===================================================================== CERT-Renater Note d'Information No. 2014/VULN195 _____________________________________________________________________ DATE : 18/09/2014 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Mac OS X Mavericks version 10.9.5 or later running Mac OS X Server versions prior to 3.2.1. ====================================================================== http://support.apple.com/kb/HT1222 ______________________________________________________________________ APPLE-SA-2014-09-17-5 OS X Server 3.2.1 OS X Server 3.2.1 is now available and addresses the following: CoreCollaboration Available for: OS X Mavericks v10.9.5 or later Impact: A remote attacker may be able to execute arbitrary SQL queries Description: A SQL injection issue existed in Wiki Server. This issue was addressed through additional validation of SQL queries. CVE-ID CVE-2014-4424 : Sajjad Pourali (sajjad@securation.com) of CERT of Ferdowsi University of Mashhad CoreCollaboration Available for: OS X Mavericks v10.9.5 or later Impact: Visiting a maliciously crafted website may lead to the execution of arbitrary JavaScript Description: A cross-site scripting issue existed in Xcode Server. This issue was addressed through improved encoding of HTML output. CVE-ID CVE-2014-4406 : David Hoyt of Hoyt LLC CoreCollaboration Available for: OS X Mavericks v10.9.5 or later Impact: Multiple vulnerabilities in PostgreSQL, the most serious of which may lead to arbitrary code execution Description: Multiple vulnerabilities existed in PostgreSQL. This issue was addressed by updating PostgreSQL to version 9.2.7. CVE-ID CVE-2014-0060 CVE-2014-0061 CVE-2014-0062 CVE-2014-0063 CVE-2014-0064 CVE-2014-0065 CVE-2014-0066 OS X Server 3.2.1 may be obtained from the Mac App Store. Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ ========================================================= Serveur de référence du CERT-Renater https://services.renater.fr/ssi/ ========================================================== + CERT-RENATER | tel : 01-53-94-20-44 + + 23 - 25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email: cert@support.renater.fr + ==========================================================