—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

APPLE-SA-2015-09-16-4 OS X Server 5.0.3

OS X Server 5.0.3 is now available and addresses the following:

apache
Available for: OS X Yosemite v10.10.4 or later
Impact: Multiple vulnerabilities in Apache, the most serious of
which may allow a remote attacker to cause a denial of service
Description: Multiple vulnerabilities existed in Apache versions
prior to 2.4.16. These issues were addressed by updating Apache to
version 2.4.16.
CVE-ID
CVE-2013-5704
CVE-2014-3581
CVE-2014-3583
CVE-2014-8109
CVE-2015-0228
CVE-2015-0253
CVE-2015-3183
CVE-2015-3185

BIND
Available for: OS X Yosemite v10.10.4 or later
Impact: Multiple vulnerabilities in BIND, the most severe of which
may allow a remote attacker to cause a denial of service
Description: Multiple vulnerabilities existed in BIND versions prior
to 9.9.7. These issues were addressed by updating BIND to version
9.9.7.
CVE-ID
CVE-2014-8500
CVE-2015-1349

PostgreSQL
Available for: OS X Yosemite v10.10.4 or later
Impact: Multiple vulnerabilities in PostgreSQL, the most serious of
which may lead to arbitrary code execution
Description: Multiple vulnerabilities existed in PostgreSQL versions
prior to 9.3.9. These issues were addressed by updating PostgreSQL to
version 9.3.9.
CVE-ID
CVE-2014-0067
CVE-2014-8161
CVE-2015-0241
CVE-2015-0242
CVE-2015-0243
CVE-2015-0244
CVE-2015-3165
CVE-2015-3166
CVE-2015-3167

Wiki Server
Available for: OS X Yosemite v10.10.4 or later
Impact: Multiple XML security issues in Wiki Server
Description: Multiple XML vulnerabilities existed in Wiki Server
based on Twisted. This issue was addressed by removing Twisted.
CVE-ID
CVE-2015-5911 : Zachary Jones of WhiteHat Security Threat Research
Center

OS X Server 5.0.3 may be obtained from the Mac App Store.

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple’s Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

—–BEGIN PGP SIGNATURE—–
Comment: GPGTools – http://gpgtools.org

iQIcBAEBCAAGBQJV+cTeAAoJEBcWfLTuOo7tAaoP/A6mRcB0zcLWjPVf4Aatmaha
z8CXbm0hBfcGcVR4iqyVMVRCS9NEY4u3dyXIuHVA+zWM1qNb+kolm/1oIT4mwUlk
C2mBlcu92FhGe0+5qsDYEOVHbQrhX+fWI4icG35Tke6IU2Rmdl1vyzZbk3TikOl7
WxHxcn7lcFZqUgqq2FM3I/P06yuC75NSNj85+7ZIySpRhwQQ3AVgWal8SEH/Gufv
ScT4Oj0ejD9SlzkTBCkvOYpzN8jumkIqRbtKuAKZV0BIf50eyoUYmNYvBwwKoHa7
l2MgRzdtZu9qrdIJ26pkPYuPd39ChsLveBOjciMT85ZcfwJKWb2XvJ7YUVAy9SKv
IXkuiePRMbxSc3o5Tv0CKt9hf06irAMhNw/sujwQfAIyCw0iWLtaEjPveBafbBZ5
bWoHUdLojK5ubaAjOGH/R1QfSB99IasxLo7DldKzLHuff5LAXqQLBXrVyce2C8ug
GxJjJjVcD6KoBB2bZ6a/J9lBBft9CTISQIS3g7o8iYaRg0cpNE1yIa0IEWinpfPb
eYA3mAxAVXeSZ2cB346DrEGVSJO3RCQb7IxSi6fu2/4FlAyoMzAK5unIaU02E8Y4
c4wKGN4cWSP9RdiJrwCQmzzYPv8ClaJF6ZinNo0wuYP00Te0JavQXaslFEvgkFa+
x7UDm7nSbhr2aPDxeJ3G
=ou8d
—–END PGP SIGNATURE—–

_______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list (Security-announce@lists.apple.com)