Home / mailings

PDF

APPLE-SA-2014-10-16-4 OS X Server v3.2.2

Posted on 17 October 2014
Apple Security-announce

--===============1262493720==
Content-type: multipart/signed;
boundary="Apple-Mail=_947BA3BC-F7B1-4009-8A78-8C214FA20BC4";
protocol="application/pgp-signature"; micalg=pgp-sha1


--Apple-Mail=_947BA3BC-F7B1-4009-8A78-8C214FA20BC4
Content-Transfer-Encoding: 7bit
Content-Type: text/plain;
charset=us-ascii

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2014-10-16-4 OS X Server v3.2.2

OS X Server v3.2.2 is now available and addresses the following:

Server
Available for: OS X Mavericks v10.9.5 or later
Impact: An attacker may be able to decrypt data protected by SSL
Description: There are known attacks on the confidentiality of SSL
3.0 when a cipher suite uses a block cipher in CBC mode. An attacker
could force the use of SSL 3.0, even when the server would support a
better TLS version, by blocking TLS 1.0 and higher connection
attempts. This issue was addressed by disabling SSL 3.0 support in
Web Server, Calendar & Contacts Server, and Remote Administration.
CVE-ID
CVE-2014-3566 : Bodo Moeller, Thai Duong, and Krzysztof Kotowicz of
Google Security Team


OS X Server v3.2.2 may be obtained from the Mac App Store.

Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

 

TOP