Snow Leopard Server 10.6.5 re-released after mail fail fixed

Stephen Withers
Tuesday, 16 November 2010 10:56

Business IT - Security

Apple has released a second version of Mac OS X Server 10.6.5 to repair a security issue in the originally released build.

When Apple released version 10.6.5 of Mac OS X last week, the list of updates included one for the server version of the operating system. But as it turned out, that build (10H574) introduced a security flaw to the Dovecot open source mail server included as part of Mac OS X Server.

According to a note issued by Apple, "A memory aliasing issue in Dovecot's handling of user names exists in Mac OS X Server v10.6.5 (10H574). On systems configured with Dovecot as a mail server, a user may receive mail that was intended for other users." That's clearly an unsatisfactory state of affairs, so Apple withdrew the update from its servers yesterday.

Apple officials said the issue was specific to Mac OS X Server 10.6.5 (10H574), and did not affect Dovecot more generally.

A fix - "improved memory management" has been delivered in the form of Mac OS X Server 10.6 (10H575), which can be installed using Software Update or downloaded from the Support Downloads page.

The normal updater is approximately 860MB, and the combo updater is 1.1GB. The latest update is "recommended for all servers currently running Snow Leopard Server", according to Apple officials.