Apple posts Security Update 2005-005 for Panther

Apple on Tuesday posted Security Update 2005-005, a patch intended for Mac OS X v10.3.9 and Mac OS X Server v10.3.9. The software is available for download through the Software Update system preference and from Apple's Web site.

The new security update contains updates to the following components and others:

Apache

Apple has corrected a buffer overflow problem in htdigest that result in a remote system compromise.

AppKit

Apple has posted fixes for AppKit associated with malformed TIFF images.

AppleScript

A fix has been made for the way that AppleScript's URI mechanism displays code.

Bluetooth

This update makes changes to how Bluetooth file exchange is handled in order to improve security. It also enhances filtering for path-delimiting characters.

Finder

The Finder has been updated with improved handling of .DS_Store files.

Help Viewer

Help Viewer could be used to run Javascript without the normally imposed restrictions; this update corrects that.

Terminal

Malicious content could inject data when displayed in a Terminal session. The issue has been corrected.

VPN

A buffer overflow in "vpnd" could be used by a local user to obtain root privileges if the system is configured as a VPN server. This update prevents the buffer overflow from occurring.

More details about all these and the other changes made in this release can be read at Apple's Web site.