Home / mailings

PDF

APPLE-SA-2014-09-17-6 OS X Server 2.2.3

Posted on 18 September 2014
Apple Security-announce

--===============0455385419==
Content-type: multipart/signed;
boundary="Apple-Mail=_39F16255-4FB9-46C0-984D-74E9FFAEFFC2";
protocol="application/pgp-signature"; micalg=pgp-sha1


--Apple-Mail=_39F16255-4FB9-46C0-984D-74E9FFAEFFC2
Content-Transfer-Encoding: 7bit
Content-Type: text/plain;
charset=us-ascii

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2014-09-17-6 OS X Server 2.2.3

OS X Server 2.2.3 is now available and addresses the following:

CoreCollaboration
Available for: OS X Mountain Lion v10.8.5
Impact: A remote attacker may be able to execute arbitrary SQL
queries
Description: A SQL injection issue existed in Wiki Server. This
issue was addressed through additional validation of SQL queries.
CVE-ID
CVE-2014-4424 : Sajjad Pourali (sajjad@securation.com) of CERT of
Ferdowsi University of Mashhad

OS X Server 2.2.3 may be obtained from the Mac App Store.

Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

 

TOP