Security Update 2007-005

by Erica Sadun on May 24th 2007

Apple has just posted its latest security update. This update addresses a boatload of possible vulnerabilities including a number of core unix utilities as well as iChat and VPN. Without further ado, here's a quick rundown of the fixes and the vulnerabilities:

Alias Manager. Impact: Users may be misled into opening a substituted file

BIND. Impact: Multiple vulnerabilities in BIND, the most serious of which is remote denial of service

CoreGraphics. Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution

crontabs. Impact: The daily /tmp cleanup script may lead to a denial of service

fetchmail. Impact: fetchmail password disclosure may be possible

file. Impact: Running the file command on a maliciously crafted file may lead to an unexpected application termination or arbitrary code execution

iChat. Impact: An attacker on the local network may be able to cause a denial of service or arbitrary code execution

mDNSResponder. Impact: An attacker on the local network may be able to cause a denial of service or arbitrary code execution

PPP. Impact: A local user may obtain system privileges

ruby. Impact: Denial of service vulnerabilities in the Ruby CGI library

screen. Impact: Multiple denial of service vulnerabilities in GNU Screen

texinfo. Impact: A vulnerability in texinfo may allow arbitrary files to be overwritten

VPN. Impact: A local user may obtain system privileges

Thanks Tomasz

Tags: Security Update, SecurityUpdate

Reader Comments (Page 1 of 1)

Zack kitzmiller said 5:47PM on 5-24-2007

Two reboots is normal on this one.

↓↑report

AR said 8:24PM on 5-24-2007

what IS mdnsresponder?

↓↑report

ShaleX said 12:57AM on 5-25-2007

wow, this is alot of security fixes.... that's like the 3rrd this month.

↓↑report

Blair said 2:46AM on 5-25-2007

mdnsresponder = Bonjour

↓↑report

Bobber said 8:43PM on 5-25-2007

I downloaded this security update with the software update program, then rebooted. Instead of the regular OSX login screen, a unix screen came up with "Darwin/BSD" at the top, and a login prompt. I logged in and was given another prompt, plus the frightening words "No Home Directory". I typed 'exit', which took me back to the OSX login screen. When I logged in that way, I was taken back to the unix screen. When I unplugged the computer, the bar on the screen that shows 'OSX loading' did not go all the way across. Instead, it only went 1/5 of the way, then went straight to the OSX login screen. Of course, a log in at that point took me back to the unix screen.

So, my question: What should I type in unix to solve this problem?

↓↑report

maijc said 8:06AM on 5-27-2007

@Zack kitzmiller
problably, some older update also require 2 reboots

↓↑report

dJinnii said 5:27PM on 5-28-2007

I installed this update and the 2 installation reboots went fine.

Immediately after the reboot I was trying to watch a DVD with Front Row and it kernel panic'd!! Nothing else was loaded.

I rebooted again and was presented with the Crash Reporter dialogue box. Using my bluetooth keyboard, I started to type a description of what happened before the panic - lo and behold - another kernel panic!!! On the next reboot I was not presented with another Crash Reporter, but I found the panic.log and it appeared to have something to do with Bluetooth, so I turned off bluetooth and watched my movie.

Since then I have reinstalled OSX on an new harddrive and haven't updated to 2007-05, but I still have the old disk intact.

Has anyone else seen anything like this?

↓↑report

Leon Koller said 12:33PM on 5-29-2007

I have an eMac with Tiger 10.4.9. After updating I clicked to restart. I lost my external Firewire, Mirror RAID volume! On booting I got two windows saying:

Disk Insertion

The disk you inserted was not readable by this computer

Initialize Ignore Eject.

The disk Utility shows both member disks and their volume. However, they are not mounted and clicking the Mount button does not have any effect, although the log says they have been mounted.

It's a bummer to lose a whole RAID volume. Can someone advise as to how I can recover? Any utilities I could use to recover the drives? Thanks. lrkoller

↓↑report

Tip of the Day

Holding the Command key (aka the Apple key) and pressing Tab will cycle through your open applications. It's easier to Cmd-Tab if you are Copy (Cmd-C) and Pasting (Cmd-V) to and from various applications.

Learn More

TUAW flickr Pool

www.flickr.com

Advertise with us. (Learn more)

Featured Galleries

TUAW bloggers (30 days)

#	Blogger	Posts	Cmts
1	Steven Sande	40	13
2	Michael Rose	32	27
3	Mel Martin	30	0
4	Mike Schramm	27	1
5	Victor Agreda, Jr.	25	8
6	Brett Terpstra	18	11
7	Erica Sadun	18	2
8	Megan Lavey	16	6
9	Dave Caolo	14	0
10	Robert Palmer	14	5
11	Chris Rawson	12	0
12	David Winograd	12	0
13	Michael Jones	10	0
14	Christina Warren	10	28
15	Tim Wasson	8	0
16	Sang Tang	7	1
17	Jason Clarke	6	1
18	Cory Bohon	6	0
19	Casey Johnston	6	0
20	Mat Lu	4	0

More Apple Analysis

AAPL on BloggingStocks The Apple category feed from BloggingStocks.com
AAPL Quote, News & Summary The AAPL financials page from AOL Money and Finance
iPhone analysis from BloggingStocks iPhone tag feed from BloggingStocks
Macintosh news and reviews on Download Squad The Macintosh category feed from Download Squad

The Unofficial Apple Weblog (TUAW)

Security Update 2007-005

Related Articles From The Unofficial Apple Weblog