HMUG: Security Update 2010-001

Security Update 2010-001

(2010-01-19 04:52:43)

Apple has released Security Update 2010-001 for Mac OS X 10.5.8 Client/Server and Mac OS X 10.6.2. Security Update 2010-001 is now available and addresses the following:

CoreAudio (CVE-2010-0036: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.2, Mac OS X Server v10.6.2): Playing a maliciously crafted mp4 audio file may lead to an unexpected application termination or arbitrary code execution
CUPS (CVE-2009-3553: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.2, Mac OS X Server v10.6.2): A remote attacker may cause an unexpected application termination of cupsd
Flash Player plug-in (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800, CVE-2009-3951: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.2, Mac OS X Server v10.6.2): Multiple vulnerabilities in Adobe Flash Player plug-in
ImageIO (CVE-2009-2285: Mac OS X v10.5.8, Mac OS X Server v10.5.8): Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution
Image RAW (CVE-2010-0037: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.2, Mac OS X Server v10.6.2): Viewing a maliciously crafted DNG image may lead to an unexpected application termination or arbitrary code execution
OpenSSL (CVE-2009-3555: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.2, Mac OS X Server v10.6.2): An attacker with a privileged network position may capture data or change the operations performed in sessions protected by SSL