This document describes the security content of Mac OS X 10.4.2, which can be downloaded and installed using Software Update, or from Apple Downloads.
For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.
For information about the Apple Product Security PGP Key, see "How To Use The Apple Product Security PGP Key."
Where possible, CVE IDs are used to reference the vulnerabilities for further information.
To learn about other Security Updates, see "Apple Security Updates."
CVE-ID: CAN-2005-2194
Available for: Mac OS X v10.4, Mac OS X Server v10.4
Impact: A specifically crafted TCP/IP packet can cause a denial of service.
Description: A specifically crafted TCP/IP packet can cause the kernel to panic due to a null pointer dereference, and require a reboot. Multiple conditions are required to trigger this problem. The common practice of filtering source-routed and loose source-routed packets on network infrastructure, ingress routers, and firewalls can prevent systems from being affected. This issue does not affect previous releases of Mac OS X. Credit to Julian Y. Koh and colleagues of Northwestern University for reporting this issue.
CVE-ID: CAN-2005-1474
Available for: Mac OS X v10.4, Mac OS X Server v10.4
Impact: Users may install widgets that override Apple-supplied widgets.
Description: Dashboard is distributed with Apple-supplied widgets, and users have the ability to add new ones. It is possible for a user to install a new widget with the same internal identifier as an Apple-supplied widget. If this occurs, the newly-installed widget will run in place of the system widget. It may not be clear to users that they are running a widget that they installed as opposed to the Apple-supplied one. This update addresses the issue by alerting users if they try to install widgets that would cause this sort of conflict. This issue does not affect previous releases of Mac OS X.