Privacy and Legal Notice

DOE-CIRC INFORMATION BULLETIN

T-013: Mac OS X v10.5.5 and Security Update 2008-006

[HT3137]

October 15, 2008 21:00 GMT
PROBLEM: A heap buffer overflow exists in Apple Type Services' handling a PostScript font names. Viewing a document containing a maliciously crafted font may lead to arbitrary code execution.
PLATFORM: Mac OS X v10.4.11, v10.5 through v10.5.4
Mac OS X Server v10.4.11, v10.5 through v10.5.4
DAMAGE: Execution of arbritary code.
SOLUTION: Upgrade to the appropriate version.
VULNERABILITY
ASSESSMENT:		 The risk is MEDIUM. Viewing a document containing a maliciously crafted font may lead to arbritary code execution.
CVSS 2 BASE SCORE:
   TEMPORAL SCORE:
   VECTOR:		 6.8
5.6
(AV:N/AC:M/Au:N/C:P/I:P/A:P/E:F/RL:OF/RC:C)
LINKS:  
  DOE-CIRC BULLETIN: http://www.doecirc.energy.gov/bulletins/t-013.shtml
  ORIGINAL BULLETIN: http://support.apple.com/kb/HT3137
  CVE: CVE-2008-0314 CVE-2008-1100 CVE-2008-1382 CVE-2008-1387 CVE-2008-1447 CVE-2008-1483 CVE-2008-1657 CVE-2008-1833 CVE-2008-1835 CVE-2008-1836 CVE-2008-1837 CVE-2008-2305 CVE-2008-2312 CVE-2008-2327 CVE-2008-2329 CVE-2008-2330 CVE-2008-2331 CVE-2008-2332 CVE-2008-2376 CVE-2008-2713 CVE-2008-3215 CVE-2008-3608 CVE-2008-3609 CVE-2008-3610 CVE-2008-3611 CVE-2008-3613 CVE-2008-3614 CVE-2008-3616 CVE-2008-3617 CVE-2008-3618 CVE-2008-3619 CVE-2008-3621 CVE-2008-3622 
[***** Start HT3137 *****]

                   Please visit Apple's Web site to view their            
              Apple Security Update 20008-006 and Mac OS X 10.5.5                    			 
			      
				  http://support.apple.com/kb/HT3137


[***** End HT3137 *****]
DOE-CIRC wishes to acknowledge the contributions of Apple for the information contained in this bulletin.
DOE-CIRC can be contacted at: 
    Voice:          +1 866-941-2472 (7 x 24)
    E-mail:          doecirc@doecirc.energy.gov
    World Wide Web:  http://www.doecirc.energy.gov/