Jump to: navigation, search
UPDATE: This works fine with OS X Yosemite 10.10. Update for El Capitan¶ UPDATE: In order to make the plist changes, you will need to disable rootless. Please see this article on rootless and boot-args. Ssh-agent (from homebrew) is not working currently. This may (or may not) get fixed for the release. « Why can’t email be secure? Mac OS X frontend for OpenSSH's sftp/scp tools. Fugu is a graphical frontend for the text-based Secure File Transfer Protocol (SFTP) client that ships with Mac OS X. SFTP is similar to FTP, but the entire session is encrypted, meaning nothing, including passwords, is sent in the clear.
- 3How do I create a SSH key pair?
What is a SSH key?
SSH keys are used for secure connections across a network. They come in pairs, so you have a public key and a private key.
The standard ssh2 file format (seehttp://www.openssh.org/txt/draft-ietf-secsh-publickeyfile-02.txt)looks like this:
However, Moodle uses OpenSSH on its server and this key will not work with the OpenSSH server in this format; OpenSSH requires the key to be in OpenSSH format. Here is an example of a DSA public key in OpenSSH format (usually they are all in one line):
In addition to OpenSSH and Standard SSH formats there are a variety of proprietary formats as well as SSH1 and SSH2 differences to account for, which can make this confusing.
In the example above you will note that the key starts with 'ssh-dss'. This is because this key was generated using DSA as opposed to RSA. A number of vendors in the SSH arena have argued, as per the PuTTY documentation that can be found at http://the.earth.li/~sgtatham/putty/0.55/htmldoc/Chapter8.html#S8.2.10 that users should employ RSA encryption because
An SSH2 public key in OpenSSH format will start with 'ssh-rsa'.
The idea behind all of this is that once you have keys on the remote server and your local host, access will be simpler since the server will only grant access to someone who has the matching private key.
Why do I need a SSH key?
Our CVS server uses OpenSSH, so if you are a Moodle developer and you want to make your logins easier (by avoiding typing in your password all the time) then you will need to submit public key in Openssh format via the 'Update my developer information' tab at http://moodle.org/cvs.
How do I create a SSH key pair?
Eclipse
If you plan to use Eclipse for development, please refer to the Eclipse document https://docs.moodle.org/en/Eclipse as Eclipse now has a plugin that allows you to manage all ssh key matters from within Eclipse.
Unix/Linux
You can use ssh-keygen at your system prompt. Please consult the man page on your system for the options available to you.
- Run: ssh-keygen -t (rsa or dsa). This will not include a passphrase. *
- Use of rsa or dsa above will result in rsa or dsa replacing each XXX below.
- Look in your ~/.ssh directory (or wherever you saved the output). You'll find id_XXX (private) and id_XXX.pub (public).
- Cut and paste the contents of id_XXX.pub into your developer profile on http://moodle.org/cvs
- Put the private key wherever you will be calling CVS from (in your .ssh directory, for example). Make sure it's secure!
- This section initially recommended using ssh-keygen -d but it is unclear what the source of this -d option might be.
![Openssh For Mac Os X Openssh For Mac Os X](/uploads/1/2/9/4/129461111/475312112.png)
Windows
Use puttygen and follow the instructions here. Make sure you choose the RSA2 key format and that when you copy the key data into the textbox on the site, that you have all of the characters on one line. If you have opened the key with word pad, it will have line breaks in it which will stop it from working.
The box should look like this:
Mac OS X
If you have an existing key in Putty format, open it in puttygen on windows and then choose conversions and export as openssh format. You can then import the key into OS X using
The -K flag is optional and stores your passphrase in the keychain ssh-add documentation
Retrieved from 'https://docs.moodle.org/dev/index.php?title=SSH_key&oldid=30936'
For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.
For information about the Apple Product Security PGP Key, see How to use the Apple Product Security PGP Key.
Where possible, CVE IDs are used to reference the vulnerabilities for further information.
To learn about other security updates, see Apple security updates.
![For For](/uploads/1/2/9/4/129461111/366056237.jpg)
OS X El Capitan v10.11
- Address BookAvailable for: Mac OS X v10.6.8 and laterImpact: A local attacker may be able to inject arbitrary code to processes loading the Address Book frameworkDescription: An issue existed in Address Book framework's handling of an environment variable. This issue was addressed through improved environment variable handling.CVE-IDCVE-2015-5897 : Dan Bastone of Gotham Digital Science
- AirScanAvailable for: Mac OS X v10.6.8 and laterImpact: An attacker with a privileged network position may be able to extract payload from eSCL packets sent over a secure connectionDescription: An issue existed in the processing of eSCL packets. This issue was addressed through improved validation checks.CVE-IDCVE-2015-5853 : an anonymous researcher
- apache_mod_phpAvailable for: Mac OS X v10.6.8 and laterImpact: Multiple vulnerabilities in PHPDescription: Multiple vulnerabilities existed in PHP versions prior to 5.5.27, including one which may have led to remote code execution. This issue was addressed by updating PHP to version 5.5.27.CVE-IDCVE-2014-9425CVE-2014-9427CVE-2014-9652CVE-2014-9705CVE-2014-9709CVE-2015-0231CVE-2015-0232CVE-2015-0235CVE-2015-0273CVE-2015-1351CVE-2015-1352CVE-2015-2301CVE-2015-2305CVE-2015-2331CVE-2015-2348CVE-2015-2783CVE-2015-2787CVE-2015-3329CVE-2015-3330
- Apple Online Store KitAvailable for: Mac OS X v10.6.8 and laterImpact: A malicious application may gain access to a user's keychain itemsDescription: An issue existed in validation of access control lists for iCloud keychain items. This issue was addressed through improved access control list checks.CVE-IDCVE-2015-5836 : XiaoFeng Wang of Indiana University, Luyi Xing of Indiana University, Tongxin Li of Peking University, Tongxin Li of Peking University, Xiaolong Bai of Tsinghua University
- AppleEventsAvailable for: Mac OS X v10.6.8 and laterImpact: A user connected through screen sharing can send Apple Events to a local user's sessionDescription: An issue existed with Apple Event filtering that allowed some users to send events to other users. This was addressed by improved Apple Event handling.CVE-IDCVE-2015-5849 : Jack Lawrence (@_jackhl)
- AudioAvailable for: Mac OS X v10.6.8 and laterImpact: Playing a malicious audio file may lead to an unexpected application terminationDescription: A memory corruption issue existed in the handling of audio files. This issue issue was addressed through improved memory handling.CVE-IDCVE-2015-5862 : YoungJin Yoon of Information Security Lab. (Adv.: Prof. Taekyoung Kwon), Yonsei University, Seoul, Korea
- bashAvailable for: Mac OS X v10.6.8 and laterImpact: Multiple vulnerabilities in bashDescription: Multiple vulnerabilities existed in bash versions prior to 3.2 patch level 57. These issues were addressed by updating bash version 3.2 to patch level 57.CVE-IDCVE-2014-6277CVE-2014-7186CVE-2014-7187
- Certificate Trust PolicyAvailable for: Mac OS X v10.6.8 and laterImpact: Update to the certificate trust policyDescription: The certificate trust policy was updated. The complete list of certificates may be viewed at https://support.apple.com/kb/HT202858.
- CFNetwork CookiesAvailable for: Mac OS X v10.6.8 and laterImpact: An attacker in a privileged network position can track a user's activityDescription: A cross-domain cookie issue existed in the handling of top level domains. The issue was address through improved restrictions of cookie creation.CVE-IDCVE-2015-5885 : Xiaofeng Zheng of Blue Lotus Team, Tsinghua University
- CFNetwork FTPProtocolAvailable for: Mac OS X v10.6.8 and laterImpact: Malicious FTP servers may be able to cause the client to perform reconnaissance on other hostsDescription: An issue existed in the handling of FTP packets when using the PASV command. This issue was resolved through improved validation.CVE-IDCVE-2015-5912 : Amit Klein
- CFNetwork HTTPProtocolAvailable for: Mac OS X v10.6.8 and laterImpact: A maliciously crafted URL may be able to bypass HSTS and leak sensitive dataDescription: A URL parsing vulnerability existed in HSTS handling. This issue was addressed through improved URL parsing.CVE-IDCVE-2015-5858 : Xiaofeng Zheng of Blue Lotus Team, Tsinghua University
- CFNetwork HTTPProtocolAvailable for: Mac OS X v10.6.8 and laterImpact: An attacker with a privileged network position may be able to intercept network trafficDescription: An issue existed in the handling of HSTS preload list entries in Safari private browsing mode. This issue was addressed through improved state handling.CVE-IDCVE-2015-5859 : Rosario Giustolisi of University of Luxembourg
- CFNetwork HTTPProtocolAvailable for: Mac OS X v10.6.8 and laterImpact: A malicious website may be able to track users in Safari private browsing modeDescription: An issue existed in the handling of HSTS state in Safari private browsing mode. This issue was addressed through improved state handling.CVE-IDCVE-2015-5860 : Sam Greenhalgh of RadicalResearch Ltd
- CFNetwork ProxiesAvailable for: Mac OS X v10.6.8 and laterImpact: Connecting to a malicious web proxy may set malicious cookies for a websiteDescription: An issue existed in the handling of proxy connect responses. This issue was addressed by removing the set-cookie header while parsing the connect response.CVE-IDCVE-2015-5841 : Xiaofeng Zheng of Blue Lotus Team, Tsinghua University
- CFNetwork SSLAvailable for: Mac OS X v10.6.8 and laterImpact: An attacker with a privileged network position may intercept SSL/TLS connectionsDescription: A certificate validation issue existed in NSURL when a certificate changed. This issue was addressed through improved certificate validation.CVE-IDCVE-2015-5824 : Timothy J. Wood of The Omni Group
- CFNetwork SSLAvailable for: Mac OS X v10.6.8 and laterImpact: An attacker may be able to decrypt data protected by SSLDescription: There are known attacks on the confidentiality of RC4. An attacker could force the use of RC4, even if the server preferred better ciphers, by blocking TLS 1.0 and higher connections until CFNetwork tried SSL 3.0, which only allows RC4. This issue was addressed by removing the fallback to SSL 3.0.
- CoreCryptoAvailable for: Mac OS X v10.6.8 and laterImpact: An attacker may be able to determine a private keyDescription: By observing many signing or decryption attempts, an attacker may have been able to determine the RSA private key. This issue was addressed using improved encryption algorithms.
- CoreTextAvailable for: Mac OS X v10.6.8 and laterImpact: Processing a maliciously crafted font file may lead to arbitrary code executionDescription: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation.CVE-IDCVE-2015-5874 : John Villamil (@day6reak), Yahoo Pentest Team
- Dev ToolsAvailable for: Mac OS X v10.6.8 and laterImpact: A malicious application may be able to execute arbitrary code with system privilegesDescription: A memory corruption issue existed in dyld. This was addressed through improved memory handling.CVE-IDCVE-2015-5876 : beist of grayhash
- Dev ToolsAvailable for: Mac OS X v10.6.8 and laterImpact: An application may be able to bypass code signingDescription: An issue existed with validation of the code signature of executables. This issue was addressed through improved bounds checking.CVE-IDCVE-2015-5839 : @PanguTeam
- Disk ImagesAvailable for: Mac OS X v10.6.8 and laterImpact: A local user may be able to execute arbitrary code with system privilegesDescription: A memory corruption issue existed in DiskImages. This issue was addressed through improved memory handling.CVE-IDCVE-2015-5847 : Filippo Bigarella, Luca Todesco
- dyldAvailable for: Mac OS X v10.6.8 and laterImpact: An application may be able to bypass code signingDescription: An issue existed with validation of the code signature of executables. This issue was addressed through improved bounds checking.CVE-IDCVE-2015-5839 : TaiG Jailbreak Team
- EFIAvailable for: Mac OS X v10.6.8 and laterImpact: A malicious application can prevent some systems from bootingDescription: An issue existed with the addresses covered by the protected range register. This issue was fixed by changing the protected range.CVE-IDCVE-2015-5900 : Xeno Kovah & Corey Kallenberg from LegbaCore
- EFIAvailable for: Mac OS X v10.6.8 and laterImpact: A malicious Apple Ethernet Thunderbolt adapter may be able to affect firmware flashingDescription: Apple Ethernet Thunderbolt adapters could modify the host firmware if connected during an EFI update. This issue was addressed by not loading option ROMs during updates.CVE-IDCVE-2015-5914 : Trammell Hudson of Two Sigma Investments and snare
- FinderAvailable for: Mac OS X v10.6.8 and laterImpact: The 'Secure Empty Trash' feature may not securely delete files placed in the TrashDescription: An issue existed in guaranteeing secure deletion of Trash files on some systems, such as those with flash storage. This issue was addressed by removing the 'Secure Empty Trash' option.CVE-IDCVE-2015-5901 : Apple
- Game CenterAvailable for: Mac OS X v10.6.8 and laterImpact: A malicious Game Center application may be able to access a player's email addressDescription: An issue existed in Game Center in the handling of a player's email. This issue was addressed through improved access restrictions.CVE-IDCVE-2015-5855 : Nasser Alnasser
- HeimdalAvailable for: Mac OS X v10.6.8 and laterImpact: An attacker may be able to replay Kerberos credentials to the SMB serverDescription: An authentication issue existed in Kerberos credentials. This issue was addressed through additional validation of credentials using a list of recently seen credentials.CVE-IDCVE-2015-5913 : Tarun Chopra of Microsoft Corporation, U.S. and Yu Fan of Microsoft Corporation, China
- ICUAvailable for: Mac OS X v10.6.8 and laterImpact: Multiple vulnerabilities in ICUDescription: Multiple vulnerabilities existed in ICU versions prior to 53.1.0. These issues were addressed by updating ICU to version 55.1.CVE-IDCVE-2014-8146 : Marc DeslauriersCVE-2014-8147 : Marc DeslauriersCVE-2015-5922 : Mark Brand of Google Project Zero
- Install Framework LegacyAvailable for: Mac OS X v10.6.8 and laterImpact: A local user may be able to gain root privilegesDescription: A restriction issue existed in the Install private framework containing a privileged executable. This issue was addressed by removing the executable.CVE-IDCVE-2015-5888 : Apple
- Intel Graphics DriverAvailable for: Mac OS X v10.6.8 and laterImpact: A local user may be able to execute arbitrary code with system privilegesDescription: Multiple memory corruption issues existed in the Intel Graphics Driver. These issues were addressed through improved memory handling.CVE-IDCVE-2015-5830 : Yuki MIZUNO (@mzyy94)CVE-2015-5877 : Camillus Gerard Cai
- IOAudioFamilyAvailable for: Mac OS X v10.6.8 and laterImpact: A local user may be able to determine kernel memory layoutDescription: An issue existed in IOAudioFamily that led to the disclosure of kernel memory content. This issue was addressed by permuting kernel pointers.CVE-IDCVE-2015-5864 : Luca Todesco
- IOGraphicsAvailable for: Mac OS X v10.6.8 and laterImpact: A local user may be able to execute arbitrary code with kernel privilegesDescription: Multiple memory corruption issues existed in the kernel. These issues were addressed through improved memory handling.CVE-IDSign in to www.office.com from a web browser and start using the apps on the web or access other web services associated with your account such as OneDrive. How you sign in to an installed Office app depends on your device. Microsoft access 2013 free download - Actual ODBC Driver for Access, Playback, MDB Explorer, and many more programs. Start quickly with the most recent versions of Word, Excel, PowerPoint, Outlook, OneNote and OneDrive —combining the familiarity of Office and the unique Mac features you love. Work online or offline, on your own or with others in real time—whatever works for what you’re doing.Microsoft office 2013 for mac free download - Microsoft Office 2011, Microsoft Office 2008 update, Microsoft Office 2016 Preview, and many more programs.CVE-2015-5871 : Ilja van Sprundel of IOActiveCVE-2015-5872 : Ilja van Sprundel of IOActiveCVE-2015-5873 : Ilja van Sprundel of IOActiveCVE-2015-5890 : Ilja van Sprundel of IOActive
- IOGraphicsAvailable for: Mac OS X v10.6.8 and laterImpact: A malicious application may be able to determine kernel memory layoutDescription: An issue existed in IOGraphics which could have led to the disclosure of kernel memory layout. This issue was addressed through improved memory management.CVE-IDCVE-2015-5865 : Luca Todesco
- IOHIDFamilyAvailable for: Mac OS X v10.6.8 and laterImpact: A malicious application may be able to execute arbitrary code with system privilegesDescription: Multiple memory corruption issues existed in IOHIDFamily. These issues were addressed through improved memory handling.CVE-IDCVE-2015-5866 : AppleCVE-2015-5867 : moony li of Trend Micro
- IOStorageFamilyAvailable for: Mac OS X v10.6.8 and laterImpact: A local attacker may be able to read kernel memoryDescription: A memory initialization issue existed in the kernel. This issue was addressed through improved memory handling.CVE-IDCVE-2015-5863 : Ilja van Sprundel of IOActive
- KernelAvailable for: Mac OS X v10.6.8 and laterImpact: A local user may be able to execute arbitrary code with kernel privilegesDescription: Multiple memory corruption issues existed in the Kernel. These issues were addressed through improved memory handling.CVE-IDCVE-2015-5868 : Cererdlong of Alibaba Mobile Security TeamCVE-2015-5896 : Maxime Villard of m00nbsdCVE-2015-5903 : CESG
- KernelAvailable for: Mac OS X v10.6.8 and laterImpact: A local process can modify other processes without entitlement checksDescription: An issue existed where root processes using the processor_set_tasks API were allowed to retrieve the task ports of other processes. This issue was addressed through additional entitlement checks.CVE-IDCVE-2015-5882 : Pedro Vilaça, working from original research by Ming-chieh Pan and Sung-ting Tsai; Jonathan Levin
- KernelAvailable for: Mac OS X v10.6.8 and laterImpact: A local attacker may control the value of stack cookiesDescription: Multiple weaknesses existed in the generation of user space stack cookies. These issues were addressed through improved generation of stack cookies.CVE-IDCVE-2013-3951 : Stefan Esser
- KernelAvailable for: Mac OS X v10.6.8 and laterImpact: An attacker may be able to launch denial of service attacks on targeted TCP connections without knowing the correct sequence numberDescription: An issue existed in xnu's validation of TCP packet headers. This issue was addressed through improved TCP packet header validation.CVE-IDCVE-2015-5879 : Jonathan Looney
- KernelAvailable for: Mac OS X v10.6.8 and laterImpact: An attacker in a local LAN segment may disable IPv6 routingDescription: An insufficient validation issue existed in the handling of IPv6 router advertisements that allowed an attacker to set the hop limit to an arbitrary value. This issue was addressed by enforcing a minimum hop limit.CVE-IDCVE-2015-5869 : Dennis Spindel Ljungmark
Openssh Server Mac Os X
- KernelAvailable for: Mac OS X v10.6.8 and laterImpact: A local user may be able to determine kernel memory layoutDescription: An issue existed that led to the disclosure of kernel memory layout. This was addressed through improved initialization of kernel memory structures.CVE-IDCVE-2015-5842 : beist of grayhash
- KernelAvailable for: Mac OS X v10.6.8 and laterImpact: A local user may be able to determine kernel memory layoutDescription: An issue existed in debugging interfaces that led to the disclosure of memory content. This issue was addressed by sanitizing output from debugging interfaces.CVE-IDCVE-2015-5870 : Apple
- KernelAvailable for: Mac OS X v10.6.8 and laterImpact: A local user may be able to cause a system denial of serviceDescription: A state management issue existed in debugging functionality. This issue was addressed through improved validation.CVE-IDCVE-2015-5902 : Sergi Alvarez (pancake) of NowSecure Research Team
- libcAvailable for: Mac OS X v10.6.8 and laterImpact: A remote attacker may be able to cause arbitrary code executionDescription: A memory corruption issue existed in the fflush function. This issue was addressed through improved memory handling.CVE-IDCVE-2014-8611 : Adrian Chadd and Alfred Perlstein of Norse Corporation
- libpthreadAvailable for: Mac OS X v10.6.8 and laterImpact: A local user may be able to execute arbitrary code with kernel privilegesDescription: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling.CVE-IDCVE-2015-5899 : Lufeng Li of Qihoo 360 Vulcan Team
- libxpcAvailable for: Mac OS X v10.6.8 and laterImpact: Many SSH connections could cause a denial of serviceDescription: launchd had no limit on the number of processes that could be started by a network connection. This issue was addressed by limiting the number of SSH processes to 40.CVE-IDCVE-2015-5881 : Apple
- Login WindowAvailable for: Mac OS X v10.6.8 and laterImpact: The screen lock may not engage after the specified time periodDescription: An issue existed with captured display locking. The issue was addressed through improved lock handling.CVE-IDCVE-2015-5833 : Carlos Moreira, Rainer Dorau of rainer dorau informationsdesign, Chris Nehren, Kai Takac, Hans Douma, Toni Vaahtera, and Jon Hall of Asynchrony
- lukemftpdAvailable for: Mac OS X v10.6.8 and laterImpact: A remote attacker may be able to deny service to the FTP serverDescription: A glob-processing issue existed in tnftpd. This issue was addressed through improved glob validation.CVE-IDCVE-2015-5917 : Maksymilian Arciemowicz of cxsecurity.com
- MailAvailable for: Mac OS X v10.6.8 and laterImpact: Printing an email may leak sensitive user informationDescription: An issue existed in Mail which bypassed user preferences when printing an email. This issue was addressed through improved user preference enforcement.CVE-IDCVE-2015-5881 : Owen DeLong of Akamai Technologies, Noritaka Kamiya, Dennis Klein from Eschenburg, Germany, Jeff Hammett of Systim Technology Partners
- MailAvailable for: Mac OS X v10.6.8 and laterImpact: An attacker in a privileged network position may be able to intercept attachments of S/MIME-encrypted e-mail sent via Mail DropDescription: An issue existed in handling encryption parameters for large email attachments sent via Mail Drop. The issue is addressed by no longer offering Mail Drop when sending an encrypted e-mail.CVE-IDCVE-2015-5884 : John McCombs of Integrated Mapping Ltd
- Multipeer ConnectivityAvailable for: Mac OS X v10.6.8 and laterImpact: A local attacker may be able to observe unprotected multipeer dataDescription: An issue existed in convenience initializer handling in which encryption could be actively downgraded to a non-encrypted session. This issue was addressed by changing the convenience initializer to require encryption.CVE-IDCVE-2015-5851 : Alban Diquet (@nabla_c0d3) of Data Theorem
- NetworkExtensionAvailable for: Mac OS X v10.6.8 and laterImpact: A malicious application may be able to determine kernel memory layoutDescription: An uninitialized memory issue in the kernel led to the disclosure of kernel memory content. This issue was addressed through improved memory initialization.CVE-IDCVE-2015-5831 : Maxime Villard of m00nbsd
- NotesAvailable for: Mac OS X v10.6.8 and laterImpact: A local user may be able to leak sensitive user informationDescription: An issue existed in parsing links in the Notes application. This issue was addressed through improved input validation.CVE-IDCVE-2015-5878 : Craig Young of Tripwire VERT, an anonymous researcher
- NotesAvailable for: Mac OS X v10.6.8 and laterImpact: A local user may be able to leak sensitive user informationDescription: A cross-site scripting issue existed in parsing text by the Notes application. This issue was addressed through improved input validation.CVE-IDCVE-2015-5875 : xisigr of Tencent's Xuanwu LAB (www.tencent.com)
- OpenSSHAvailable for: Mac OS X v10.6.8 and laterImpact: Multiple vulnerabilities in OpenSSHDescription: Multiple vulnerabilities existed in OpenSSH versions prior to 6.9. These issues were addressed by updating OpenSSH to version 6.9.CVE-IDCVE-2014-2532
- OpenSSLAvailable for: Mac OS X v10.6.8 and laterImpact: Multiple vulnerabilities in OpenSSLDescription: Multiple vulnerabilities existed in OpenSSL versions prior to 0.9.8zg. These were addressed by updating OpenSSL to version 0.9.8zg.CVE-IDCVE-2015-0286CVE-2015-0287
- procmailAvailable for: Mac OS X v10.6.8 and laterImpact: Multiple vulnerabilities in procmailDescription: Multiple vulnerabilities existed in procmail versions prior to 3.22. These issues were addressed by removing procmail.CVE-IDCVE-2014-3618
- remote_cmdsAvailable for: Mac OS X v10.6.8 and laterImpact: A local user may be able to execute arbitrary code with root privilegesDescription: An issue existed in the usage of environment variables by the rsh binary. This issue was addressed by dropping setuid privileges from the rsh binary.CVE-IDCVE-2015-5889 : Philip Pettersson
- removefileAvailable for: Mac OS X v10.6.8 and laterImpact: Processing malicious data may lead to unexpected application terminationDescription: An overflow fault existed in the checkint division routines. This issue was addressed with improved division routines.CVE-IDCVE-2015-5840 : an anonymous researcher
- RubyAvailable for: Mac OS X v10.6.8 and laterImpact: Multiple vulnerabilities in RubyDescription: Multiple vulnerabilities existed in Ruby versions prior to 2.0.0p645. These were addressed by updating Ruby to version 2.0.0p645.CVE-IDCVE-2014-8080CVE-2014-8090CVE-2015-1855
- SecurityAvailable for: Mac OS X v10.6.8 and laterImpact: The lock state of the keychain may be incorrectly displayed to the userDescription: A state management issue existed in the way keychain lock status was tracked. This issue was addressed through improved state management.CVE-IDCVE-2015-5915 : Peter Walz of University of Minnesota, David Ephron, Eric E. Lawrence, Apple
- SecurityAvailable for: Mac OS X v10.6.8 and laterImpact: A trust evaluation configured to require revocation checking may succeed even if revocation checking failsDescription: The kSecRevocationRequirePositiveResponse flag was specified but not implemented. This issue was addressed by implementing the flag.CVE-IDCVE-2015-5894 : Hannes Oud of kWallet GmbH
Mac Ssh
- SecurityAvailable for: Mac OS X v10.6.8 and laterImpact: A remote server may prompt for a certificate before identifying itselfDescription: Secure Transport accepted the CertificateRequest message before the ServerKeyExchange message. This issue was addressed by requiring the ServerKeyExchange first.CVE-IDCVE-2015-5887 : Benjamin Beurdouche, Karthikeyan Bhargavan, Antoine Delignat-Lavaud, Alfredo Pironti, and Jean Karim Zinzindohoue of INRIA Paris-Rocquencourt, and Cedric Fournet and Markulf Kohlweiss of Microsoft Research, Pierre-Yves Strub of IMDEA Software Institute
- SMBAvailable for: Mac OS X v10.6.8 and laterImpact: A local user may be able to execute arbitrary code with kernel privilegesDescription: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling.CVE-IDCVE-2015-5891 : Ilja van Sprundel of IOActive
- SMBAvailable for: Mac OS X v10.6.8 and laterImpact: A local user may be able to determine kernel memory layoutDescription: An issue existed in SMBClient that led to the disclosure of kernel memory content. This issue was addressed through improved bounds checking.CVE-IDCVE-2015-5893 : Ilja van Sprundel of IOActive
- SQLiteAvailable for: Mac OS X v10.6.8 and laterImpact: Multiple vulnerabilities in SQLite v3.8.5Description: Multiple vulnerabilities existed in SQLite v3.8.5. These issues were addressed by updating SQLite to version 3.8.10.2.CVE-IDCVE-2015-3414CVE-2015-3415CVE-2015-3416
- TelephonyAvailable for: Mac OS X v10.6.8 and laterImpact: A local attacker can place phone calls without the user's knowledge when using ContinuityDescription: An issue existed in the authorization checks for placing phone calls. This issue was addressed through improved authorization checks.CVE-IDCVE-2015-3785 : Dan Bastone of Gotham Digital Science
- TerminalAvailable for: Mac OS X v10.6.8 and laterImpact: Maliciously crafted text could mislead the user in TerminalDescription: Terminal did not handle bidirectional override characters in the same way when displaying text and when selecting text. This issue was addressed by suppressing bidirectional override characters in Terminal.CVE-IDCVE-2015-5883 : Lukas Schauer (@lukas2511)
- tidyAvailable for: Mac OS X v10.6.8 and laterImpact: Visiting a maliciously crafted website may lead to arbitrary code executionDescription: Multiple memory corruption issues existed in tidy. These issues were addressed through improved memory handling.CVE-IDCVE-2015-5522 : Fernando Muñoz of NULLGroup.comCVE-2015-5523 : Fernando Muñoz of NULLGroup.com
Mac Os Ssh Server
- Time MachineAvailable for: Mac OS X v10.6.8 and laterImpact: A local attacker may gain access to keychain itemsDescription: An issue existed in backups by the Time Machine framework. This issue was addressed through improved coverage of Time Machine backups.CVE-IDCVE-2015-5854 : Jonas Magazinius of Assured AB
Mac Install Ssh
Note: OS X El Capitan v10.11 includes the security content of Safari 9.