Apple Patches Security Hole in Mac OS X Server 10.6.5

Apple on Monday issued a new version of Mac OS X 10.6.5 Server, superseding the update that was released last week. The new build, 10H575 contains a security patch not contained in the earlier build, 10H574, and is recommended for all users who installed the earlier version.

The security issue involves a bug in the Dovecot mail server that could end up with a user getting mail intended for other users. Apple's implemented improved memory management to patch the hole, which only affects users on the 10H574 build.

Some users complained of other problems with the original release of Mac OS X 10.6.5 Server, including bugs with the LDAP directory service; it's unknown whether or not the new build fixes those issues.

Those who need to update to the new version can either do so via Software Update or via Apple's support downloads page as a 858.02MB update or a 1.12GB combo updater that incorporates previous fixes as well. The full list of changes can be found below.

Chat Service

* Fixes an issue that could prevent Chat Service from starting after a system update.

* Chat Service now responds correctly if the server hostname is changed.

Client Management

* Provides the ability to manage IPP print queues.

* Enables management of iChat preferences, using the com.apple.iChat preference manifest.

* Enables management of iCal preferences, using the com.apple.iCal preference manifest.

* Supports creation of an external account with a home directory on a FAT32 filesystem.

* Fixes an issue that could cause a user with a mobile account to use a network home directory instead of their portable home directory.

* Addresses an issue that could prevent managed preferences from being applied when a user logs in on a workstation that has been idle.

* Fixes an issue that could prevent administrators from bypassing client management settings on a workstation.

Directory Services

* Improves the reliability of Directory Services, fixing issues that could prevent users from authenticating, or cause other services to stop responding.

* Improves reliability of Open Directory and Password Server replication.

* Administrators can now import user records that contain a period in the user's short name.

* Fixes the ldapstarttls function.

Mail Service

* Eliminates extraneous "user exists more than once" message from Mail Service in system.log.

Podcast Service

* Improves Podcast Producer set up when bound to Active Directory.

* Enables Active Directory users to publish podcasts to the Wiki Service.

* Fixes an issue that could cause podcast audio and video to get of sync.

* Improves reliability of connection to remote cameras.

* Improves reliability of the Podcast Capture Web Application.

* Podcast Capture will now only ask once about storing a password in keychain.

Software Update Service

* Software Update Service now properly allows administrators to host older updates (such as Mac OS X v10.6.4) after a superseding update (such as 10.6.5) is released.

Web Service

* Updates PHP to version 5.3.3.

Wiki Service and Web Calendar

* Improves Wiki Service performance.

* Improves auto-completion of invitee names on Web Calendar.

* Improves delivery of wiki mailing list messages to addresses that contain a "/" character.

Xsan

* Improves reliability of fibre channel connections, resolving a potential Xsan volume availability problem.

Server Admin

* When setting up a remote server, Server Admin will now reliably launch Server Assistant.

* Adds NetBoot/NetInstall model filters for Mac mini (Mid 2010), iMac (Mid 2010), Mac Pro (Mid 2010) and MacBook Air (Late 2010).

* When creating a DHCP Subnet in Server Admin the field for DNS Search Domain now accepts the dash (--) character.

* Reduces memory usage when monitoring print queues in Server Admin.

System Image Utility

* Adds NetBoot/NetInstall model filters for Mac mini (Mid 2010), iMac (Mid 2010), Mac Pro (Mid 2010) and MacBook Air (Late 2010).

* Fixes the "Apply System Configuration Settings" custom workflow.

Subscribe to the Security Watch Newsletter

Comments