Security Update 2007-005

Apple has just posted its latest security update. This update addresses a boatload of possible vulnerabilities including a number of core unix utilities as well as iChat and VPN. Without further ado, here's a quick rundown of the fixes and the vulnerabilities:

Alias Manager. Impact: Users may be misled into opening a substituted file

BIND. Impact: Multiple vulnerabilities in BIND, the most serious of which is remote denial of service

CoreGraphics. Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution

crontabs. Impact: The daily /tmp cleanup script may lead to a denial of service

fetchmail. Impact: fetchmail password disclosure may be possible

file. Impact: Running the file command on a maliciously crafted file may lead to an unexpected application termination or arbitrary code execution

iChat. Impact: An attacker on the local network may be able to cause a denial of service or arbitrary code execution

mDNSResponder. Impact: An attacker on the local network may be able to cause a denial of service or arbitrary code execution

PPP. Impact: A local user may obtain system privileges

ruby. Impact: Denial of service vulnerabilities in the Ruby CGI library

screen. Impact: Multiple denial of service vulnerabilities in GNU Screen

texinfo. Impact: A vulnerability in texinfo may allow arbitrary files to be overwritten

VPN. Impact: A local user may obtain system privileges

Thanks Tomasz