==================================================================== CERT-Renater Note d'Information No. 2017/VULN089 _____________________________________________________________________ DATE : 28/03/2017 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running macOS Server versions prior to 5.3. ===================================================================== https://lists.apple.com/archives/security-announce/2017/Mar/msg00008.html ____________________________________________________________________ APPLE-SA-2017-03-27-7 macOS Server 5.3 macOS Server 5.3 is now available and addresses the following: Profile Manager Available for: macOS 10.12.4 and later Impact: A remote user may be able to cause a denial-of-service Description: A crafted request may cause a global cache to grow indefinitely, leading to a denial-of-service. This was addressed by not caching unknown MIME types. CVE-2016-0751 Web Server Available for: macOS 10.12.4 and later Impact: A remote attacker may be able to cause a denial of service against the HTTP server via partial HTTP requests Description: This issue was addressed by adding mod_reqtimeout. CVE-2007-6750 Wiki Server Available for: macOS 10.12.4 and later Impact: A remote attacker may be able to enumerate users Description: An access issue was addressed through improved permissions checking. CVE-2017-2382: Maris Kocins of SEMTEXX LTD Installation note: macOS Server 5.3 may be obtained from the Mac App Store. Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ ========================================================== Serveur de référence du CERT-Renater https://services.renater.fr/ssi/ ========================================================== + CERT-RENATER | tel : 01-53-94-20-44 + + 23 - 25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email: cert@support.renater.fr + ==========================================================