The fix corrects occasions when viewing certain Tagged Image File Format (TIFF) images could cause in an application crash or arbitrary code execution. The system now will further validate such images to ensure they are not malformed.
The update also ensures users searching in the Apple Filing Protocol (AFP) server can only view files and folders to which they have authorized access.
In addition, a flaw that allows remote attackers to cause the Open Directory server to crash by crafting a bogus Lightweight Directory Access Protocol (LDAP) is corrected. The update invalidates such requests.
The update corrects a problem in ClamAntiVirus’ automatic database that allows attackers to cause a stack-based buffer overflow during the updating process.
Finally, a format string vulnerability in the "setuid" program may allow users elevated privileges. The update fixes the issue by further validating logging messages.