--- begin forwarded text
Status: RO
Delivered-To: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
From: Fearghas McKay <[EMAIL PROTECTED]>
Subject: [Mac_crypto] "Security Update 2002-08-02 for OpenSSL, Sun RPC,
mod_ssl" does
not verify
Sender: [EMAIL PROTECTED]
Date: Sat, 3 Aug 2002 08:38:50 +0100
**A verification of this security announcement mail fails**
The key is signed by Vinnie Moscaritolo - [EMAIL PROTECTED] which is a good
thing even if Vinnie is no longer at Apple ( which is a bad thing ), it is
also signed by someone who does not appear on any of the public keyservers
that I can find which is a bit disappointing.
Verified version is at the bottom.
f
--- begin forwarded text
Subject: Security Update 2002-08-02 for OpenSSL, Sun RPC, mod_ssl
From: Product Security <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Sender: [EMAIL PROTECTED]
X-BeenThere: [EMAIL PROTECTED]
X-Mailman-Version: 2.0.8
List-Unsubscribe:
<http://www.lists.apple.com/mailman/listinfo/security-announce>,
<mailto:[EMAIL PROTECTED]?subject=unsubscribe>
List-Id: Product security notifications and announcements from Apple
<security-announce.lists.apple.com>
List-Post: <mailto:[EMAIL PROTECTED]>
List-Help: <mailto:[EMAIL PROTECTED]?subject=help>
List-Subscribe:
<http://www.lists.apple.com/mailman/listinfo/security-announce>,
<mailto:[EMAIL PROTECTED]?subject=subscribe>
List-Archive: <http://www.lists.apple.com/archives/security-announce/>
Date: Fri, 2 Aug 2002 15:45:34 -0700
-----BEGIN PGP SIGNED MESSAGE-----
Security Update 2002-08-02 is now available. It contains fixes for
recent
vulnerabilities in:
OpenSSL: Fixes security vulnerabilities CAN-2002-0656,
CAN-2002-0657,
CAN-2002-0655, and CAN-2002-0659. Details are available via:
http://www.cert.org/advisories/CA-2002-23.html
mod_ssl: Fixes CAN-2002-0653, an off-by-one buffer overflow in the
mod_ssl Apache module. Details are available via:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0653
Sun RPC: Fixes CAN-2002-039, a buffer overflow in the Sun RPC XDR
decoder.
Details are available via:
http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=20823
Affected systems: Mac OS X client and Mac OS X Server
Note: Mac OS X client is configured by default to have these services
turned
off, and is only vulnerable if the user has enabled network services
which rely
on the affected components. It is still recommended for Mac OS X
client users
to apply this security update to their system.
System requirements: Mac OS X 10.1.5
Security Update 2002-08-02 may be obtained from:
* Software Update pane in System Preferences
* Apple's Software Downloads web site:
http://docs.info.apple.com/article.html?artnum=120139
SSL server:
https://depot.info.apple.com/security/129403bc5e184e3b7367.html
To help verify the integrity of Security Update 2002-08-02 from the
Software Downloads web site:
The download file is titled: SecurityUpd2002-08-02.dmg
Its SHA-1 digest is: 54f6eebe0398181db8f1129403bc5e184e3b7367
Information will also be posted to the Apple Product Security web site:
http://www.apple.com/support/security/security_updates.html
This message is signed with Apple's Product Security PGP key, and
details are available at:
http://www.apple.com/support/security/security_pgp.html
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.3
iQEVAwUBPUsLOiFlYNdE6F9oAQGAigf+JV+lazuko1g4oZSNFTd2puXCtOGQ0M8c
2cZ/BdaEBA8jLGrPkhWuvmMwpN9z6G9chnN8s9EXiavcBG5e/ejtTo3ZHoOGP7bg
789zLQLK2JTB75nc0fNyx2CdfHlEIM00v8c2jXySLlnqF+kzwqVnjUL7i2O97Fk5
tWXLc2dWK2Nf2SUk0/yLgfjceZKEPCPXTpuKYuah/w9NwzL+LsbPcfXA/H1f4ngc
vRPc2sn2HYu9IJw/BrMEsDlS8IWHf6ozXdZ9qaVCVRrZlsd9gSSmB2Jba4be/MRX
FauTTepMF9+JfCkx+2wtpwWhBcXoJnjwIZXOXwbbRjqXHmzzgu8D/Q==
=fdGO
-----END PGP SIGNATURE-----
_______________________________________________
security-announce mailing list | [EMAIL PROTECTED]
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/security-announce
Do not post admin requests to the list. They will be ignored.
--- end forwarded text
Verified version with verification failure
---
Subject: Security Update 2002-08-02 for OpenSSL, Sun RPC, mod_ssl
From: Product Security <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Sender: [EMAIL PROTECTED]
X-BeenThere: [EMAIL PROTECTED]
X-Mailman-Version: 2.0.8
List-Unsubscribe:
<http://www.lists.apple.com/mailman/listinfo/security-announce>,
<mailto:[EMAIL PROTECTED]?subject=unsubscribe>
List-Id: Product security notifications and announcements from Apple
<security-announce.lists.apple.com>
List-Post: <mailto:[EMAIL PROTECTED]>
List-Help: <mailto:[EMAIL PROTECTED]?subject=help>
List-Subscribe:
<http://www.lists.apple.com/mailman/listinfo/security-announce>,
<mailto:[EMAIL PROTECTED]?subject=subscribe>
List-Archive: <http://www.lists.apple.com/archives/security-announce/>
Date: Fri, 2 Aug 2002 15:45:34 -0700
*** PGP SIGNATURE VERIFICATION ***
*** Status: Bad Signature
*** Alert: Signature did not verify. Message has been altered.
*** Signer: Apple Product Security <[EMAIL PROTECTED]> (0x44E85F68)
*** Signed: 08/02/2002 11:44:10 PM
*** Verified: 08/03/2002 08:34:01 AM
*** BEGIN PGP VERIFIED MESSAGE ***
Security Update 2002-08-02 is now available. It contains fixes for
recent
vulnerabilities in:
OpenSSL: Fixes security vulnerabilities CAN-2002-0656,
CAN-2002-0657,
CAN-2002-0655, and CAN-2002-0659. Details are available via:
http://www.cert.org/advisories/CA-2002-23.html
mod_ssl: Fixes CAN-2002-0653, an off-by-one buffer overflow in the
mod_ssl Apache module. Details are available via:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0653
Sun RPC: Fixes CAN-2002-039, a buffer overflow in the Sun RPC XDR
decoder.
Details are available via:
http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=20823
Affected systems: Mac OS X client and Mac OS X Server
Note: Mac OS X client is configured by default to have these services
turned
off, and is only vulnerable if the user has enabled network services
which rely
on the affected components. It is still recommended for Mac OS X
client users
to apply this security update to their system.
System requirements: Mac OS X 10.1.5
Security Update 2002-08-02 may be obtained from:
* Software Update pane in System Preferences
* Apple's Software Downloads web site:
http://docs.info.apple.com/article.html?artnum=120139
SSL server:
https://depot.info.apple.com/security/129403bc5e184e3b7367.html
To help verify the integrity of Security Update 2002-08-02 from the
Software Downloads web site:
The download file is titled: SecurityUpd2002-08-02.dmg
Its SHA-1 digest is: 54f6eebe0398181db8f1129403bc5e184e3b7367
Information will also be posted to the Apple Product Security web site:
http://www.apple.com/support/security/security_updates.html
This message is signed with Apple's Product Security PGP key, and
details are available at:
http://www.apple.com/support/security/security_pgp.html
*** END PGP VERIFIED MESSAGE ***
_______________________________________________
security-announce mailing list | [EMAIL PROTECTED]
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/security-announce
Do not post admin requests to the list. They will be ignored.
---
_______________________________________________
mac_crypto mailing list
[EMAIL PROTECTED]
http://www.vmeng.com/mailman/listinfo/mac_crypto
--- end forwarded text
--
-----------------
R. A. Hettinga <mailto: [EMAIL PROTECTED]>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
