=====================================================================
                                  CERT-Renater

                       Note d'Information No. 2002/VULN355
_____________________________________________________________________

DATE                      : 20/12/2002

HARDWARE PLATFORM(S)      : APPLE

OPERATING SYSTEM(S)       : Mac OS X 10.2.3

======================================================================

APPLE-SA-2002-12-19 Mac OS X 10.2.3

Mac OS X 10.2.3 Software Update is now available.  It contains fixes for
the
following potential security issues:

*  fetchmail:  Fixes CAN-2002-1174 and CAN-2002-1175 which could lead
to a potential denial of service when using the fetchmail command-line
tool.
fetchmail is updated to version 6.1.2+IMAP-GSS+SSL+INET6

*  CUPS:  Provides fixes for the following potential issues that could be
exploited remotely when Printer Sharing is enabled.  Printer Sharing is
not enabled by default on Mac OS X or Mac OS X Server.
          CAN-2002-1383:  Multiple Integer Overflows
          CAN-2002-1366:  /etc/cups/certs/ Race Condition
          CAN-2002-1367:  Adding Printers with UDP Packets
          CAN-2002-1368:  Negative Length Memcpy() Calls
          CAN-2002-1384:  Integer Overflows in pdftops Filter and Xpdf
          CAN-2002-1369:  Unsafe Strncat Function Call in jobs.c
          CAN-2002-1370:  Root Certificate Design Flaw
          CAN-2002-1371:  Zero Width Images in filters/image-gif.c
          CAN-2002-1372:  File Descriptor Resource Leaks

In addition, Mac OS X 10.2.3 provides the following enhanced security
features:

*  Random initialization of TCP Timestamp:  This enhancement was submitted
by
Aaron Linville through the Darwin open source program.  It prevents a
remote entity
from discovering how long a machine has been up based on the ID in the TCP
packets.

*  Disk Utility now provides the option to zero data on the disk,
providing an
additional method for securing information.

Mac OS X 10.2.3 Software Update may be obtained from:

    * Software Update pane in System Preferences

       - OR -

    * Apple's Software Downloads web site:
        Updating from Mac OS X 10.2:
          http://www.info.apple.com/kbnum/n120164
          The download file is named:  "MacOSXUpdateCombo10.2.3.dmg"
          Its SHA-1 digest is:  46df611279b9981425be2cff23c3b3ed868d1809

        Updating from Mac OS X 10.2.2:
          http://www.info.apple.com/kbnum/n120165
          The download file is named:  "MacOSXUpdate10.2.3.dmg"
          Its SHA-1 digest is:  a51ed65311ad59879db7e728779e9cd4084057b5

Information will also be posted to the Apple Support web site:
http://docs.info.apple.com/article.html?artnum=61798

This message is signed with Apple's Product Security PGP key, and
details are available at:
http://www.apple.com/support/security/security_pgp.html

======================================================================

         =========================================================
         Les serveurs de référence du CERT-Renater
         http://www.urec.fr/securite
         http://www.cru.fr/securite
         http://www.renater.fr
	=========================================================
	+ CERT-RENATER		| tel : 01-53-94-20-44		+
	+ 151 bd de l'Hopital	| fax : 01-53-94-20-41		+
	+ 75013 Paris		| email: certsvp@renater.fr	+
	=========================================================