Apple Posts Security Update 2002-11-21

← Back to Stories (view on slashdot.org)

Apple Posts Security Update 2002-11-21

Posted by pudge on Friday November 22, 2002 @03:26PM from the shmecurtiy dept.

Znonymous Coward writes "Apple has released Security Update 2002-11-21 for Mac OS X 10.2 (Jaguar) via the Software Update utility. The update 'fixes potential vulnerabilities introduced in BIND, the domain server and client library software package from Internet Software Consortium (ISC), that is shipped with Mac OS X and Mac OS X Server. BIND version 8.3.4 addresses the recently-discovered potential vulnerabilities where an unauthorized person may disrupt the normal operation of the DNS name service. BIND is not activated by default on Mac OS X or Mac OS X Server.'"

36 comments

Ellen by farnsworth · 2002-11-22 15:44 · Score: 2, Funny

Yes yes, BIND updates are all well and good, but does this security update include any info about Ellen Feiss???

--
There aint no pancake so thin it doesn't have two sides.
Isn't there any better apple news? by ivan256 · 2002-11-22 15:45 · Score: 2, Insightful

Really, anybody who cares about MacOS X security updates finds out about them as soon as the software update window pops up automatically telling you to download it. In fact, I'd wager that the person who posted this found out that exact way. So, my question is why is there a slashdot story for every MacOS update when everybody who cares (Read:people with macs) find out automatically anyway? There's got to be some real news to post...
1. Re:Isn't there any better apple news? by pi+radians · 2002-11-22 16:26 · Score: 5, Insightful
  
  Maybe this can be used as a venue for those who want to discuss the update.
  
  Actually there are a number of accounts that this update causes more harm than good. If this is your main site for Mac news it would be then seen as an excellent place to talk about the new security update.
  
  It may not be news, but to every Mac user here it is something that will affect them.
  
  --
  
  sin(6cos(r)+5A)
2. Re:Isn't there any better apple news? by qengho · 2002-11-22 16:27 · Score: 5, Insightful
  
  why is there a slashdot story for every MacOS update
  
  Because not every MacAddlebrained Drone leaves Sofware Update in the default check-every-day mode. For example, I have no interest in Airport updates. Slashdot is actually the most up-to-date notification service I know of, bless its heart.
3. Re:Isn't there any better apple news? by sydlexic · 2002-11-22 16:58 · Score: 1, Troll
  
  Because not every MacAddlebrained Drone leaves Sofware Update in the default check-every-day mode
  
  So what I get from this is that Slashdot is of most use to "MacAddlebrained Drones".
4. Re:Isn't there any better apple news? by Znonymous+Coward · 2002-11-22 16:59 · Score: 3, Insightful
  
  I think stories like this provide a good way for people to get the word out if there are problems with updates.
  
  It usually takes MS and Apple a few days to fess up with their mistakes. The /. crowd keeps everyone in the loop in the meantime (like saying, "Hey, don't install service pack 3").
  
  --
  Karma: The shiznight, mostly because I am the Drizzle.
5. Re:Isn't there any better apple news? by foniksonik · 2002-11-22 18:19 · Score: 1, Offtopic
  
  You really must be dislexic sydlexic....
  
  --
  A fool throws a stone into a well and a thousand sages can not remove it.
6. Re:Isn't there any better apple news? by Bishop923 · 2002-11-22 18:58 · Score: 5, Informative
  
  For example, I have no interest in Airport updates.
  
  You may already know this, but if you dont want to see updates for certain packages, highlight the offending package in the Software Update window and hit Command-minus, or go to the File menu and click "Make Inactive". The package wont bug you to update again until you make it visible.
  
  Of course I still wouldn't just apply a software update on a production machine till a few days have passed, and the bug reports start flowing in...(Or if you have the luck to have a testing box sitting at your desk to futz with... :-) )
7. Re:Isn't there any better apple news? by SinceEBCDIC · 2002-11-24 14:51 · Score: 1
  
  This is news. The discussion following an update is invaluable, not just (as you say) the news of an available update.
  
  For example, 10.2.2 has under-the-hood changes in AppleEvents. These break Userland Frontier (and perhaps the add-ons like Manilla and Radio). No fix is yet available.
  
  I read the discussions of updates exactly for news like this.
  
  --
  
  I was born not knowing and have had only a little time to change that here and there. -- Richard Feynman
Warning by pi+radians · 2002-11-22 16:29 · Score: 3

There have been a few "incidents" with this update but all in all it seems to be fine.

For your education.

--

sin(6cos(r)+5A)
1. Re:Warning by singularity · 2002-11-22 17:07 · Score: 5, Funny
  
  Beware listening to any comment posted on VersionTracker.
  
  The forums seem to be full of people that either just make up symptoms involving the updated software (kernal panics on download of the install"), or reporting problems that are not at all involved with the software ("I installed AIM, and now the power to my water heater failed")
  
  No matter how safe the updated software (Apple or otherwise), there are always people that will have massive problems.
  
  I no longer even look at the forums.
  
  They make reading Slashdot at -1 look like a rational discussion.
  
  --
  - (c) 2018 Hank Zimmerman
Pathetic? by Euphonious+Coward · 2002-11-22 16:44 · Score: 4, Interesting

Why did Apple distribute the old and buggy BIND version 8 with their OS when version 9 was already out at the time they released?
I can almost understand about the old-line UNIX houses who have thousands of customers stuck with config files for the old version, but Apple didn't have any of those.
Somebody please tell me that Macosix comes with both versions, and that the default is BIND 9, but they put 8 on there too for customers upgrading from other systems who want to keep the config files.
1. Re:Pathetic? by Ster · 2002-11-22 19:35 · Score: 4, Insightful
  
  BIND is not activated by default on Mac OS X or Mac OS X Server.
  
  So, unless you intentionally activate it, its really a non-issue. And if you know enough to activate it, then you probably know enough to be up to date.
  
  -Ster
2. Re:Pathetic? by Thenomain · 2002-11-23 02:02 · Score: 4, Interesting
  
  [i]Why did Apple distribute the old and buggy BIND version 8 with their OS when version 9 was already out at the time they released?[/i]
  
  In that case, why doesn't this recent update install Bind version 9? (It installs 8.3.4.) My guess is that Apple does internal QA to make sure the build doesn't break any other functionality, probably in attempt to keep the "it just works" philosophy going. That they put in an insecure Bind is probably more a "whups".
  
  --
  This now concludes our broadcast day.
3. Re:Pathetic? by Steve+Cowan · 2002-11-25 05:03 · Score: 3, Insightful
  
  Why did Apple distribute the old and buggy BIND version 8 with their OS when version 9 was already out at the time they released?
  If Apple waited for every latest and greatest component to become available (and tested it) prior to releasing OS updates, they would never release anything.
  This is particularly true of something like BIND, which is not enabled by default anyway!
Rebooting by Znonymous+Coward · 2002-11-22 16:52 · Score: 2, Insightful

Comparison:

Apple's software updater forces me to reboot all the time.
Microsoft makes me reboot after installing a service pack (and every time I "look" at my network settings).
Redhat's software updater only "asks" me to reboot after a Kernel upgrade is installed.

I wonder if you have to reboot with software update in Apple's OS X server?

--
Karma: The shiznight, mostly because I am the Drizzle.
1. Re:Rebooting by bdash · 2002-11-22 17:31 · Score: 5, Informative
  
  Your definition of 'all the time' would appear to be different from what I understand it to be. To me, 'all the time' would mean that after _every_ update I would have to reboot. This is not the case. Currently in Software Update I see two updates available for me to install - Internet Explorer 5.2 Security Update and QuickTime. Of these, only QuickTime requires an update. I dont really see how QuickTime should require an reboot, but it is a rather integral part of the OS. Rebooting after security updates that dont involve core OS changes also seems a little wierd.
2. Re:Rebooting by bdash · 2002-11-22 17:34 · Score: 1
  
  Of these, only QuickTime requires an update.
  
  Err... should be only QuickTime requires a reboot.
3. Re:Rebooting by Anonymous Coward · 2002-11-22 22:25 · Score: 5, Informative
  
  You obviously don't understand much about UNIX.
  
  Of the Software Updates I've installed from Apple, the following required a reboot:
  
  * BIND (no comment on why Apple shipped ver. 8 instead of ver. 9 - but since it's not enabled by default, what possible reason could Apple have to require it to reboot?)
  >> The OS's resolver library, which is compiled against BIND 8.
  * Mac OSX Update 10.2.2 - Shouldn't this be self-explanitory since the update also included a new and updated kernel?
  * Security Update 9/20/2002
  
  I did *not* have to reboot for:
  - Backup 1.2.1
  - Quicktime 6.0.2
  - Stuffit Expander Security Update 7.0
  - Airport Software 2.1.1
  - iTunes 3.0.1
  
  Now, why might there be a reason where one might have to reboot?
  
  Well, since files are referenced on disk based on their inodes; then if a file is opened by the system, simply overwriting the file will not be sufficient since a new version will have different inode references.
  
  The old references don't get released until the file closes. Since the kernel typically has the resolver library opened, this can't happen until the system reboots.
  
  So, to characterize Apple in the same vain as M$ with regards to requiring reboots after software updates, is extremely misguided.
  
  (And by the way, the same applies to Linux users - but if a linux users updated their BIND version and didn't reboot, their system will continue to use the old library's version until a reboot subsequently occured.)
4. Re:Rebooting by Anonymous Coward · 2002-11-25 05:51 · Score: 0
  
  lol, this coming from someone who says "it is usually hard to take anyone in good value"
  
  Slashdot threads are usually conversational in nature, not academic, as long as the point gets across then who cares about spelling and grammar?
  
  Troll elsewhere please.
  
  And no I didn't check this post for spelling a grammar mistakes.
5. Re:Rebooting by Anonymous Coward · 2002-11-25 10:06 · Score: 0
  
  Of the Software Updates I've installed from Apple, the following required a reboot:
  
  * BIND (no comment on why Apple shipped ver. 8 instead of ver. 9 - but since it's not enabled by default, what possible reason could Apple have to require it to reboot?)
  Just because something is not enabled by default doesn't mean the user cannot have enabled it, perhaps in a manner that is not easily detectable by the installer script. Otherwise (i.e. the user is not able to change it from its disabled default), what purpose would it serve to be there at all?
  
  And it would appear Software Update has only "requires reboot" and "does not require reboot" with no "may require a reboot" conditional that awaits a test of the local system to determine whether a reboot is required or not. (Well, maybe
  
  But it does ofter the user the option not to reboot, even if it is just having an open modified file in TextEdit and not responding to the save dialog and waiting for the logout procedure to abort.
What was this bug exactly? by ToadSprocket · 2002-11-22 18:16 · Score: 1

Was it the one where the fix was to turn off recursion?

--

If this article confuses you, don't worry. It was posted yesterday in a much clearer fashion.
well... by djupedal · 2002-11-22 18:24 · Score: 5, Interesting

I read about it here, while in the office, and dropped into my Mac at home via Webmin. I then issued this command:

softwareupdate 0000

..this brought back a reply telling me the correct number of the update, and I reissude the command with the new number. When the update was done, the return message told me the box needed to be restarted. Another command via Webmin, and moments later the box is back online with the update done.

Not everyone is at the box, nor does everyone keep the udpate agent running, etc.
1. Re:well... by djupedal · 2002-11-22 18:35 · Score: 2
  
  Sorry...I believe today's update is 3416.
recursion (and what it was, actually) by djupedal · 2002-11-22 18:39 · Score: 1, Redundant

They turned it off, and then they turned it on again, but then I heard they will be turning it off again ....soon.

"This Security Update fixes potential vulnerabilities introduced in BIND, the domain server and client library software package from Internet Software Consortium (ISC), that is shipped with Mac OS X and Mac OS X Server. BIND version 8.3.4 addresses the recently-discovered potential vulnerabilities where an unauthorized person may disrupt the normal operation of the DNS name service. BIND is not activated by default on Mac OS X or Mac OS X Server."
Security Update 2002-11-21 by djupedal · 2002-11-22 18:41 · Score: 0, Redundant

This Security Update fixes potential vulnerabilities introduced in BIND, the domain server and client library software package from Internet Software Consortium (ISC), that is shipped with Mac OS X and Mac OS X Server. BIND version 8.3.4 addresses the recently-discovered potential vulnerabilities where an unauthorized person may disrupt the normal operation of the DNS name service. BIND is not activated by default on Mac OS X or Mac OS X Server.
Hu hu HOSED my user! by ellem · 2002-11-23 16:22 · Score: 1

The user ellem on my 10.2.2 box is completely HOSED after rebooting from the latest Auto Update (the one that fixed BIND) The only other user (my wife) Lynda logs in fine. ellem has: No dock No background picture (I have blue on the 1/4 of the left side of the screen and black) the rest of the way Virtual Desktop no longer starts (Could be the problem) And Finder is extra dog slow Console says: 2002-11-23 23:11:46.061 Dock[584] CFLog (0): CFPropertyListCreateFromXMLData(): plist parse failed; the data is not proper UTF-8. The file name for this data could be: com.apple.desktop.plist -- /Users/ellem/Library/Preferences/ The parser will retry as in 10.1, but the problem should be corrected in the plist. 2002-11-23 23:12:00.363 Dock[587] CFLog (0): CFPropertyListCreateFromXMLData(): plist parse failed; the data is not proper UTF-8. The file name for this data could be: com.apple.desktop.plist -- /Users/ellem/Library/Preferences/ The parser will retry as in 10.1, but the problem should be corrected in the plist. Anyone else? Any Ideas?

--
This .sig is fake but accurate.
1. Re:Hu hu HOSED my user! by PotPieMan · 2002-11-24 05:23 · Score: 3, Informative
  
  It sounds like your Desktop preferences file was corrupted somehow. Try opening the file /Users/ellem/Library/Preferences/com.apple.desktop .plist (there's no space in that filename) in a text editor (it's just XML). If it looks messed up, you should probably just delete it and let the Finder regenerate it for you, using the defaults.
  
  I was going to post my plist for you, but Slashdot won't let me.
2. Re:Hu hu HOSED my user! by ellem · 2002-11-24 05:47 · Score: 1
  
  Damnit I missed show will ya?
  
  --
  This .sig is fake but accurate.