Full Disclosure mailing list archives

By Date By Thread APPLE-SA-2016-03-21-7 OS X Server 5.1 From: Apple Product Security <product-security-noreply () lists apple com>

Date: Mon, 21 Mar 2016 17:54:38 -0700

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2016-03-21-7 OS X Server 5.1 OS X Server 5.1 is now available and addresses the following: Server App Available for: OS X Yosemite v10.10.5 and later Impact: An administrator may unknowingly store backups on a volume without permissions enabled Description: An issue in Time Machine server did not properly warn administrators if permissions were ignored when performing a server backup. This issue was addressed through improved warnings. CVE-ID CVE-2016-1774 : CJKApps Web Server Available for: OS X Yosemite v10.10.5 and later Impact: An attacker may be able to exploit weaknesses in the RC4 cryptographic algorithm Description: RC4 was removed as a supported cipher. CVE-ID CVE-2016-1777 : Pepi Zawodsky Web Server Available for: OS X Yosemite v10.10.5 and later Impact: A remote user may be able to view sensitive configuration information Description: A file access issue existed in Apache with .DS_Store and .htaccess files. This issue was addressed through improved access restrictions. CVE-ID CVE-2016-1776 : Shawn Pullum of University of California, Irvine Wiki Server Available for: OS X Yosemite v10.10.5 and later Impact: An attacker in a privileged network position may be able to leak sensitive user information Description: An access issue existed in some Wiki pages. This issue was addressed through improved access restrictions. CVE-ID CVE-2016-1787 : an anonymous researcher OS X Server 5.1 may be obtained from the Mac App Store. Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJW8JQQAAoJEBcWfLTuOo7txasP/RcVgQ2t03szn0LLt0PSFjD9 PZg339iTYRk7sCHyNYwEnBeqdyDuO3005d4yaZ2R2OAI8Q806DJSpcTMG8Nu3sm3 xXceiVb/k+sRzh0nJaSHSVkw2GRzElsm5i6b3yFndeVnXF9eDphrjTeV2MFvoTRl t2Ml6IiTu944yJlh/NOmdjQZ+Uc2I+REDbUimeCMJVuuVmtd9UNS5VesC5u1BHyb bDmrd+pazmEjGwWwvxTE4raN7o/st7ZV2uxcjl8/73b/lVy9wBR/J4sxltyWNnm8 PJKbn/J5t8+tqKHupVvOuj4L6GnsOe154oL7bbOmrAhkVBeqBSdUBe9eQNIH0ji3 YwUdyDb3Wy1SyVNvN69tTd+ICTyh7XQQWMUTqV3xgp6tNJ19FXPdv9K/E55n62kw alfIzLhRafLV7NzUbAgsY8iuC6b3YTd9EJM0mDuh8hlTWYRC7N8HEtyxe4hAhfuO wMy1sRXWAiTBIZRJKL8KgAiIf7GdyKOvhgfcoL3dEGe5lw2Z9DCHyRihMOWFo2/Q LsJTxV9grMWN4WJLAm0h9z6AVbIELpRp4HBiq95ndaWm7bZbj6tFCRXvQaMerPut kuXD3izfEVZvtCSs7i4HKPgZLRgFRd687yVYeTSx2nyhOIeKd+tTfmUjMEw06PaT 9p0+e+mVlJlCmWiFIwsu =nxck -----END PGP SIGNATURE----- _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/ By Date By Thread Current thread: APPLE-SA-2016-03-21-7 OS X Server 5.1 Apple Product Security (Mar 23)