[MACEP] New at ftp.mesd--Security Update 2006-004

[John Bromley]

The following files are new or updated in the /pub/mac directory of  
the FTP server located at:
  ftp://ftp.mesd.k12.or.us/pub/mac/.

Security Update 2006-004
	ftp://ftp.mesd.k12.or.us:21//pub/mac/SecUpd2006004Intel.dmg
	ftp://ftp.mesd.k12.or.us:21//pub/mac/SecUpd2006004Pan.dmg
	ftp://ftp.mesd.k12.or.us:21//pub/mac/SecUpd2006004Ti.dmg

Apple's new Security Update 2006-004 addresses a variety of  
vulnerabilities:
Enhancements in this release

Of most interest to general end-users:

a fix that prevents maliciously crafted Zip archives from causing  
condition where arbitrary code can be execute. In other words, prior  
to Security Update 2006-004 you could download a specially crafted  
file ending in .zip from a Web site or other location, and it could  
trigger the execution of malicious code.
a fix that disallows maliciously crafted Canon RAW images from  
creating a buffer overflow, potentially leading to arbitrary code  
execution. Prior to Security Update 2006-004, you could download or  
otherwise receive a Canon RAW file that could allow execution of  
malicious code on your system.
similar to the above, a fix that prevents maliciously crafted GIF  
images from causing an integer overflow, potentially leading to  
arbitrary code execution.
new download validation that will catch certain HTML files defined by  
Safari as "safe" that may actually contain malicious JavaScript code.  
After applying Security Update 2006-004, these files will not be  
automatically opened.
Protection against maliciously crafted HTML documents that can also  
open the door for arbitrary code execution by accessing deallocated  
objects.



-- 
John Bromley
(503) 668-3332

"Even if you're on the right track, you'll get run over if you just  
sit there." -----  Will Rogers



-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mesd.k12.or.us/pipermail/macep/attachments/20060807/320a6b46/attachment.html