Notified: September 17, 2003 Updated: September 25, 2003
Mac OS X 10.2.8 contains the patches to address CVE CAN-2003-0694 and CAN-2003-0681 to fix a buffer overflow in address parsing, as well as a potential buffer overflow in ruleset parsing. Mac OS X 10.2.8 is available as a free update for customers running Mac OS X 10.2.x. It is available from: Mac OS X Client (updating from 10.2 - 10.2.5): http://www.info.apple.com/kbnum/n120244 Mac OS X Client (updating from 10.2.6 - 10.2.7): http://www.info.apple.com/kbnum/n120245 Mac OS X Server (updating from 10.2 - 10.2.5): http://www.info.apple.com/kbnum/n120246 Mac OS X Server (updating from 10.2.6 - 10.2.7): http://www.info.apple.com/kbnum/n120247
The vendor has not provided us with any further information regarding this vulnerability.
See also: APPLE-SA-2003-09-22.