Home page logo
/

bugtraq logo Bugtraq mailing list archives

APPLE-SA-2014-15-20-1 OS X Server 3.1.2
From: Apple Product Security <product-security-noreply () lists apple com>
Date: Tue, 20 May 2014 10:56:59 -0700

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2014-15-20-1 OS X Server 3.1.2

OS X Server 3.1.2 is now available and addresses the following:

Ruby
Available for:  OS X Mavericks 10.9.3 or later
Impact:  Running a Ruby script that uses untrusted input to create a
Float object may lead to an application hang or arbitrary code
execution
Description:  A heap-based buffer overflow issue existed in Ruby when
converting a string to a floating point value. An attacker could send
a specially crafted request to Profile Manager or to a Ruby script,
which may lead to an application hang or arbitrary code execution.
This issue was addressed through additional validation of floating
point values.
CVE-ID
CVE-2013-4164


OS X Server 3.1.2 may be obtained from Mac App Store.

Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQIcBAEBAgAGBQJTe5cbAAoJEBcWfLTuOo7tHSAP/RTUSdVxw6bwbGQbCxNCM1rM
8NOZEcU5WFTuMfr05Py9MUMiQjrmRYKnT8yTzRIOAzr+jPoRCdLwPimOEXvRnGQw
Eh9ayN04TJNG/t73XC+T5U+kqVhT/6/uI2wN/f5YwKbL8+sAsE8Rx3fbNgdZFJz4
hC0pmjgomHlduBjmv3Ai+/GMhHqAkjGXy566Ahk+UShGGNx9cyjSYe4jsD1x+4jS
XrG/NHlMLX/1cac/xpCt8BBJu00xtuR50Pfo/pXdT3CN7zcKocQjjDCRJ/n0g97w
ZZ5xBv/kLi+3NTStCyDm8gSv5A+0opXXrQ2fh4PGm3s3+O9yAM95zWfeIJg1SiQi
FnA6zZE2JdbbQSIKLWKED0/bxWDAKhjHif1EoXL7yMxBqMXu+5eWEqDdc4LyzfWp
7fdyb0sz2fPtpnnbhZPnCLIijxr9exHkrMU8lH8XsLayaL7O6cuJ+Gk5ZJHtC/YS
L9uLZKB4VUUI6jHdDOmkbReDCm55WBXVvOBcnxQOfJicQB9hisLIYFEjO75RmYRP
fkotB7oaz0OJb8IO8N/AO8UBWEeJu4KI2EDu+a02C6z8b4A6AZvOqdXNFbe9k2iK
BkcmHmeMQASMl8tZykVlDrj0tNq3TqQbHs4UYhf9J1c807qqlIYA62g29wOphfzQ
DdXqtjMTJ2wcDCaUbREX
=a8IW
-----END PGP SIGNATURE-----

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail


  By Date           By Thread  

Current thread:
  • APPLE-SA-2014-15-20-1 OS X Server 3.1.2 Apple Product Security (May 21)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]