[Macpartners] Security Update 2004-01-26

Tue Jan 27 01:03:07 EST 2004

Apple released Security Update 2004-01-26 yesterday. It's available 
using Software Update and as a stand alone download from www.apple.com 
(see specific URLs below) for Mac OS X 10.3.2, 10.2.8 and 10.1.5.

The security updates are important for every Mac OS X users to apply; 
however, you should take some precautions before applying this update 
to increase the likelihood of a successful update:

  -- you may wish to wait a few days before applying this update while 
monitoring web sites such as MacInTouch and MacFixIt to see if other 
users experience problems that you may encounter
  -- test it on a non-production machine first
  -- verify that you have a _current backup_ before applying the update
  -- run Disk Utility > Repair Disk from a Mac OS X install CD to ensure 
there aren't drive issues _before_ installing the update
  -- run Disk Utility > Repair Permissions _after_ you install the update
  -- be cautious if you have applications that install kernel extensions 
(i.e. Norton AntiVirus, which is unsupported by IS&T) or otherwise make 
low-level modifications to the system

Although Mac OS X 10.3 isn't currently supported by IS&T, you can use 
self-support resources such as the Mac Partners list or 
macosx-help at mit.edu if you encounter problems.

   -- Al

______________________________
Albert Willis
Macintosh Platform Coordinator
Software Release Team
MIT Information Services & Technology

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2004-01-26 Security Update 2004-01-26

Security Update 2004-01-26 is now available.  It contains security
enhancements for the following:

AFP Server:  Improves AFP over the 2003-12-19 security update.

Apache 1.3: Fixes CAN-2003-0542, a buffer overflow in the mod_alias
     and mod_rewrite modules of the Apache webserver.

Apache 2: Fixes CAN-2003-0542 and CAN-2003-0789 by updating Apache
     2.0.47 to 2.0.48. Installed only on Server systems.

Classic:  Fixes CAN-2004-0089 to improve the handling of environment
     variables.  Credit to Dave G. of @stake for reporting this issue.

Mail:  Fixes CAN-2004-0085 and CAN-2004-0086 to deliver security
     enhancements to Apple's mail application.  Credit to Jim Roepcke
     for reporting CAN-2004-0086.

Safari:  Fixes CAN-2004-0092 by delivering security enhancements to
     the Safari web browser.

System Configuration: Fixes CAN-2004-0087 and CAN-2004-0088 where the
     SystemConfiguration subsystem allowed remote non-admin users to
     change network setting and make configuration changes to configd.
     Credit to Dave G. from @stake for reporting these issues.

Windows File Sharing: Fixes CAN-2004-0090 where Windows file sharing
     did not shutdown properly.

================================================

Security Update 2004-01-26 is available for the following systems:
    -  Mac OS X 10.1.5 "Puma" and Mac OS X Server 10.1.5
    -  Mac OS X 10.2.8 "Jaguar" and Mac OS X Server 10.2.8
    -  Mac OS X 10.3.2 "Panther" and Mac OS X Server 10.3.2

The Security Updates web page indicates which fixes are available for
each system, as not all issues apply to each system.  Security Update
2003-12-19 has been incorporated into this security update for the
Jaguar and Panther systems.

================================================

Security Update 2004-01-26 may be obtained from:

   * Software Update pane in System Preferences

   * Apple's Software Downloads web site:

     Mac OS X 10.3.2 Client
     ======================
     http://www.info.apple.com/kbnum/n120301
     The download file is named: "SecurityUpd2004-01-26Pan.dmg"
     Its SHA-1 digest is: 8977b3420a6343d53b79f23c409a601d269d87a4

     Mac OS X 10.3.2 Server
     ======================
     http://www.info.apple.com/kbnum/n120300
     The download file is named: "SecUpdSrvr2004-01-26Pan.dmg"
     Its SHA-1 digest is: 15bfa92c439c6fee1e690703359778cefabf58d7

     Mac OS X 10.2.8 Client
     ======================
     http://www.info.apple.com/kbnum/n120302
     The download file is named: "SecurityUpd2004-01-26Jag.dmg"
     Its SHA-1 digest is: 365401ca71387a45a34ecab5ec7278b62e3089b3

     Mac OS X 10.2.8 Server
     ======================
     http://www.info.apple.com/kbnum/n120304
     The download file is named: "SecUpdSrvr2004-01-26Jag.dmg"
     Its SHA-1 digest is: 605578cbf0d6005ee5f6b474026b908e47175268

     Mac OS X 10.1.5 Client and Server
     =================================
     http://www.info.apple.com/kbnum/n120303
     The download file is named: "SecurityUpd2004-01-26P.dmg"
     Its SHA-1 digest is: 7c7f55d675a19957bce3c5aeaa985652a8c59d7b

Information will also be posted to the Apple Product Security web site:
http://www.apple.com/support/security/security_updates.html

This message is signed with Apple's Product Security PGP key, and 
details are available at:
http://www.apple.com/support/security/security_pgp.html

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.2

iQEVAwUBQBWwCneI0z6bzFr0AQJq2gf9EnXdvmQv32/FEQ7oD2SMr1CRURt8obxD
/71SE+DFNS07eO8UzExNRy490hkTb8sXEpp9jeDu7hTR00ZH4FpzDX0Ydn5x/LGJ
b/wG2w9WgjVjdBKhykANAb8Pomnrm8sTzQvpfXyQmHr9q7Qt5Idcs7pjaU3UK2J4
gAhe48cBdxktBgjktoNHpZ13oF24yVUi4D0PDEdiab4ZDjJu16sox72+1Us/4cEI
xG5womXWxNXV9iF4wQeubEmsgOG+xKA++wY0At204AyR4i2UCPkynZIB7VvJh+nV
js+l4Ry02jtC+Nj50np3mPRvmLZiaC+zJeB8Vdap7m3yKTwLZ8gpFw==
=2ecE
-----END PGP SIGNATURE-----