Security Update 2004-02-23

Apple has posted download versions of its Security Update 2004-02-23, which was released yesterday evening via the Mac OS X Software Software Update. The also included an update to QuickTime Streaming Server. Apple provided a full listing of the security fixes.

Apple said the following fixes are incorporated into the security updates.

• CoreFoundation: Fixes CAN-2004-0168 to improve notification
  logging. Credit to aaron@vtty.com for reporting this issue.




• DiskArbitration: Fixes CAN-2004-0167 to more securely handle the
  initialization of writeable removable media. Credit to
  aaron@vtty.com for reporting this issue.




• IPSec: Fixes CAN-2004-0164 to improve checking in key exchange




• Point-to-Point-Protocol: Fixes CAN-2004-0165 to improve the
  handling of error messages. Credit to Dave G. of @stake and
  Justin Tibbs of Secure Network Operations (SRT) for reporting
  this issue.




• QuickTime Streaming Server: Fixes CAN-2004-0169 to improve
  checking of request data. Credit to iDEFENSE Labs for
  reporting this issue. Streaming Server updates for other
  platforms are available from [Apple's Website]





• Safari: Fixes CAN-2004-0166 to improve the display of URLs in the
  status bar




• tcpdump: Fixes CAN-2003-0989, CAN-2004-0055, and CAN-2004-0057 by
  updating tcpdump to version 3.8.1 and libpcap to version 0.8.1

by MacNN Staff