You are here
Home > Preporuke > Sigurnosni nedostatak operacijskog sustava OS X

Sigurnosni nedostatak operacijskog sustava OS X

by ncert - 0
  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: M
  • Kategorije: APL

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

APPLE-SA-2014-10-16-2 Security Update 2014-005

Security Update 2014-005 is now available and addresses the
following:

Secure Transport
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5
Impact: An attacker may be able to decrypt data protected by SSL
Description: There are known attacks on the confidentiality of SSL
3.0 when a cipher suite uses a block cipher in CBC mode. An attacker
could force the use of SSL 3.0, even when the server would support a
better TLS version, by blocking TLS 1.0 and higher connection
attempts. This issue was addressed by disabling CBC cipher suites
when TLS connection attempts fail.
CVE-ID
CVE-2014-3566 : Bodo Moeller, Thai Duong, and Krzysztof Kotowicz of
Google Security Team

Note: Security Update 2014-005 includes the security content of
OS X bash Update 1.0. For further details see
https://support.apple.com/kb/HT6495

Security Update 2014-005 may be obtained from the Mac App Store or
Apple’s Software Downloads web site:
http://www.apple.com/support/downloads/

Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222

This message is signed with Apple’s Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

—–BEGIN PGP SIGNATURE—–
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools – http://gpgtools.org

iQIcBAEBAgAGBQJUQCI2AAoJEBcWfLTuOo7t5ygP/0l9VIBlR7Q6ocMRSB61+2uN
adB6UoEcmJCkUwmEAWOlVT0GlrtV+h2FbQGSKAkiDK5b7+E9UfX8UXneyaV4MWbj
BFDVFt/R0RRYpuojfmhNvMP+p7TFA1QsaHAUrWBtBomJ1+326YIhXBtWMIbVRGHC
S4OZgVbwSnyeJ3o74ftr+CcMu9PFXOMDj0Sdv6rb5af9vkNjfocp8J4El2psr3fO
Ari7bJNSQL2D2ZeGxR7aYu8JMdKQ7N0vnF/c24/z7zd3AgoLQLXsg6F0wI45vRNi
PxvmIAJ217qOva/4XRwve/YdxlpmYRwpkTXTDn7nMyTXsrtUm4PVumxKJJEScYmc
bU9Ckw1CUEQdcd883aB0NgLkf5LTPzsih+ak6xRzElp3QbmnPQ2y0GrnwryXQgLI
KEFrhFCkru7RPaPhXGpeqNB25iT99Rp6rc1w/LvhhZiEArBKyVwdWPAwt4ZAMBQY
UKZYYi6rQKEf+Tf5REoUv9OZCQFYFiuK6/5J/mAcKsZUN6+hxFRrNeq3Kg4GNMnS
v8T8Z0Z5IXbDBdptF6aSYI3sQYkvHob4ujAKxSLFJk9WJOl6y3/TIwGN5eTRxA0K
I+ZXxp9H0tDyHwIgGw/d9FWeW56mTqlcln5M5+V2jphi1h/0EqK70YpBnq4D/tI2
vDl+zNHL/d2D8rWh8csq
=c286
—–END PGP SIGNATURE—–

—–BEGIN PGP SIGNATURE—–
Comment: GPGTools – http://gpgtools.org

iQIcBAEBAgAGBQJUQF4PAAoJEBcWfLTuOo7tOOMQAJP9DfhldKyp6JZEVTV1+RjT
LdlWBPnUbswZAIzt37A7B7EiRrYsha4lgupCNs2xnPFfEFHfjaKe/g74uCzpIBid
aDfUhHGzqhpK0XfOobvx3PRNmf4Yt7LbV8A+grAPo8hnpKngiAIP5ZskA3C7DKf6
P5klRh7XS0Mg995Kv2Wh9hqqp88bAFdnUIQHRKLpUO10BDcfPXilndNL+FPINX4T
uqTkOgijjYdEq3QVitJoQTn1XC9SYNFVOCJYjWtiBndoE2eVItdQvOy1n/VQ2wKW
nbOxyMtRqj6fT4H2kly9I7nR73MoHKlkNivVxMqAinFBZuw6JUVaIJyBrGH8wq1A
K0SXp8w9tZ4d9isvCm9o0HSsScqodBFW/9b2M0p0ok0A0VMUon9XuM6N58/qGNdO
p90diD6Hvhp7fWJevPxogMmFq+//DEqaL9hUzqNBvTkjvX2WgIRbPxQ2S1zV6VZp
NHvSdl4LTgFmxDFBRvmlqyY6l6jep/oyRBS99w9bXxOgNC0C4ZUv0Zr6nLpTD4JR
PJ1imFL30sC5Yjp02ppRVkpAzC5lYQ0AVcJGcDNZVwcd2pl67cytIOL2sFOAxcbT
8AzjGvHNNDwjCzM+8AQmIxbnl6YSvR0UabuKV2Ct2QikRKPGsJRxk/m2C50vwl1s
jN1kTyMUHyMHos61JroR
=hyGU
—–END PGP SIGNATURE—–
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list (Security-announce@lists.apple.com)

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

APPLE-SA-2014-10-16-4 OS X Server v3.2.2

OS X Server v3.2.2 is now available and addresses the following:

Server
Available for: OS X Mavericks v10.9.5 or later
Impact: An attacker may be able to decrypt data protected by SSL
Description: There are known attacks on the confidentiality of SSL
3.0 when a cipher suite uses a block cipher in CBC mode. An attacker
could force the use of SSL 3.0, even when the server would support a
better TLS version, by blocking TLS 1.0 and higher connection
attempts. This issue was addressed by disabling SSL 3.0 support in
Web Server, Calendar & Contacts Server, and Remote Administration.
CVE-ID
CVE-2014-3566 : Bodo Moeller, Thai Duong, and Krzysztof Kotowicz of
Google Security Team

OS X Server v3.2.2 may be obtained from the Mac App Store.

Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222

This message is signed with Apple’s Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

—–BEGIN PGP SIGNATURE—–
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools – http://gpgtools.org

iQIcBAEBAgAGBQJUQCJGAAoJEBcWfLTuOo7tyI0P/imLx5IYlrtwP9X6sCUaRNfa
cjjI5T5ooRX1g83wc3sBGJnUaY5TYEpL8+aVdW0hL/Q8l+DCbvbTHDK1hcxNoPX7
NsXgLFjKd56/mupWbx5beAjOA8Xey6F4tubYFNSppUEk0X9DKyVVmHNxPUnf/mTG
F0opjTmLX9hJVsVvGGncBd24HxnkZJXvjd5Dfi+r/CBv1tFaL3ermZlnrba1cCaP
mtZ06TAONykDYXN3GypSHZKedUIsMyQuuz+GDR2CC8Gw3P4sbbCfNkR2HNGFXPSt
EG58UIdNqbbfDoTg3gR/u8e7XUrqQzSP/fq2lG1qraFpirodb67UKueVvOS1pqZQ
HXJzLV5zSOx1GRLRp2hxQ7htILQGPE6alBnuqTKpe3cDxJ4h5HbZBdDIQNlLK2/y
YxcCwt9AdmHr2BP2AmAE6X3jxTVbfCWxT+1ddTj+FX29DYRYSJHE4XTXAus6m4NI
0uIVGv3OnmLA4r+7IGECQlMmPec0hkkWJV3otwIT83In1WMNlz85Q4Ypjo4jYfWW
lEvnN15Pn8opiyHY62vPCufuroPklK1K6pIMIyFFJBGA2GVk1jqF9gNgIYqYwhMC
meaHWPu1wD82eRUBmTVHiNfKtqLx8MALBfp8uaklrfpnafrqxxuhS4ZjCEA0YU14
NqlhvAS6z144pQkwp1dt
=UMhr
—–END PGP SIGNATURE—–

—–BEGIN PGP SIGNATURE—–
Comment: GPGTools – http://gpgtools.org

iQIcBAEBAgAGBQJUQF5EAAoJEBcWfLTuOo7tt4EP/j0ToviYYGO4F6P/bg4TEmLe
e9QfolGYJENbIHeciXrM+ZgdgkgcazOA4yhjyS6zox6RUIVn4QACqqdMJ5P2Zluh
CBdym3JzWHirLQGV+4fJ4n62/i7ID3QNGSgz0wE8WnfEtOg4C73wKM5EYZswEVfL
0ZGZspZKgMjRKSigWMc7GXPeo7dfA94wdTKnR7BYkCcHxyDon1Av3Ra4NNR7FMQ7
H6BLj/jlxHacI6UHcUDOQU+t5ExnFH3GtqLtu2g+7eyg05mqSEowmwcF6/MsWF/r
WeMy9G4q5orbgORJpey3RTiRWpktKmjufGXAx/mx4/ONt1qVr7nWU5Z3BfAB2sBw
nzwGf2sJ5Ql406GV0tzEczymRFww2Xm774OeyPif5gkjiJgoY9DCEPbjWwGvewDQ
DKUMconnDqMuw7+lBEQCWr7LudAABtjfjvpOll30kppkV3qL/6w376vPfcupEhH5
ByjWkjIp4mZByKqpAwILTd/RlDWLPs65aFtA7npvjCuas74aW3tprd0bHMP+RbS7
71+lEhckzS9nuf/oiaI2953zawvFP2T6vDO2+33bAaPWRj6PN0ovsxTvLNvQH25G
2+023Ovj/vqDLGm+MlmEWoCzMEwI8gTRMTPfVKWk61Sl5vjFvoOVDjnbu2W3/Qxf
O19J+2oKUAAjJS6f5wRs
=R91X
—–END PGP SIGNATURE—–
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list (Security-announce@lists.apple.com)

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

APPLE-SA-2014-10-16-5 OS X Server v2.2.5

OS X Server v2.2.5 is now available and addresses the following:

Server
Available for: OS X Mountain Lion v10.8.5
Impact: An attacker may be able to decrypt data protected by SSL
Description: There are known attacks on the confidentiality of SSL
3.0 when a cipher suite uses a block cipher in CBC mode. An attacker
could force the use of SSL 3.0, even when the server would support a
better TLS version, by blocking TLS 1.0 and higher connection
attempts. This issue was addressed by disabling SSL 3.0 support in
Web Server, Calendar & Contacts Server, and Remote Administration.
CVE-ID
CVE-2014-3566 : Bodo Moeller, Thai Duong, and Krzysztof Kotowicz of
Google Security Team

OS X Server v2.2.5 may be obtained from the Mac App Store.

Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222

This message is signed with Apple’s Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

—–BEGIN PGP SIGNATURE—–
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools – http://gpgtools.org

iQIbBAEBAgAGBQJUQCKNAAoJEBcWfLTuOo7tl5UP90cGp+wElIUvSYZIlSHZdaPZ
YxKFiIjLj4eGUF4b79vQweQtwQiqMUKh0F9qZZ7QlOimNhBrhZvwjRx/aD8LePhS
KhNRH8I2YPK32vws4ufojFZvjuL+Zs2RwQ/1nPgf/STJ5wHQLQolfkh+HKaED+cz
Yg36da7tZ0uEcWvUbWEnq0Ewz+DUF4UffhVLIbmuC0HdmGMEuGoFdhU0+zsTZmcH
YhFfQwsZX/xbTwyMWH0k1hhS1w9QyoNnhC9CbQBmjv6CYuW/6MuksONesfL10oVL
u9fxSzuGchv/iHZQ60UE5d+H7e1lWvl/Baw065w5Ie2bx/YEevvkda2pA/LnQSea
rbFlykfOuBLR47Eg7MalBSJxkO87en1ASyz9oLKTErYm/AjYI22Xq/e2kmst4UW4
24t7iNdNJzp4SQyvS2kUW9T4P2PGV16zkv5fUELYK/uFejaQ8LoF3t+LpMiluibf
nKYJbdsF/14xDygG5fL5KBOYL/cPFXlradykKgZnWhkflJYKzHp05u2ILI+Stv+V
BaniDoMTn53OBT875/xTKmv3igbkwU5YIrJLsNZRCnFchlP0bAWixjiqSqcs6f6j
io+/R05z0IPi6FE05cCi8CH2wMunrwgh3HhSCTiXl12vt3DXSBrmMuDyRLqGxEC4
93VoWCgAlgjlfdjjI40=
=tAhs
—–END PGP SIGNATURE—–

—–BEGIN PGP SIGNATURE—–
Comment: GPGTools – http://gpgtools.org

iQIcBAEBAgAGBQJUQF5gAAoJEBcWfLTuOo7tT8kP/1gFvGXmA7pAEBn2u05rEWMu
zERvoIyih2v9tFVj1tiCS+O4pb60DzXNTXqptWQVDiHJdVQFxpsUQUc0DEng3+Wz
eJ2hkMLgsi3Aaz4iQ7NpNTcn13cJ8vnYKZxz/xvT58YFbBQcA/uEKxcqYiWw8pdf
iDNPuAqRhHFNBD+4NUHOoQMFzYhIoQNCNdE1Qz6xVkxnnHD6w6k/lvPdIt4vLHuj
StSThVOLfzVar7fp3+NLzJFScxAkPIbB7dJR34TJcZQ4VpuJc1S4wxEwm5y1uHDR
DHyxwRr0Q3Jxr53SRd8JPh5y0WfFCf/px0QNEjud/95OODhYokKwOVcSCBlSLDWD
Wz4e7wfAMDhPZsnrleyv2uRJpfkop/FTT5zZcd7LWmz+9B5YwEi6cnR5B7kwZHjw
oBtQODgVCklJJr4L2ZdzRqZUyS+/6YMDNyzKU6vrZbTXkZdB5PA2W8zjb3G6i+47
j4KO+d72JQU1mj567NemCAR77YUnA/9AKRucaqqEhaSnDBHyrqDhSuKAk4BmCvOE
h4rByEH7ze+m9wD5gP/3T3YEBe4pFyHz4njQSIhN3TkQzSVyRlQvhoB7x3gxNMS0
7pqTvigDOurziILMzOQ3wNeIT88onkvnjtmE+CIxLzc/uLFJZpnKKXKCF5o5SPeN
xTMwFgy1sjSI+h3NDrmB
=Nw1M
—–END PGP SIGNATURE—–
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list (Security-announce@lists.apple.com)

AutorMarijo Plepelic
Cert idNCERT-REF-2014-10-0015-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
Izvorhttp://www.adobe.com/
ncert
Top
More in Preporuke
Nadogradnja za mysql-5.5

Izdana je nadogradnja koja sadrži zakrpe za 20 ranjivosti programskog paketa mysql-5.5 za Ubuntu 12.04 LTS i 14.04 LTS. Radi...

Close