Apple Security Update 2008-007
For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.
For information about the Apple Product Security PGP Key, see "How to use the Apple Product Security PGP Key."
Where possible, CVE IDs are used to reference the vulnerabilities for further information.
To learn about other Security Updates, see "Apple Security Updates."
Products Affected
Security, Mac OS X 10.4.11, Mac OS X 10.5.5
Security Update 2008-007
Apache
CVE-ID: CVE-2007-6420, CVE-2008-1678, CVE-2008-2364
Available for: Mac OS X v10.5.5, Mac OS X Server v10.5.5
Impact: Multiple vulnerabilities in Apache 2.2.8
Description: Apache is updated to version 2.2.9 to address several vulnerabilities, the most serious of which may lead to cross site request forgery. Apache version 2 is not bundled with Mac OS X Client systems prior to version 10.5. Apache version 2 is bundled with Mac OS X Server v10.4.x systems, but is not active by default. Further information is available via the Apache web site at http://httpd.apache.org/
Certificates
Impact: Root certificates have been updated
Description: Several trusted certificates were added to the list of system roots. Several existing certificates were updated to their most recent version. The complete list of recognized system roots may be viewed via the Keychain Access application.
System requirements:
Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.5, Mac OS X Server v10.5.5
System support:
PPC/Intel
For more information, visit:
http://support.apple.com/kb/HT3216
| 
| 
| 
| 
| 
| 
| 
|
|
|
|
| |