Security Update 2007-005

by Erica Sadun (RSS feed) on May 24th 2007 at 4:45PM

Apple has just posted its latest security update. This update addresses a boatload of possible vulnerabilities including a number of core unix utilities as well as iChat and VPN. Without further ado, here's a quick rundown of the fixes and the vulnerabilities:

Alias Manager. Impact: Users may be misled into opening a substituted file

BIND. Impact: Multiple vulnerabilities in BIND, the most serious of which is remote denial of service

CoreGraphics. Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution

crontabs. Impact: The daily /tmp cleanup script may lead to a denial of service

fetchmail. Impact: fetchmail password disclosure may be possible

file. Impact: Running the file command on a maliciously crafted file may lead to an unexpected application termination or arbitrary code execution

iChat. Impact: An attacker on the local network may be able to cause a denial of service or arbitrary code execution

mDNSResponder. Impact: An attacker on the local network may be able to cause a denial of service or arbitrary code execution

PPP. Impact: A local user may obtain system privileges

ruby. Impact: Denial of service vulnerabilities in the Ruby CGI library

screen. Impact: Multiple denial of service vulnerabilities in GNU Screen

texinfo. Impact: A vulnerability in texinfo may allow arbitrary files to be overwritten

VPN. Impact: A local user may obtain system privileges

Thanks Tomasz

Tags: Security Update, SecurityUpdate

Mac developer for graphics focused project

Joshua Distler (3 weeks ago)

See More Relevant Jobs ›

Reader Comments (Page 1 of 1)

Zack kitzmiller said 5:47PM on 5-24-2007

Two reboots is normal on this one.

↓↑report

AR said 8:24PM on 5-24-2007

what IS mdnsresponder?

↓↑report

maijc said 8:06AM on 5-27-2007

@Zack kitzmiller
problably, some older update also require 2 reboots

↓↑report

ShaleX said 12:57AM on 5-25-2007

wow, this is alot of security fixes.... that's like the 3rrd this month.

↓↑report

Blair said 2:46AM on 5-25-2007

mdnsresponder = Bonjour

↓↑report

Bobber said 8:43PM on 5-25-2007

I downloaded this security update with the software update program, then rebooted. Instead of the regular OSX login screen, a unix screen came up with "Darwin/BSD" at the top, and a login prompt. I logged in and was given another prompt, plus the frightening words "No Home Directory". I typed 'exit', which took me back to the OSX login screen. When I logged in that way, I was taken back to the unix screen. When I unplugged the computer, the bar on the screen that shows 'OSX loading' did not go all the way across. Instead, it only went 1/5 of the way, then went straight to the OSX login screen. Of course, a log in at that point took me back to the unix screen.

So, my question: What should I type in unix to solve this problem?

↓↑report

dJinnii said 5:27PM on 5-28-2007

I installed this update and the 2 installation reboots went fine.

Immediately after the reboot I was trying to watch a DVD with Front Row and it kernel panic'd!! Nothing else was loaded.

I rebooted again and was presented with the Crash Reporter dialogue box. Using my bluetooth keyboard, I started to type a description of what happened before the panic - lo and behold - another kernel panic!!! On the next reboot I was not presented with another Crash Reporter, but I found the panic.log and it appeared to have something to do with Bluetooth, so I turned off bluetooth and watched my movie.

Since then I have reinstalled OSX on an new harddrive and haven't updated to 2007-05, but I still have the old disk intact.

Has anyone else seen anything like this?

↓↑report

Leon Koller said 12:33PM on 5-29-2007

I have an eMac with Tiger 10.4.9. After updating I clicked to restart. I lost my external Firewire, Mirror RAID volume! On booting I got two windows saying:

Disk Insertion

The disk you inserted was not readable by this computer

Initialize Ignore Eject.

The disk Utility shows both member disks and their volume. However, they are not mounted and clicking the Mount button does not have any effect, although the log says they have been mounted.

It's a bummer to lose a whole RAID volume. Can someone advise as to how I can recover? Any utilities I could use to recover the drives? Thanks. lrkoller

↓↑report

Tip of the Day

Use Spotlight as a reference tool. Type any word in the Spotlight box and one of the top entries will be a definition. Click on it, and it will bring up the dictionary application to check the word in either the dictionary, thesaurus, Apple database, or Wikipedia.

Learn More

Latest Jobs from TUAW Jobs

Post a Job

TUAW flickr Pool

www.flickr.com

Featured Galleries

TUAW bloggers (30 days)

#	Blogger	Posts	Cmts
1	Steven Sande	44	3
2	Dave Caolo	35	4
3	Mel Martin	31	0
4	Mike Schramm	28	0
5	Josh Carr	18	24
6	Michael Rose	18	26
7	Victor Agreda, Jr.	17	6
8	TJ Luoma	15	27
9	Joachim Bean	12	3
10	Erica Sadun	11	1
11	Sang Tang	10	0
12	Ken Ray	10	2
13	David Winograd	9	4
14	Aron Trimble	9	3
15	Chris Rawson	8	0
16	Megan Lavey	7	9
17	John Burke	6	3
18	Lauren Hirsch	4	0
19	Brett Terpstra	4	5
20	Mat Lu	3	0

More Apple Analysis

AAPL on BloggingStocks The Apple category feed from BloggingStocks.com
AAPL Quote, News & Summary The AAPL financials page from AOL Money and Finance
iPhone analysis from BloggingStocks iPhone tag feed from BloggingStocks
Macintosh news and reviews on Download Squad The Macintosh category feed from Download Squad

The Unofficial Apple Weblog (TUAW)

Security Update 2007-005

Mac developer for graphics focused project