Thursday, November 15, 2007

US-CERT Technical Cyber Security Alert TA07-319A -- Apple Updates for Multiple Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


National Cyber Alert System

Technical Cyber Security Alert TA07-319A


Apple Updates for Multiple Vulnerabilities

Original release date: November 15, 2007
Last revised: --
Source: US-CERT


Systems Affected

* Apple Mac OS X version 10.3.x and 10.4.x
* Apple Mac OS X Server version 10.3.x and 10.4.x

These vulnerabilities affect both Intel-based and PowerPC-based Apple
systems.


Overview

Apple has released Mac OS X 10.4.11 and Security Update 2007-008 to
address multiple vulnerabilities affecting Apple Mac OS X and Mac OS X
Server. The most serious of these vulnerabilities may allow a remote
attacker to execute arbitrary code. Attackers may take advantage of
the less serious vulnerabilities to bypass security restrictions or
cause a denial of service.


I. Description

Apple Mac OS X 10.4.11 and Security Update 2007-008 address a number
of vulnerabilities affecting Apple Mac OS X and OS X Server. Further
details are available in the related vulnerability notes.

Several of the fixes included in this update address vulnerabilities
in products from other vendors that ship with Apple OS X or OS X
Server. These products include

* BIND
* bzip2
* Adobe Flash
* MIT Kerberos

Apple Mac OS X 10.4.11 and Security Update 2007-008 address
vulnerabilities for versions 10.3.x and 10.4.x.


II. Impact

The impacts of these vulnerabilities vary. Potential consequences
include remote execution of arbitrary code or commands, bypass of
security restrictions, and denial of service.


III. Solution

Install updates from Apple

Install Mac OS X 10.4.11 or Apple Security Update 2007-008. This and
other updates are available via Apple Update or via Apple Downloads.


IV. References

* Vulnerability notes for Apple Security Update 2007-008 -
<http://www.kb.cert.org/vuls/byid?searchview&query=apple_2007_008>

* About the security content of Mac OS X 10.4.11 and Security Update
2007-008 - <http://docs.info.apple.com/article.html?artnum=307041>

* Mac OS X: Updating your software -
<http://docs.info.apple.com/article.html?artnum=106704>

* Apple downloads - <http://www.apple.com/support/downloads/>

* ISC BIND - <http://www.isc.org/sw/bind/>

* bzip2 : Home - <http://www.bzip.org/>

* Adobe - Adobe Flash Player -
<http://www.adobe.com/products/flashplayer/>

* Kerberos: The Network Authentication Protocol -
<http://web.mit.edu/Kerberos/>


____________________________________________________________________

The most recent version of this document can be found at:

<http://www.us-cert.gov/cas/techalerts/TA07-319A.html>
____________________________________________________________________

Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@cert.org> with "TA07-319A Feedback VU#498105" in the
subject.
____________________________________________________________________

For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________

Produced 2007 by US-CERT, a government organization.

Terms of use:

<http://www.us-cert.gov/legal.html>
____________________________________________________________________


Revision History

November 15, 2007: Initial release

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iQEVAwUBRzx7ZvRFkHkM87XOAQJfIQgAmTZfjJAY/QTweUmvZtOJ9JQ4e/Gj0sE9
OPSrK/SplP92WUL1Ucb8I/VUSQEXXJhNv9dTCMcy7IMpqhx4UxPA6fBKWDJ+nUFi
sx/60EOAiIVW+yYK79VdoI1jrSs48E+CNdqEJCQcjUCVi29eGAdW63H2jOZV37/F
4iQBZYRqhiycZ9FS+S+9aRfMhfy8dEOr1UwIElq6X/tSwss1EKFSNrK5ktGifUtB
AJ+LJVBt2yZOIApcGhsxC3LYUDrDfhqGLIVM2XBc1yuV7Y2gaH4g9Txe+fWK79X2
LYHvhv2xtgLweR12YC+0hT60wSdrDTM6ZW0//ny25LZ7Y7D46ogSWQ==
=AgEr
-----END PGP SIGNATURE-----

California Fire News

California Fire News

Link to California Fire News - Structure, Wildland, EMS

Escondido working to repair park used as firefighting command post

Posted: 15 Nov 2007 07:35 AM CST

Escondido working to repair park used as firefighting command post
Turf trampled and torn in Kit Carson Park

By: DAVID GARRICK - Staff Writer
ESCONDIDO -- Many of the grass fields in Kit Carson Park were severely trampled and torn up last month when the 258-acre park served as a campground and command post for 2,000 firefighters who were brought in to help to suppress the devastating wildfires.

City maintenance crews and some volunteers have been scrambling to repair the fields since the park re-opened to the public Nov. 6, but some of the largest fields will have to be re-seeded next month, said Robin Bettin, the city's recreation superintendent.

"The grass is really worn out from the heavy equipment and the human traffic," said Bettin. "All that machinery and 2,000 firefighters really takes its toll."

The park became a small city of its own for nearly two weeks during last month's wildfires, with firefighters eating meals together and waiting to be deployed. The news media swarmed the park Oct. 25 when President Bush shook hands there with dozens of firefighters during a four-hour tour of the region.

The fires scorched 368,316 acres, destroyed 1,751 homes and took the lives of eight people.

The California Department of Forestry and Fire Protection has agreed to reimburse the city more than $82,000 for field damage, excessive electricity use from running the ball field lights around the clock and lost rental fees for some of the park's facilities, said Bettin.

The presence of the firefighters and the resulting damage forced Escondido Pop Warner football to move its games to Ryan Park, and Escondido Youth Baseball canceled the final month of the season for teams scheduled to play at Kit Carson.

Park officials also canceled all tennis leagues because the park's 10 courts needed to be thoroughly washed clean of ash and debris, and the skate park and sports center were closed for several days, said Bettin.

"The high-use areas of the park suffered the most damage, because the wide-open spaces get the most use and that's the kind of areas the firefighters needed for their tents and equipment," said Bettin.

CalFire officials said Monday that they are enormously grateful to the city.

"We very much appreciate that they made the park available to us on such short notice," said Matt Streck, a CalFire spokesman. "Every hour we spent looking for a command post was an hour we were delayed from fighting the fires."

Streck said the park's location in southern Escondido was nearly perfect for firefighters, because it was close enough to the fires to provide easy access but far enough away to be safe.

Streck also said he was not surprised that the price tag for using the park surpassed $80,000.

"A park like that is not set up to deal with the kind of traffic we created," said Streck.

Money from the Federal Emergency Management Agency will cover 75 percent of the Kit Carson costs, said Streck.

Bettin said city officials are pleased their park played a key role in fighting the fires. She also credited labor crews from CalFire for helping to clear brush for three days before the park re-opened.

Bettin said another problem for the grass was that the presence of the firefighters prevented crews from watering it. She said the city is optimistic that the fields will be fully restored by the spring, but she said visual evidence of the fires will probably remain a lot longer.

"It will probably be several months before you can come into the park and not notice anything different from before the fires," she said.

Source: North County Times

Chile - 7.8 magnitude earthquake - CALIFORNIA TSUNAMI ADVISORY

Posted: 14 Nov 2007 10:28 AM CST

BASED ON THE EARTHQUAKE LOCATION - MAGNITUDE AND HISTORIC TSUNAMI
RECORDS
A DAMAGING TSUNAMI IS NOT EXPECTED ALONG
THE CALIFORNIA/ OREGON/ WASHINGTON/ BRITISH COLUMBIA AND ALASKA
COASTS.

IT IS UNLIKELY THAT THE STATES
AND PROVINCES LISTED ABOVE WILL BE UPGRADED TO A WARNING OR WATCH.

THE PACIFIC TSUNAMI WARNING CENTER IN EWA
BEACH HAWAII HAS ISSUED A WARNING FOR OTHER REGIONS IN THE PACIFIC BASIN (Chile, Peru)

...THIS TSUNAMI ADVISORY IS FOR ALASKA/ BRITISH
COLUMBIA/ WASHINGTON/ OREGON AND CALIFORNIA ONLY...

NO - REPEAT NO - WATCH OR WARNING IS IN EFFECT FOR THE
STATES AND PROVINCES LISTED ABOVE.


THIS ADVISORY IS INTENDED TO KEEP RECIPIENTS INFORMED
ABOUT THE PROGRESS OF THIS EVENT.
PLEASE REFER TO THE PTWC MESSAGES POSTED AT http://www.prh.noaa.gov/ptwc/
FOR MORE INFORMATION ABOUT THE WARNING.
Source: http://www.prh.noaa.gov/

CNN.com

News: Breaking News -- MercuryNews.com

AP Top U.S. News At 8:45 p.m.