Apple on Tuesday posted Security Update 2005-005, a patch intended for Mac OS X v10.3.9 and Mac OS X Server v10.3.9. The software is available for download through the Software Update system preference and from Apple’s Web site.
The new security update contains updates to the following components and others:
Apache
Apple has corrected a buffer overflow problem in htdigest that result in a remote system compromise.
AppKit
Apple has posted fixes for AppKit associated with malformed TIFF images.
AppleScript
A fix has been made for the way that AppleScript’s URI mechanism displays code.
Bluetooth
This update makes changes to how Bluetooth file exchange is handled in order to improve security. It also enhances filtering for path-delimiting characters.
Finder
The Finder has been updated with improved handling of .DS_Store files.
Help Viewer
Help Viewer could be used to run Javascript without the normally imposed restrictions; this update corrects that.
Terminal
Malicious content could inject data when displayed in a Terminal session. The issue has been corrected.
VPN
A buffer overflow in “vpnd” could be used by a local user to obtain root privileges if the system is configured as a VPN server. This update prevents the buffer overflow from occurring.
More details about all these and the other changes made in this release can be read at Apple’s Web site.