[MACEP] New at ftp.mesd--Security Update 2007-006

John Bromley the.bromleys at verizon.net
Sat Jun 23 14:51:05 PDT 2007 

The following files are new or updated in the /pub/mac directory of  
the FTP server located at:
  ftp://ftp.mesd.k12.or.us/pub/mac/.

Security Update 2007-006
ftp://ftp.mesd.k12.or.us:21//pub/mac/SecUpd2007006Ti.dmg		for Tiger  
PPC (OS 10.4.9 or later)
ftp://ftp.mesd.k12.or.us:21//pub/mac/SecUpd2007006Univ.dmg	for Intel  
Mac OS.10.4.9 & Server 10.4.9 (Universal)
ftp://ftp.mesd.k12.or.us:21//pub/mac/SecUpd2007006Pan.dmg	for Panther  
PPC (OS 10.3.9)

Security Update 2007-006 is recommended for all users and improves  
the security of the following component:

WebCore
CVE-ID: CVE-2007-2401
Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X  
v10.4.9 or later, Mac OS X Server v10.4.9 or later

Impact: Visiting a malicious website may allow cross-site requests

Description: An HTTP injection issue exists in XMLHttpRequest when  
serializing headers into an HTTP request. By enticing a user to visit  
a maliciously crafted web page, an attacker could conduct cross-site  
scripting attacks. This update addresses the issue by performing  
additional validation of header parameters. Credit to Richard Moore  
of Westpoint Ltd. for reporting this issue.

WebKit
CVE-ID: CVE-2007-2399
Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X  
v10.4.9 or later, Mac OS X Server v10.4.9 or later

Impact: Visiting a maliciously crafted website may lead to an  
unexpected application termination or arbitrary code execution

Description: An invalid type conversion when rendering frame sets  
could lead to memory corruption. Visiting a maliciously crafted web  
page may lead to an unexpected application termination or arbitrary  
code execution. Credit to Rhys Kidd of Westnet for reporting this issue.






-- 
John Bromley
(503) 668-3332

"Even if you're on the right track, you'll get run over if you just  
sit there." -----  Will Rogers



-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mesd.k12.or.us/pipermail/macep/attachments/20070623/03e0849c/attachment.html

More information about the MACEP mailing list