Apple Releases OSX 10.5.6/Security update 2008-008
Apple's released an update for OSX, you can now download 10.5.6 through the Software Update app.
It patches a large number of vulns, here are just the CVEs:
- CVE-2008-4236 - Apple Type Services malicious PDF font DoS
- CVE-2008-4217 - BOM CPIO archive code execution
- CVE-2008-3623 - CoreGraphics heap overflow via malicious image
- CVE-2008-3170 - CoreServices/Safari user credential disclosure
- CVE-2008-4234 - CoreTypes failure of Download Validation (no warning when you launch downloaded content)
- CVE-2008-4818 - Flash Player plug-in issues (as per previous entries earlier in the summer)
- CVE-2008-4819 - Flash Player plug-in issues
- CVE-2008-4820 - Flash Player plug-in issues
- CVE-2008-4821 - Flash Player plug-in issues
- CVE-2008-4822 - Flash Player plug-in issues
- CVE-2008-4823 - Flash Player plug-in issues
- CVE-2008-4824 - Flash Player plug-in issues
- CVE-2008-4218 - Kernel integer overflow allowing local priv escalation
- CVE-2008-4219 - Kernel - system crash when you use dynamic libraries on an NFS share
- CVE-2008-4220 - Libsystem integer overflow in the inet_net_pton API (gives code execution)
- CVE-2008-4221 - Libsystem "memory corruption" via the strptime API (gives code execution)
- CVE-2008-1391 - Libsystem - a whole pile of integer overflows in the strfmon API (gives code execution)
- CVE-2008-4237 - Managed Client doesn't apply managed screen saver settings correctly
- CVE-2008-4222 - network_cmds - DoS via custom TCP packet when Internet Sharing is enabled
- CVE-2008-4223 - Podcast Producer auth bypass allows a remote attacker access to the admin functions
- CVE-2008-4224 - UDF - a specially built ISO file can cause a system crash.
You can get the update via Software Update or from: http://www.apple.com/support/
The hashes are as follows:
For Mac OS X v10.5.5
The download file is named: "MacOSXUpd10.5.6.dmg"
Its SHA-1 digest is: 684f67524a92b4314a4bdd52498fb3
For Mac OS X v10.5 - v10.5.4
The download file is named: "MacOSXUpdCombo10.5.6.dmg"
Its SHA-1 digest is: 09de4ac2c5591ab75d51ef37dc70f9
For Mac OS X Server v10.5.5
The download file is named: "MacOSXServerUpd10.5.6.dmg"
Its SHA-1 digest is: bd14ab94b9bcc896da1613ac761171
For Mac OS X Server v10.5 - v10.5.4
The download file is named: "MacOSXServerUpdCombo10.5.6.
Its SHA-1 digest is: e20d8d458be3ec51b0083ff823ce27
For Mac OS X v10.4.11 (Intel)
The download file is named: "SecUpd2008-008Intel.dmg"
Its SHA-1 digest is: 651e592fad1bd158a76459a81d2ebe
For Mac OS X v10.4.11 (PowerPC)
The download file is named: "SecUpd2008-008PPC.dmg"
Its SHA-1 digest is: 9bb2aa7fcc924715b6442e808fc778
For Mac OS X Server v10.4.11 (Universal)
The download file is named: "SecUpdSrvr2008-008Univ.dmg"
Its SHA-1 digest is: 21702064037150cdeb9d708304ee91
For Mac OS X Server v10.4.11 (PowerPC)
The download file is named: "SecUpdSrvr2008-008PPC.dmg"
Its SHA-1 digest is: d0e4720051ea27b8edf0ab2a124d6e
We'll be updating as we have any additional information about the update
Comments