Apple has released Security Update 2004-05-03 for Mac OS X via the Software Update utility. The update offers several improvements to security, with updates made to AFP Server, CoreFoundation and IPSec. The update includes the improvements implemented with the previous security release. It is available for Jaguar and Panther users as well as for both client and server versions.
- CoreFoundation: Fixes CAN-2004-0428 to improve the handling of an environment variable. Credit to aaron@vtty.com for reporting this issue.
- Apache 2: Fixes CAN-2003-0020, CAN-2004-0113 and CAN-2004-0174 by updating to Apache 2 to version 2.0.49.
- RAdmin: Fixes CAN-2004-0429 to improve the handling of large requests (Jaguar only)
- AppleFileServer: Fixes CAN-2004-0430 to improve the handling of long passwords. Credit to Dave G. from @stake for reporting this issue.
- IPSec: Fixes CAN-2004-0155 and CAN-2004-0403 to improve the security of VPN tunnels. IPSec in Mac OS X is not vulnerable to CAN-2004-0392.