—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

APPLE-SA-2015-04-24-1 OS X Server v4.1

OS X Server v4.1 is now available and addresses the following:

Dovecot
Available for: OS X Yosemite v10.10 or later
Impact: An attacker may be able to decrypt data protected by SSL
Description: There are known attacks on the confidentiality of SSL
3.0 when a cipher suite uses a block cipher in CBC mode. An attacker
could force the use of SSL 3.0, even when the server would support a
better TLS version, by blocking TLS 1.0 and higher connection
attempts. This issue was addressed by disabling SSL 3.0 support in
Dovecot.
CVE-ID
CVE-2014-3566

Firewall
Available for: OS X Yosemite v10.10 or later
Impact: Custom firewall rules may not be enforced
Description: An incorrect path was referenced in the firewall
configuration files. This issue was addressed by correcting the path
to point to the correct configuration file.
CVE-ID
CVE-2015-1150 : Phil Schumm of the Research Computing Group,
University of Chicago

Postfix
Available for: OS X Yosemite v10.10 or later
Impact: An attacker may be able to decrypt data protected by SSL
Description: There are known attacks on the confidentiality of SSL
3.0 when a cipher suite uses a block cipher in CBC mode. An attacker
could force the use of SSL 3.0, even when the server would support a
better TLS version, by blocking TLS 1.0 and higher connection
attempts. This issue was addressed by disabling SSL 3.0 support in
Postfix.
CVE-ID
CVE-2014-3566

Wiki Server
Available for: OS X Yosemite v10.10 or later
Impact: Access controls may not be enforced on mobile devices
Description: Access controls for the Activity and People wiki pages
were not enforced on iPad clients. This issue was addressed by
improving access control verification.
CVE-ID
CVE-2015-1151

OS X Server v4.1 may be obtained from the Mac App Store.

Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222

This message is signed with Apple’s Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

—–BEGIN PGP SIGNATURE—–

iQIcBAEBAgAGBQJVOto4AAoJEBcWfLTuOo7tQgAP/j+6Sm5O9t4BMxCcn0Tg69Sp
e5IkAioYRWkikHuhPgLXgn9vtwNprKYCqbhxseDAHSxqOFfcSlxf59ncc/Ge8fIS
rRCGENY9PDBcfZbeufi6mNfhmPdQ8u+9oc1mgY9kNHrny96TuNzJlrro3qii20S4
Kp/dJjFAD3mYqM+4LeUsk/+zlGC5F13DlRrp7EQBc26MvyEtJfyYiytjK/P3vfmN
bgA7n4RypERmogswT8yZwpEBqTn12tNYgwQMHhvleS1w4//TFnmgmPUlEP9OjVl4
5LpxleIhGa5ed/iWEU1vLSJ+hORgZZt0z9Gu51mud5QRMFy2ElySOb+d+QSSrAC6
QVvd5gFHWfQNh7r+GK31ACNLOCxzJ/sAcD7CYWKAm8XrKB+cL4/JUVeeK6ytF2p9
cKyqn1JraGKNJKyJ1QfCQApeaZTzPiOW8LrtIpQTJhuRu0HP0OqdZTBdIEmknGPh
xBjx46FrfxoUl6xKCuk59ciwWcHPOgySyWcUaufkIUv9X73/nMz45FXakaHUSvHz
cvdHVxJ1hHsCFPn113uXpBBMc46Fj+8a2A/Po6Hkn6a/2kYA6EPLqf9+Zpxjfm1o
ImXeYwQuqE4ZxCNV4Ld0/aw8abHk2UbKEpb4Ksbir0pBOc17QhV0PMmSve7qwlbv
BGtRTntDKK+qhJ/s12j2
=mqvD
—–END PGP SIGNATURE—–

_______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list (Security-announce@lists.apple.com)