Security Update 2004-01-26
Apple today posted Security Update 2004-01-26, which it says delivers a number of security enhancements for Apache 1.3, Classic, Mail, Safari, and Windows File Sharing. Additionally, Security Update 2003-12-19 has been incorporated into this security update.
Update: The enhancements in this release are as follows: AFP Server: Improves AFP over the 2003-12-19 security update.
Apache 1.3: Fixes CAN-2003-0542, a buffer overflow in the mod_alias and mod_rewrite modules of the Apache webserver.
Apache 2: Fixes CAN-2003-0542 and CAN-2003-0789 by updating Apache 2.0.47 to 2.0.48. Installed only on Server systems.
Classic: Fixes CAN-2004-0089 to improve the handling of environment variables.
Mail: Fixes CAN-2004-0085 and CAN-2004-0086 to deliver security enhancements to Apple's mail application.
Safari: Fixes CAN-2004-0092 by delivering security enhancements to the Safari Web browser.
System Configuration: Fixes CAN-2004-0087 and CAN-2004-0088 where the SystemConfiguration subsystem allowed remote non-admin users to change network setting and make configuration changes to configd.
Windows File Sharing: Fixes CAN-2004-0090 where Windows file sharing did not shutdown properly.