6
Impact: Multiple vulnerabilities in python
Remote Apple Events
CVE-ID: CVE-2009-0018
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.6, Mac OS X Server v10.5.6
Impact: Sending Remote Apple events may lead to the disclosure of sensitive information
Remote Apple Events
CVE-ID: CVE-2009-0019
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.6, Mac OS X Server v10.5.6
Impact: Enabling Remote Apple Events may lead to an unexpected application termination or the disclosure of sensitive information
Safari RSS
CVE-ID: CVE-2009-0137
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.6, Mac OS X Server v10.5.6
Impact: Accessing a maliciously crafted feed: URL may lead to arbitrary code execution
servermgrd
CVE-ID: CVE-2009-0138
Available for: Mac OS X v10.5.6, Mac OS X Server v10.5.6
Impact: Remote attackers may be able to access Server Manager without valid credentials
SMB
CVE-ID: CVE-2009-0139
Available for: Mac OS X v10.5.6, Mac OS X Server v10.5.6
Impact: Connecting to a maliciously crafted SMB file system may lead to an unexpected system shutdown or arbitrary code execution with system privileges
SMB
CVE-ID: CVE-2009-0140
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.6, Mac OS X Server v10.5.6
Impact: Connecting to a maliciously crafted SMB file server may lead to an unexpected system shutdown
SquirrelMail
CVE-ID: CVE-2008-2379, CVE-2008-3663
Available for: Mac OS X Server v10.4.11, Mac OS X Server v10.5.6
Impact: Multiple vulnerabilities in SquirrelMail
X11
CVE-ID: CVE-2008-1377, CVE-2008-1379, CVE-2008-2360, CVE-2008-2361, CVE-2008-2362
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.6, Mac OS X Server v10.5.6
Impact: Multiple vulnerabilities in X11 server
X11
CVE-ID: CVE-2006-1861, CVE-2006-3467, CVE-2007-1351, CVE-2008-1806, CVE-2008-1807, CVE-2008-1808
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11
Impact: Multiple vulnerabilities in FreeType v2.1.4
X11
CVE-ID: CVE-2007-1351, CVE-2007-1352, CVE-2007-1667
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11
Impact: Multiple vulnerabilities in LibX11
XTerm
CVE-ID: CVE-2009-0141
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.6, Mac OS X Server v10.5.6
Impact: A local user may send information directly to another user's Xterm
Security Update 2009-001 may be obtained from the Software Update pane in System Preferences, or Apple's Software Downloads web site: http://www.apple.com/support/downloads/
For Mac OS X v10.5.6
The download file is named: "SecUpd2009-001.dmg"
Its SHA-1 digest is: 08d8e962e2687f01b3cdc4cb386ef4e44992a1e0
For Mac OS X Server 10.5.6
The download file is named: "SecUpdSrvr2009-001.dmg"
Its SHA-1 digest is: b44344f918cbf15266cde2c989c443e455ccd88f
For Mac OS X v10.4.11 (Intel)
The download file is named: "SecUpd2009-001Intel.dmg"
Its SHA-1 digest is: e1e1a09d9543fe1a1acc759c5ed11dde58f84e0e
For Mac OS X v10.4.11 (PPC)
The download file is named: "SecUpd2009-001PPC.dmg"
Its SHA-1 digest is: a9158bed12fa6650634bc8f972a7990cddb765d9
For Mac OS X Server v10.4.11 (Universal)
The download file is named: "SecUpdSrvr2009-001Univ.dmg"
Its SHA-1 digest is: 6b056d47bbf2566cda7908590fc2ccd0ab4b889f
For Mac OS X Server v10.4.11 (PPC)
The download file is named: "SecUpdSrvr2009-001PPC.dmg"
Its SHA-1 digest is: a9f97ba89b8acc6927779859bbec3787d1fb3b2a
Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222