Home / mailings APPLE-SA-2014-09-17-5 OS X Server 3.2.1
Posted on 18 September 2014
Apple Security-announce--===============0693056246==
Content-type: multipart/signed;
boundary="Apple-Mail=_5A09967B-411E-45A0-B8A4-87EEE64311AD";
protocol="application/pgp-signature"; micalg=pgp-sha1
--Apple-Mail=_5A09967B-411E-45A0-B8A4-87EEE64311AD
Content-Transfer-Encoding: 7bit
Content-Type: text/plain;
charset=us-ascii
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2014-09-17-5 OS X Server 3.2.1
OS X Server 3.2.1 is now available and addresses the following:
CoreCollaboration
Available for: OS X Mavericks v10.9.5 or later
Impact: A remote attacker may be able to execute arbitrary SQL
queries
Description: A SQL injection issue existed in Wiki Server. This
issue was addressed through additional validation of SQL queries.
CVE-ID
CVE-2014-4424 : Sajjad Pourali (sajjad@securation.com) of CERT of
Ferdowsi University of Mashhad
CoreCollaboration
Available for: OS X Mavericks v10.9.5 or later
Impact: Visiting a maliciously crafted website may lead to the
execution of arbitrary JavaScript
Description: A cross-site scripting issue existed in Xcode Server.
This issue was addressed through improved encoding of HTML output.
CVE-ID
CVE-2014-4406 : David Hoyt of Hoyt LLC
CoreCollaboration
Available for: OS X Mavericks v10.9.5 or later
Impact: Multiple vulnerabilities in PostgreSQL, the most serious of
which may lead to arbitrary code execution
Description: Multiple vulnerabilities existed in PostgreSQL. This
issue was addressed by updating PostgreSQL to version 9.2.7.
CVE-ID
CVE-2014-0060
CVE-2014-0061
CVE-2014-0062
CVE-2014-0063
CVE-2014-0064
CVE-2014-0065
CVE-2014-0066
OS X Server 3.2.1 may be obtained from the Mac App Store.
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
