Apple Computer Inc. Information for VU#757612
Apache Portable Runtime contains heap buffer overflow in apr_psprintf()
- Vendor Information Help Date Notified: 12 Jun 2003
- Statement Date:
- Date Updated: 24 Jun 2003
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
-----BEGIN PGP SIGNED MESSAGE-----
APPLE-SA-2003-06-12 Security Update 2003-06-12 Apache 2
Security Update 2003-06-12 is now available. It contains fixes for
following potential security issues for Mac OS X Server. Mac OS X
client does not contain the issues being addressed by this software
Apache 2.0: Fixes CAN-2003-0245 by updating Apache 2.0.45 to 2.0.46
address a security hole in the mod_dav module that could be exploited
remotely causing an Apache Web server process to crash. Apache 1.3
unaffected and is the primary web server on Mac OS X Server. Apache
2.0 is installed with Mac OS X Server, but off by default.
dsimportexport: Fixes CAN-2003-0420 where a logged-in user could
potentially view the name and password of the account running the
Security Update 2003-06-12 may be obtained from:
* Software Update pane in System Preferences
- OR -
* Apple's Software Downloads web site:
The download file is named: "SecurityUpd2003-06-12.dmg"
Its SHA-1 digest is: 1f8e101111ae059ebd6eaf91b69267808517b4a1
Information is also posted to the Apple Support web site:
This message is signed with Apple's Product Security PGP key, and
details are available at:
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.2
-----END PGP SIGNATURE-----
If you have feedback, comments, or additional information about this vulnerability, please send us email.