APPLE-SA-2015-04-24-1 OS X Server v4.1

Fabricante: Apple
Fecha: 25/04/2015
Identificador: APPLE-SA-2015-04-24-1
APPLE-SA-2015-04-24-1 OS X Server v4.1
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2015-04-24-1 OS X Server v4.1 OS X Server v4.1 is now available and addresses the following: Dovecot Available for: OS X Yosemite v10.10 or later Impact: An attacker may be able to decrypt data protected by SSL Description: There are known attacks on the confidentiality of SSL 3.0 when a cipher suite uses a block cipher in CBC mode. An attacker could force the use of SSL 3.0, even when the server would support a better TLS version, by blocking TLS 1.0 and higher connection attempts. This issue was addressed by disabling SSL 3.0 support in Dovecot. CVE-ID CVE-2014-3566 Firewall Available for: OS X Yosemite v10.10 or later Impact: Custom firewall rules may not be enforced Description: An incorrect path was referenced in the firewall configuration files. This issue was addressed by correcting the path to point to the correct configuration file. CVE-ID CVE-2015-1150 : Phil Schumm of the Research Computing Group, University of Chicago Postfix Available for: OS X Yosemite v10.10 or later Impact: An attacker may be able to decrypt data protected by SSL Description: There are known attacks on the confidentiality of SSL 3.0 when a cipher suite uses a block cipher in CBC mode. An attacker could force the use of SSL 3.0, even when the server would support a better TLS version, by blocking TLS 1.0 and higher connection attempts. This issue was addressed by disabling SSL 3.0 support in Postfix. CVE-ID CVE-2014-3566 Wiki Server Available for: OS X Yosemite v10.10 or later Impact: Access controls may not be enforced on mobile devices Description: Access controls for the Activity and People wiki pages were not enforced on iPad clients. This issue was addressed by improving access control verification. CVE-ID CVE-2015-1151 OS X Server v4.1 may be obtained from the Mac App Store. Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIcBAEBAgAGBQJVOto4AAoJEBcWfLTuOo7tQgAP/j+6Sm5O9t4BMxCcn0Tg69Sp e5IkAioYRWkikHuhPgLXgn9vtwNprKYCqbhxseDAHSxqOFfcSlxf59ncc/Ge8fIS rRCGENY9PDBcfZbeufi6mNfhmPdQ8u+9oc1mgY9kNHrny96TuNzJlrro3qii20S4 Kp/dJjFAD3mYqM+4LeUsk/+zlGC5F13DlRrp7EQBc26MvyEtJfyYiytjK/P3vfmN bgA7n4RypERmogswT8yZwpEBqTn12tNYgwQMHhvleS1w4//TFnmgmPUlEP9OjVl4 5LpxleIhGa5ed/iWEU1vLSJ+hORgZZt0z9Gu51mud5QRMFy2ElySOb+d+QSSrAC6 QVvd5gFHWfQNh7r+GK31ACNLOCxzJ/sAcD7CYWKAm8XrKB+cL4/JUVeeK6ytF2p9 cKyqn1JraGKNJKyJ1QfCQApeaZTzPiOW8LrtIpQTJhuRu0HP0OqdZTBdIEmknGPh xBjx46FrfxoUl6xKCuk59ciwWcHPOgySyWcUaufkIUv9X73/nMz45FXakaHUSvHz cvdHVxJ1hHsCFPn113uXpBBMc46Fj+8a2A/Po6Hkn6a/2kYA6EPLqf9+Zpxjfm1o ImXeYwQuqE4ZxCNV4Ld0/aw8abHk2UbKEpb4Ksbir0pBOc17QhV0PMmSve7qwlbv BGtRTntDKK+qhJ/s12j2 =mqvD -----END PGP SIGNATURE-----