Apple Security Update Posted

← Back to Stories (view on slashdot.org)

Posted by pudge on Friday April 5, 2002 @02:03AM from the but-i-got-r00ted-in-the-meantime dept.

patpro writes "Apple has just released a security update for Mac OS X. It includes Apache 1.3.23, OpenSSH 3.1p1, PHP 4.1.2, rsync 2.5.2, and sudo 1.6.5p2 (among other things). For the moment it's available only via the Software Update pane in System Preferences, but it should be available later at the Apple Downloads Page."

6 of 57 comments (clear)

Min score:

Reason:

Sort:

PHP Module Replaced by Paul+Burney · 2002-04-05 03:24 · Score: 5, Informative

This update will replace the current PHP module you have installed.

Many people use a version of the Apache PHP module compiled for OS X by Marc Liyanage that has PDF/Postgres/curl/gd, etc. enabled, rather than the stock Apple installed module.

After applying the update, you will need to reinstall the Liyanage module. It only takes 3 minutes. The instructions and download are located here:

http://www.entropy.ch/software/macosx/php/

--
<?php while ($self != "asleep") { $sheep_count++; } ?>
Surely not fast enough in fact... by patpro · 2002-04-05 03:33 · Score: 2, Informative

I'm affraid the rsync 2.5.2 Apple just released for OSX is still vulnerable...

the FreeBSD-SN-02:01 Security Notice reads this :

Port name: rsync
Affected: versions < rsync-2.5.4
Status: Fixed.
Incorrect group privilege handling, zlib double-free bug.
URL:http://online.securityfocus.com/bid/4285
URL:http://www.rsync.org/

so what ? is MacOSX immune to the "Incorrect group privilege handling" bug of rsync < 2.5.4 or does Apple just released a buggy sec. update ? This bug appears to be known for 3 weeks now...
No reboot required! by rgraham · 2002-04-05 04:38 · Score: 2, Informative

Not like these sorts of updates should require a reboot but sometimes they do, like with the recent Airport software update.
Re:Fast, but not Red Hat Fast by schwanerhill · 2002-04-05 05:25 · Score: 3, Informative

"What i want is to get those things off my list of updates to download." In Software Update, select the update(s) you don't want and choose "Make Inactive" from the Update menu.
Re:Fast, but not Red Hat Fast by bdesham · 2002-04-05 05:36 · Score: 1, Informative

I'd like a command-line accessible fortune, though. All the versions I've found so far are GUI.
IIRC, you can get one by installing fortune-mod with Fink.

--
Alcohol and Calculus don't mix. Don't drink and derive.
Re:Open SSL Version Mismatch by pfistech · 2002-04-06 01:22 · Score: 2, Informative

You likely installed a custom build of OpenSSH at some point in time and now when you run 'ssh' it runs this outdated copy instead of Apple's copy. Outdated here means that it was built against OpenSSL 0.9.4something or 0.9.5something, not the 0.9.6b that is currently provided by Apple.
Run "which ssh" and see what it tells you. If it says "/usr/local/bin/ssh", you may want to remove that copy of ssh so that it uses Apple's version (/usr/bin/ssh).

--
-chrisp
"If that makes any sense to you, you have a big problem."