Filed under: Software Update, Security
Security Update 2007-005
Apple has just posted its latest security update. This update addresses a boatload of possible vulnerabilities including a number of core unix utilities as well as iChat and VPN. Without further ado, here's a quick rundown of the fixes and the vulnerabilities: Alias Manager. Impact: Users may be misled into opening a substituted file
BIND. Impact: Multiple vulnerabilities in BIND, the most serious of which is remote denial of service
CoreGraphics. Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution
crontabs. Impact: The daily /tmp cleanup script may lead to a denial of service
fetchmail. Impact: fetchmail password disclosure may be possible
file. Impact: Running the file command on a maliciously crafted file may lead to an unexpected application termination or arbitrary code execution
iChat. Impact: An attacker on the local network may be able to cause a denial of service or arbitrary code execution
mDNSResponder. Impact: An attacker on the local network may be able to cause a denial of service or arbitrary code execution
PPP. Impact: A local user may obtain system privileges
ruby. Impact: Denial of service vulnerabilities in the Ruby CGI library
screen. Impact: Multiple denial of service vulnerabilities in GNU Screen
texinfo. Impact: A vulnerability in texinfo may allow arbitrary files to be overwritten
VPN. Impact: A local user may obtain system privileges
Thanks Tomasz

![TUAW [Cafepress]](http://www.blogsmithmedia.com/www.tuaw.com/media/tuaw-cafepress-promo.png)


Reader Comments (Page 1 of 1)
Zack kitzmiller said 5:47PM on 5-24-2007
Two reboots is normal on this one.
Reply
AR said 8:24PM on 5-24-2007
what IS mdnsresponder?
Reply
maijc said 8:06AM on 5-27-2007
@Zack kitzmiller
problably, some older update also require 2 reboots
Reply
ShaleX said 12:57AM on 5-25-2007
wow, this is alot of security fixes.... that's like the 3rrd this month.
Reply
Blair said 2:46AM on 5-25-2007
mdnsresponder = Bonjour
Reply
Bobber said 8:43PM on 5-25-2007
I downloaded this security update with the software update program, then rebooted. Instead of the regular OSX login screen, a unix screen came up with "Darwin/BSD" at the top, and a login prompt. I logged in and was given another prompt, plus the frightening words "No Home Directory". I typed 'exit', which took me back to the OSX login screen. When I logged in that way, I was taken back to the unix screen. When I unplugged the computer, the bar on the screen that shows 'OSX loading' did not go all the way across. Instead, it only went 1/5 of the way, then went straight to the OSX login screen. Of course, a log in at that point took me back to the unix screen.
So, my question: What should I type in unix to solve this problem?
Reply
dJinnii said 5:27PM on 5-28-2007
I installed this update and the 2 installation reboots went fine.
Immediately after the reboot I was trying to watch a DVD with Front Row and it kernel panic'd!! Nothing else was loaded.
I rebooted again and was presented with the Crash Reporter dialogue box. Using my bluetooth keyboard, I started to type a description of what happened before the panic - lo and behold - another kernel panic!!! On the next reboot I was not presented with another Crash Reporter, but I found the panic.log and it appeared to have something to do with Bluetooth, so I turned off bluetooth and watched my movie.
Since then I have reinstalled OSX on an new harddrive and haven't updated to 2007-05, but I still have the old disk intact.
Has anyone else seen anything like this?
Reply
Leon Koller said 12:33PM on 5-29-2007
I have an eMac with Tiger 10.4.9. After updating I clicked to restart. I lost my external Firewire, Mirror RAID volume! On booting I got two windows saying:
Disk Insertion
The disk you inserted was not readable by this computer
Initialize Ignore Eject.
The disk Utility shows both member disks and their volume. However, they are not mounted and clicking the Mount button does not have any effect, although the log says they have been mounted.
It's a bummer to lose a whole RAID volume. Can someone advise as to how I can recover? Any utilities I could use to recover the drives? Thanks. lrkoller
Reply