=====================================================================
                                   CERT-Renater

                        Note d'Information No. 2010/VULN456
_____________________________________________________________________

DATE                      : 16/11/2010

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running Mac OS X Server versions 10.6.x
                                          up to and including 10.6.5.

======================================================================
http://support.apple.com/kb/HT4452
______________________________________________________________________

APPLE-SA-2010-11-15-1 Mac OS X Server v10.6.5 (10H575)

Mac OS X Server v10.6.5 (10H575) is now available and addresses the
following:

Dovecot
CVE-ID:  CVE-2010-4011
Available for:  Mac OS X Server v10.6 through v10.6.5 (10H574)
Impact:  A user may receive mail intended for other users
Description:  A memory aliasing issue in Dovecot's handling of user
names exists in Mac OS X Server v10.6.5 (10H574). On systems
configured with Dovecot as a mail server, a user may receive mail
that was intended for other users. This issue is addressed through
improved memory management. Dovecot is only provided with Mac OS X
Server systems. This issue only affects systems running Mac OS X
Server v10.6.5 (10H574). This issue does not affect the Dovecot open
source project.


Mac OS X Server v10.6.5 (10H575) may be obtained from
the Software Update pane in System Preferences, or Apple's Software
Downloads web site:
http://www.apple.com/support/downloads/

For Mac OS X v10.6.4 - v 10.6.5 (10H574)
The download file is named: MacOSXServerUpd10.6.5.dmg
Its SHA-1 digest is: 0688ed0f2b17e3fdce3147d442dcd4beb5ffc002

For Mac OS X v10.6 - v10.6.3
The download file is named: MacOSXServerUpdCombo10.6.5.dmg
Its SHA-1 digest is: f3d57085b455c4830e7b5e97ea63b0a81722e5f3

The build number after installing this update is 10H575 or later.

Mac OS X Server v10.6.5 (10H575) contains all security fixes
released in Mac OS X Server v10.6.5 (10H574) on November 10, 2010.

Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

======================================================================

          =========================================================
          Les serveurs de référence du CERT-Renater
          http://www.urec.fr/securite
          http://www.cru.fr/securite
          http://www.renater.fr
          =========================================================
          + CERT-RENATER          | tel : 01-53-94-20-44          +
          + 23 - 25 Rue Daviel    | fax : 01-53-94-20-41          +
          + 75013 Paris           | email: certsvp@renater.fr     +
          =========================================================