OS X Security Update: Apache, SSL and SSH

payote writes "Security Update July 2002 includes the updated components, Apache v1.3.26, mod_ssl v2.8.9 and OpenSSH v3.4p1, which provide increased security to prevent unauthorized access to applications, servers, and the operating system." It's not in my Software Update window, because I'm still on 10.1.4 (having heard rumors that RtCW doesn't work on 10.1.5). But it is indeed out, and any Mac OS X machine whose webserver or ssh server is open to an untrusted network needs to upgrade.

Re:Problem seen - addressed

[MisterBlister]

I think you meant to say ISS stupidly makes the vulnerability known before notifying Apache, Apache scrambles to put in a fix. Apple puts out a fix since everyone else is and they'd look like a tool to be the only ones without patched Apache and OpenSSH.

Don't get me wrong, I'm not anti-Apple in any way, but they don't exactly deserve kudos for this. Its their job to fix known issues, so they do it, as does Microsoft, as do many Open Source contributors (who do get a bit more kudos since usually they have no commercial obligation to do so).

Re:Whew

[MsGeek]

No, Red Hat didn't come out with a RPM for OpenSSH 3.4p...it's their hacked 3.1p.

It looks like I'm gonna have to install from tarball or even [shudder] source.

Thanks a lot, Red Hat. You suck.