-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2003-12-19 Security Update 2003-12-19 for Panther

Security Update 2003-12-19 for Panther is available for
    Mac OS X 10.3.2 and Mac OS X Server 10.3.2.

It contains security enhancements for the following:

AppleFileServer: Fixes CAN-2003-1007 to improve the handling of
    malformed requests.

ASN.1 Decoding for PKI:  Fixes CAN-2003-1005 which could cause a
    potential denial of service when receiving malformed ASN.1
    sequences.  This is related but separate from CAN-2003-0851.

cd9660.util:  Fixes CAN-2003-1006, a buffer overflow vulnerability in
    the filesystem utility cd9660.util.
    Credit to KF of Secure Network Operations for reporting this issue.

Directory Services:  Fixes CAN-2003-1009.  The default settings are
    changed to prevent an inadvertent connection in the event of a
    malicious DHCP server on the computer's local subnet.  Further
    information is provided in Apple's Knowledge Base article:
    http://docs.info.apple.com/article.html?artnum=32478
    Credit to William A. Carrel for reporting this issue.

fetchmail: Fixes CAN-2003-0792. Updates are provided to fetchmail that
    improve its stability when receiving malformed messages.

fs_usage:  Fixes CAN-2003-1010. The fs_usage tool has been improved to
    prevent a local privilege escalation vulnerability.  This tool is
    used to collect system performance information and requires admin
    privileges to run.
    Credit to Dave G. of @stake for reporting this issue.

rsync:  Fixes CAN-2003-0962 by improving the security of the rsync
    server.
    
Screen Saver:  Fixes CAN-2003-1008.  When the Screen Saver login
    window is present, it is no longer possible to write a text
    clipping to the desktop or an application.
    Credit to Benjamin Kelly for reporting this issue.

System initialization:  Fixes CAN-2003-1011. The system initialization
    process has been improved to restrict root access on a system that
    uses a USB keyboard.

================================================

Security Update 2003-12-19 for Panther may be obtained from:

  * Software Update pane in System Preferences

  * Apple's Software Downloads web site:
    http://www.info.apple.com/kbnum/n120292
    The download file is named: "SecurityUpd2003-12-19.dmg"
    Its SHA-1 digest is: 112674677572232f640d03122b25527d84fbbbf8
    
Information will also be posted to the Apple Product Security web
site:
http://www.apple.com/support/security/security_updates.html

This message is signed with Apple's Product Security PGP key, and
details are available at:
http://www.apple.com/support/security/security_pgp.html

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.2

iQEVAwUBP+Rsp3eI0z6bzFr0AQI/MwgAqqUXmeRPg2xLQlbGiK15uDhgrcOuE27V
5fi8IvkiAWMN/qjJofG3y+crtmZwTea0Z8qvcw8EcbMRtuhqzyCu43HFTE8wFJ4w
FqmwihZQANu8IHye9tgl36CiPJvY3bYWPxd3GobAQKZp81/OIhY3H2aB79Oa3N3o
6lBPHInyLmRswlOa9s7v6wSJAK/9MXa7dwSLtaaFsVg7R8kfe4atZ0tAlc8rHAnS
k0sZq1z6hPeiXHRxFIeozwTr6P5QLZB/3YuRYLtgYudojOauV1/X4/ltsOb5Kdk/
HUdrNSZfoECPI78BecWblnsGG91Tgd20GIcTke06o0zWvZa2vXWJDg==
=3ZBF
-----END PGP SIGNATURE-----